| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner/Virus GVU Version 2.11Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.02.2013, 18:18
| #1 |
 |  BKA Trojaner/Virus GVU Version 2.11 Hallo, ich habe mir gestern den BKA Trojaner GVU Version 2.11 eingefangen. Ich habe schon versucht den Laptop im Abgesicherten Modus zu starten und hab bereits die Registry durchsucht, leider ohne Erfolg. Habe heute auch schon mehrer Stunden mit verschiedenen Rescue CDs ausprobiert. Ich habe mir eine OLTPE Bootcd angelegt und den Scanner durchlaufen lassen. Ich wäre sehr dankbar wenn mir jemand helfen könnte. Hier die Auswertung der beiden Logfiles: Extra.txt OTL Extras logfile created on: 2/13/2013 5:59:36 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,023.00 Mb Total Physical Memory | 729.00 Mb Available Physical Memory | 71.00% Memory free 907.00 Mb Paging File | 813.00 Mb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55.89 Gb Total Space | 10.37 Gb Free Space | 18.56% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\InterVideo\DVD5\WinDVD.exe" = C:\Programme\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.) "C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe" = C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe:*:Enabled:OneSpace Designer "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*  isabled:Sentinel Protection Server -- (SafeNet, Inc)"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:* isabled:Sentinel Keys Server -- (SafeNet, Inc.)"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service "C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- () "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation) "C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05B41EC7-1C7E-4B94-AD0B-B51273C4C616}" = GOelan "{06CA7E0A-0E71-44CD-A32E-8F59704A360B}" = GOelan Solid Importer 2009 "{07E7EFE7-3D94-4D29-B83C-B81137199C1A}" = CoCreate OneSpace 3D Access 2007 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{2D026738-9CC6-4D24-A1B4-FFBA9D59C746}" = CoCreate 3D Access 2008 - 16.0.1.65 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "{514405D1-B3DE-482F-90EC-29D9272F2424}" = CoCreate OneSpace Designer Modeling 2006 "{53480250-325A-41FE-9F60-1E3DEA1D2BD8}" = O&O CleverCache Professional Edition "{5402BE47-9E53-463F-BC61-76AF0F91D8BB}" = CoCreate 3D Access 17.0 "{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5A4A8570-F6A7-11D4-BAD8-000102A2E03A}" = Lexware Online Banking "{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{924FD767-4B99-47FC-9DB5-2F44E062E548}" = FireGL Control Panel "{92746D91-8107-4481-A3C4-D36B22B720A4}" = CoCreate OneSpace Designer Drafting 12.01d "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B668CB7B-A9DF-43B6-8876-A373A8E1D438}" = HP Mobile Printing "{B78DFC4B-B7B5-46A4-9231-D454737B1AC0}" = CoCreate OneSpace Designer Modeling 2005 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FireGL driver for 3D Studio MAX/VIZ "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home "{E462A9AD-3376-4362-92CA-832E0F58C6CC}" = CoCreate License Server 14.0.1 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F2545484-7B1C-484A-89B8-B0F8B38BC67F}" = O2Micro SmartCardBus Reader Windows Driver Installer "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer "{FAE396F4-6684-4BAF-80B2-9B669C39540B}" = CoCreate OneSpace Designer Drafting 2006 "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AFPL Ghostscript 8.13" = AFPL Ghostscript 8.13 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "AVMWLANCLI" = AVM FRITZ!WLAN "Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7 "Creative Jukebox Driver" = Creative Jukebox Driver "CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube Download_is1" = Free YouTube Download 2.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "GOelan" = GOelan V5 "Google Chrome" = Google Chrome "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "ImageMagick 5.5.2 Q:16_is1" = ImageMagick 5.5.2 Q:16 Beta (November 10, 2002) "InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "InterActual Player" = InterActual Player "ISDN CAPI Port" = ISDN CAPI Port "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "N360" = Norton 360 "Network Stumbler" = Network Stumbler 0.4.0 (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NortonLive" = NortonLive "Notepad++" = Notepad++ "PMDeinstKey" = Production Milling V10.0 "PrintKey2000" = PrintKey2000 "QuickBooks 2002" = QuickBooks 2002 "ST6UNST #1" = BatchPlot "SynTPDeinstKey" = Synaptics Pointing Device Driver "SysInfo" = Creative-Systeminformationen "TomTom HOME" = TomTom HOME 2.7.6.2056 "Uninstall_is1" = Uninstall 1.0.0.1 "Update Engine" = Sony Ericsson Update Engine "Videoload Manager" = Videoload Manager 1.0.1095 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 < End of report > OTL.txt OTL logfile created on: 2/13/2013 5:59:36 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,023.00 Mb Total Physical Memory | 729.00 Mb Available Physical Memory | 71.00% Memory free 907.00 Mb Paging File | 813.00 Mb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55.89 Gb Total Space | 10.37 Gb Free Space | 18.56% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (Automatisches LiveUpdate - Scheduler) SRV - [2013/02/12 12:46:33 | 000,114,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\Administrator\3748115.dll -- (winmgmt) SRV - [2013/02/08 11:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012/02/15 14:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012/01/18 07:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007/04/27 01:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2007/04/26 19:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2006/12/27 18:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006/03/01 09:26:40 | 006,410,240 | ---- | M] () [Auto] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls) SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002/09/20 09:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) SRV - [2002/04/11 08:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (SYMNDIS) DRV - File not found [Kernel | On_Demand] -- -- (SYMIDS) DRV - File not found [Kernel | On_Demand] -- -- (SYMFW) DRV - File not found [Kernel | On_Demand] -- -- (SipIMNDI) DRV - File not found [Kernel | On_Demand] -- -- (SANDRA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/01/24 10:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013/01/24 10:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013/01/24 10:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVENG.SYS -- (NAVENG) DRV - [2013/01/23 10:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130209.002\IDSxpx86.sys -- (IDSxpx86) DRV - [2013/01/15 21:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/09/30 23:29:23 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/07 22:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SRTSP.SYS -- (SRTSP) DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccSetx86.sys -- (ccSet_N360) DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA) DRV - [2012/03/29 01:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SYMTDI.SYS -- (SYMTDI) DRV - [2012/03/29 01:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2012/03/29 01:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2012/03/29 01:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS) DRV - [2012/03/29 01:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\Ironx86.SYS -- (SymIRON) DRV - [2008/10/21 03:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008/10/21 03:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008/10/21 03:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008/10/21 03:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008/10/21 03:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008/10/21 03:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008/10/21 03:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/01/09 06:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007/12/10 08:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) DRV - [2007/12/10 08:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007/12/10 08:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) DRV - [2007/12/10 08:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) DRV - [2007/12/10 08:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007/12/10 08:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007/12/10 08:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM) DRV - [2007/04/27 01:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2007/04/27 01:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2006/12/27 18:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006/12/27 18:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006/06/08 03:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2004/11/05 04:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004/08/04 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/04 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004/07/08 05:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004/06/03 06:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004/05/17 19:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3) DRV - [2004/04/14 01:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2003/12/02 17:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003/09/18 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003/08/04 21:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE) DRV - [2003/07/28 19:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN) DRV - [2003/07/24 09:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby) DRV - [2003/07/03 12:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2003/06/06 05:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2003/05/30 11:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003/05/28 11:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2003/03/26 05:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2002/02/20 08:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv) DRV - [2001/08/17 21:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2000/09/07 00:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) Teledat USB 2 a/b (Win2000) DRV - [2000/09/07 00:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1998/08/06 18:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\Administrator_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008/03/19 14:20:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 12:14:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/08/07 22:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/02/13 09:19:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2011/09/11 12:33:33 | 000,000,000 | ---D | M] [2010/06/01 10:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010/06/01 10:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010/09/04 07:37:49 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM O1 HOSTS File: ([2005/06/19 10:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_C..\Run: [Performance Center] File not found O4 - HKU\Administrator_ON_C..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier [2013/01/20 23:37:57 | 000,000,000 | ---D | M] O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\style2: DllName - C:\WINDOWS\q286592_disk.dll - File not found O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - Reg Error: Key error. File not found O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2fe9fb01-506e-11d9-8216-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{2fe9fb01-506e-11d9-8216-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2fe9fb01-506e-11d9-8216-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/02/13 17:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2013/02/13 17:16:58 | 000,000,000 | ---D | C] -- C:\_OTL [2013/02/12 12:46:32 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Administrator\3748115.dll [2013/02/08 11:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/13 11:21:34 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad [2013/02/13 11:21:31 | 000,002,876 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js [2013/02/13 11:21:31 | 000,000,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk [2013/02/13 11:21:19 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job [2013/02/13 11:20:48 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini [2013/02/13 11:20:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/02/13 11:20:22 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2013/02/13 09:25:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/02/12 12:46:33 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Administrator\3748115.dll [2013/02/12 12:14:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/02/12 12:08:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/02/10 05:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013/02/10 04:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2013/02/10 04:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton 360 [2013/02/10 04:44:13 | 000,758,531 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB [2013/02/10 04:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021 [2013/02/09 03:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2013/02/09 03:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini [2013/02/09 03:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job [2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job [2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job [2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job [2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job [2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job [2013/02/09 01:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk [2013/02/08 11:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/02/08 11:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/02/08 11:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/02/08 10:16:03 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart [2013/02/04 00:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2013/02/03 05:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2013/02/02 05:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013/02/02 01:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini [2013/01/25 11:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/13 11:21:31 | 000,002,876 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js [2013/02/13 11:21:30 | 000,000,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk [2013/02/13 10:49:25 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys [2013/02/12 12:48:07 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad [2012/02/17 06:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/06/16 09:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/06/16 09:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/11/05 11:27:20 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2010/04/23 05:15:08 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll [2010/03/07 12:29:35 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2009/11/05 13:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2008/04/02 11:52:23 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2008/04/02 11:52:23 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll [2008/04/02 11:52:23 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin [2008/03/22 07:07:18 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2007/10/05 09:45:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2007/05/18 08:41:57 | 000,000,210 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2007/03/07 13:39:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Hooks.dll [2006/11/20 06:29:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006/11/20 06:29:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006/11/20 06:29:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006/11/20 06:29:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006/11/20 06:29:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006/11/20 06:29:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006/11/11 09:12:13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2006/10/13 04:25:17 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2006/06/13 09:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2006/05/05 06:03:14 | 000,010,249 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI [2006/01/11 12:22:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll [2006/01/11 12:22:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2006/01/11 12:22:29 | 000,006,067 | ---- | C] () -- C:\WINDOWS\UNWISE.INI [2005/09/19 07:44:12 | 000,002,447 | ---- | C] () -- C:\WINDOWS\FESTO.INI [2005/07/07 03:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2005/06/19 13:27:02 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2005/06/19 07:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst [2005/03/02 03:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su [2005/03/02 03:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su [2005/03/02 03:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su [2005/03/02 03:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2005/03/02 03:24:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cam.ini [2005/01/18 03:49:23 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2005/01/18 03:38:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\cclsi.ini [2005/01/13 05:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475 [2005/01/13 04:57:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL [2005/01/13 03:37:00 | 000,012,467 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005/01/13 03:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/01/11 18:41:49 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat [2005/01/11 18:41:49 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll [2005/01/11 18:11:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/01/11 18:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak [2005/01/11 18:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak [2005/01/11 18:02:19 | 000,002,396 | ---- | C] () -- C:\WINDOWS\COMM.INI [2005/01/11 18:02:19 | 000,000,795 | ---- | C] () -- C:\WINDOWS\EDPLUS.INI [2005/01/11 18:02:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MACHDEF.INI [2005/01/11 18:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su [2005/01/11 18:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su [2005/01/11 18:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2005/01/11 18:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su [2005/01/11 18:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su [2005/01/11 18:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su [2005/01/11 18:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su [2005/01/11 18:02:11 | 000,001,378 | ---- | C] () -- C:\WINDOWS\smartcam.ini [2005/01/11 18:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini [2005/01/11 17:50:41 | 000,000,062 | ---- | C] () -- C:\WINDOWS\QBWCD.INI [2004/10/22 02:46:36 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [2004/10/22 02:46:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004/10/21 18:08:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004/10/21 18:07:35 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/10/21 18:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004/08/07 04:38:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/07 04:38:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/07 04:30:28 | 000,463,382 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/07 04:30:28 | 000,444,848 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/07 04:30:28 | 000,086,226 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/07 04:30:28 | 000,072,724 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/07 04:29:08 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/07 04:22:56 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/07 04:17:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/07 04:14:30 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 03:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 03:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2000/09/07 00:11:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\capi2032.dll ========== LOP Check ========== [2004/12/18 00:55:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\InterTrust [2012/09/11 02:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM [2008/04/18 10:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\cadenas [2007/06/12 11:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2011/02/10 12:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CoCreate [2007/10/05 09:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DWGeditor [2007/05/09 13:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ectaco [2004/12/18 00:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust [2005/01/11 18:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo [2012/02/06 05:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++ [2006/02/27 04:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OD2 [2012/11/01 02:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong [2007/12/15 09:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sldIM [2009/12/05 05:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony [2009/12/05 09:28:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software [2009/12/05 05:43:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup [2006/11/11 10:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-DSL SpeedManager [2011/08/20 22:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tific [2010/06/01 10:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom [2008/01/24 14:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software [2010/03/14 04:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\371AC [2010/04/23 05:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive [2009/03/22 01:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012/11/01 02:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverGenius [2008/03/19 14:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD [2008/03/19 14:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM [2006/01/11 12:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2 [2009/08/14 01:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2012/09/11 01:29:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2012/11/01 01:51:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2005/07/07 01:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2010/06/01 10:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2008/01/24 14:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2008/10/07 02:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/09/14 02:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} [2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\01005.job [2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\01007.job [2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\01008.job [2013/01/25 11:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\Tasks\pos05.job [2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\Tasks\pos07.job [2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\Tasks\pos08.job ========== Purity Check ========== < End of report > |
|
13.02.2013, 23:50
| #2 |
| /// TB-Ausbilder   | BKA Trojaner/Virus GVU Version 2.11 Hallo schorsch0788 und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Im ersten Schritt versuchen wir den Sperrbildschirm zu entfernen. Danach solltest du Windows wieder normal aufstarten können. Schritt 1
Code:
ATTFilter :OTL
[2013/02/13 11:21:34 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad
[2013/02/13 11:21:31 | 000,002,876 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js
[2013/02/13 11:21:31 | 000,000,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/12 12:46:33 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Administrator\3748115.dll
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
00,6c,00,6c,00,00,00
Falls du wieder normal starten kannst, führe noch folgende Schritte durch: Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
15.02.2013, 13:30
| #3 |
| | BKA Trojaner/Virus GVU Version 2.11 Hallo Leo, danke schon einmal für deine Hilfe.
__________________Hier die logfiles: Fixlog von OTLPE: Code:
ATTFilter ========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad moved successfully.
File move failed. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js scheduled to be moved on reboot.
File move failed. C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\Administrator\3748115.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
OTLPE by OldTimer - Version 3.1.48.0 log created on 02142013_071214
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk not found!
Registry entries deleted on Reboot...
GMER Logfile: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 12:59:12
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS726060M9AT00 rev.MH4OA6AA 55,89GB
Running: s47kmiuh.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pgtdypog.sys
---- System - GMER 2.1 ----
SSDT 869AE948 ZwAlertResumeThread
SSDT 869DC940 ZwAlertThread
SSDT 86BD8978 ZwAllocateVirtualMemory
SSDT 8698CA50 ZwAssignProcessToJobObject
SSDT 86C4F5B8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA3FDDD40]
SSDT 86B8B908 ZwCreateMutant
SSDT 86987A00 ZwCreateSymbolicLinkObject
SSDT 86D3F798 ZwCreateThread
SSDT 86F76470 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA3FDDFC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA3FDE680]
SSDT 869E49D0 ZwDuplicateObject
SSDT 86BF3600 ZwFreeVirtualMemory
SSDT 86D15AB0 ZwImpersonateAnonymousToken
SSDT 86AEECE0 ZwImpersonateThread
SSDT 86C10250 ZwLoadDriver
SSDT 869A9D00 ZwMapViewOfSection
SSDT 86D5ECD8 ZwOpenEvent
SSDT 86E9FDC0 ZwOpenProcess
SSDT 86B6A488 ZwOpenProcessToken
SSDT 86EE60A8 ZwOpenSection
SSDT 86E67930 ZwOpenThread
SSDT 86989A40 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xA3FDEBF0]
SSDT 86B98D20 ZwResumeThread
SSDT 86B888E8 ZwSetContextThread
SSDT 86AD4920 ZwSetInformationProcess
SSDT 86E61550 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA3FDE910]
SSDT 86EA2558 ZwSuspendProcess
SSDT 86BF2650 ZwSuspendThread
SSDT 86EE9EC0 ZwTerminateProcess
SSDT 86AD48E8 ZwTerminateThread
SSDT 86BA3CD8 ZwUnmapViewOfSection
SSDT 86BA3D10 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!_abnormal_termination + 7C 804E26E8 8 Bytes [48, E9, 9A, 86, 40, C9, 9D, ...]
.text ntoskrnl.exe!_abnormal_termination + 15C 804E27C8 1 Byte [D0]
.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 8 Bytes [C0, FD, E9, 86, 88, A4, B6, ...]
.text ntoskrnl.exe!_abnormal_termination + 3A0 804E2A0C 4 Bytes CALL D8D4E299
.text ntoskrnl.exe!_abnormal_termination + 428 804E2A94 4 Bytes JMP FD1DCE96
.text ...
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF55BB320]
init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF78DAB12]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA383B400, 0x7A186, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA38D9A20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA38D9A20]
.protectÿÿÿÿhardlockunknown last code section [0xA38D9800, 0x5041, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA38D9800, 0x5041, 0xE0000020]
---- Devices - GMER 2.1 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 328218
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@LeaseObtainedTime 1360907818
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@T1 1360909618
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@T2 1360910968
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@LeaseTerminatesTime 1360911418
Reg HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@LeaseObtainedTime 1360907818
Reg HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@T1 1360909618
Reg HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@T2 1360910968
Reg HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@LeaseTerminatesTime 1360911418
---- Files - GMER 2.1 ----
File C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Music\Clandestino_ Esperando La Ultima Ola..\Dia Luna... Dia Pena.mp3 1445143 bytes
---- EOF - GMER 2.1 ----
OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.02.2013 13:05:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 646,94 Mb Available Physical Memory | 63,22% Memory free 2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,91% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 10,81 Gb Free Space | 19,34% Space Free | Partition Type: NTFS Drive E: | 7,45 Gb Total Space | 7,21 Gb Free Space | 96,75% Space Free | Partition Type: FAT32 Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe ========== Modules (No Company Name) ========== MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll MOD - [2001.03.02 12:02:04 | 000,037,808 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVENG.SYS -- (NAVENG) DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130209.002\IDSXpx86.sys -- (IDSxpx86) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA) DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS) DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3) DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE) DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN) DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby) DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv) DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com//web?src=ieb&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com//web?src=ieb&q={searchTerms} IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=5 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.15 13:04:49 | 000,000,000 | ---D | M] [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SweetIM for Facebook = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SweetIM for Facebook = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-21-686225105-3868835699-3303831392-500..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found O4 - HKU\S-1-5-21-686225105-3868835699-3303831392-500..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier [2013.01.21 05:37:57 | 000,000,000 | ---D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) - File not found O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.08 17:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.15 13:08:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.15 13:03:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.15 13:03:06 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini [2013.02.15 13:02:51 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job [2013.02.15 13:02:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.15 13:02:23 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 12:14:43 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job [2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job [2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.14 06:52:24 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe [2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2013.02.10 10:44:13 | 000,758,531 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB [2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021 [2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini [2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk [2013.02.08 17:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.08 17:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.08 17:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini [2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.15 06:52:52 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe [2013.02.13 16:49:25 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys [2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst [2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su [2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475 [2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak [2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak [2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su [2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su [2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su [2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su [2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su [2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su [2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini [2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.02.2013 13:05:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 646,94 Mb Available Physical Memory | 63,22% Memory free
2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,91% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,81 Gb Free Space | 19,34% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,21 Gb Free Space | 96,75% Space Free | Partition Type: FAT32
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\InterVideo\DVD5\WinDVD.exe" = C:\Programme\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe" = C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe:*:Enabled:OneSpace Designer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B41EC7-1C7E-4B94-AD0B-B51273C4C616}" = GOelan
"{06CA7E0A-0E71-44CD-A32E-8F59704A360B}" = GOelan Solid Importer 2009
"{07E7EFE7-3D94-4D29-B83C-B81137199C1A}" = CoCreate OneSpace 3D Access 2007
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2D026738-9CC6-4D24-A1B4-FFBA9D59C746}" = CoCreate 3D Access 2008 - 16.0.1.65
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"{514405D1-B3DE-482F-90EC-29D9272F2424}" = CoCreate OneSpace Designer Modeling 2006
"{53480250-325A-41FE-9F60-1E3DEA1D2BD8}" = O&O CleverCache Professional Edition
"{5402BE47-9E53-463F-BC61-76AF0F91D8BB}" = CoCreate 3D Access 17.0
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4A8570-F6A7-11D4-BAD8-000102A2E03A}" = Lexware Online Banking
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{924FD767-4B99-47FC-9DB5-2F44E062E548}" = FireGL Control Panel
"{92746D91-8107-4481-A3C4-D36B22B720A4}" = CoCreate OneSpace Designer Drafting 12.01d
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B668CB7B-A9DF-43B6-8876-A373A8E1D438}" = HP Mobile Printing
"{B78DFC4B-B7B5-46A4-9231-D454737B1AC0}" = CoCreate OneSpace Designer Modeling 2005
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FireGL driver for 3D Studio MAX/VIZ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E462A9AD-3376-4362-92CA-832E0F58C6CC}" = CoCreate License Server 14.0.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2545484-7B1C-484A-89B8-B0F8B38BC67F}" = O2Micro SmartCardBus Reader Windows Driver Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{FAE396F4-6684-4BAF-80B2-9B669C39540B}" = CoCreate OneSpace Designer Drafting 2006
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AFPL Ghostscript 8.13" = AFPL Ghostscript 8.13
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Creative Jukebox Driver" = Creative Jukebox Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOelan" = GOelan V5
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 5.5.2 Q:16_is1" = ImageMagick 5.5.2 Q:16 Beta (November 10, 2002)
"InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"InterActual Player" = InterActual Player
"ISDN CAPI Port" = ISDN CAPI Port
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonLive" = NortonLive
"Notepad++" = Notepad++
"PMDeinstKey" = Production Milling V10.0
"PrintKey2000" = PrintKey2000
"QuickBooks 2002" = QuickBooks 2002
"ST6UNST #1" = BatchPlot
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative-Systeminformationen
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Videoload Manager" = Videoload Manager 1.0.1095
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2013 01:58:59 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
Lan id 0x0011858661a6
Error - 24.01.2013 11:43:40 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
Lan id 0x0011858661a6
Error - 25.01.2013 10:19:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x100aa3d0.
Error - 26.01.2013 04:16:24 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
Error - 26.01.2013 04:21:27 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
Error - 08.02.2013 11:12:30 | Computer Name = EWALD-LAPTOP | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 09.02.2013 06:11:58 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000755f0.
Error - 10.02.2013 06:14:53 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
Error - 10.02.2013 06:15:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
Error - 14.02.2013 08:24:29 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = socket(bcst): WSAENOBUFS - No buffer space available
[ System Events ]
Error - 15.02.2013 01:56:35 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:56:38 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:56:40 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:56:42 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:56:44 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:57:01 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:57:02 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:57:30 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:57:35 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 08:03:20 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
< End of report >
|
|
15.02.2013, 13:48
| #4 | |
| /// TB-Ausbilder | BKA Trojaner/Virus GVU Version 2.11 Hey, gut, die Entsperrung hat also schon mal geklappt. Machen wir weiter: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
16.02.2013, 08:58
| #5 |
| | BKA Trojaner/Virus GVU Version 2.11 Log von AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 15/02/2013 um 14:05:55 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - EWALD-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
Ordner Gelöscht : C:\Programme\Conduit
Ordner Gelöscht : C:\Programme\SweetIM
Ordner Gelöscht : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} --> hxxp://www.google.com
-\\ Google Chrome v24.0.1312.57
Datei : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.8] : homepage = "hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}",
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={4DA92F[...]
Gelöscht [l.313] : homepage = "hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}",
Gelöscht [l.576] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={4DA92F51-[...]
*************************
AdwCleaner[S1].txt - [374 octets] - [15/02/2013 14:05:36]
AdwCleaner[S2].txt - [12989 octets] - [15/02/2013 14:05:55]
########## EOF - C:\AdwCleaner[S2].txt - [13050 octets] ##########
[/code] Log von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.02.2013 08:35:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 655,62 Mb Available Physical Memory | 64,07% Memory free 2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,76% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 10,68 Gb Free Space | 19,11% Space Free | Partition Type: NTFS Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe ========== Modules (No Company Name) ========== MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart) SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG) DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA) DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS) DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3) DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE) DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN) DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby) DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv) DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.16 08:36:35 | 000,000,000 | ---D | M] [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) - File not found O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.16 08:37:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.02.15 19:52:59 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.02.15 14:11:49 | 005,032,798 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe [2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.08 17:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.16 08:37:24 | 000,758,971 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB [2013.02.16 08:34:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.16 08:33:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job [2013.02.16 08:33:28 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini [2013.02.16 08:33:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.16 08:32:59 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.02.15 14:14:26 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.15 14:00:06 | 005,032,798 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe [2013.02.15 13:59:06 | 000,587,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe [2013.02.15 13:08:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job [2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job [2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.14 06:52:24 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe [2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021 [2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini [2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk [2013.02.08 17:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.08 17:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.08 17:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini [2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.02.15 14:05:07 | 000,587,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe [2013.02.15 06:52:52 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe [2013.02.13 16:49:25 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys [2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst [2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su [2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475 [2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak [2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak [2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su [2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su [2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su [2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su [2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su [2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su [2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini [2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/code] Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.02.2013 08:35:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 655,62 Mb Available Physical Memory | 64,07% Memory free
2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,76% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,68 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\InterVideo\DVD5\WinDVD.exe" = C:\Programme\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe" = C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe:*:Enabled:OneSpace Designer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B41EC7-1C7E-4B94-AD0B-B51273C4C616}" = GOelan
"{06CA7E0A-0E71-44CD-A32E-8F59704A360B}" = GOelan Solid Importer 2009
"{07E7EFE7-3D94-4D29-B83C-B81137199C1A}" = CoCreate OneSpace 3D Access 2007
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2D026738-9CC6-4D24-A1B4-FFBA9D59C746}" = CoCreate 3D Access 2008 - 16.0.1.65
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"{514405D1-B3DE-482F-90EC-29D9272F2424}" = CoCreate OneSpace Designer Modeling 2006
"{53480250-325A-41FE-9F60-1E3DEA1D2BD8}" = O&O CleverCache Professional Edition
"{5402BE47-9E53-463F-BC61-76AF0F91D8BB}" = CoCreate 3D Access 17.0
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4A8570-F6A7-11D4-BAD8-000102A2E03A}" = Lexware Online Banking
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{924FD767-4B99-47FC-9DB5-2F44E062E548}" = FireGL Control Panel
"{92746D91-8107-4481-A3C4-D36B22B720A4}" = CoCreate OneSpace Designer Drafting 12.01d
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B668CB7B-A9DF-43B6-8876-A373A8E1D438}" = HP Mobile Printing
"{B78DFC4B-B7B5-46A4-9231-D454737B1AC0}" = CoCreate OneSpace Designer Modeling 2005
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FireGL driver for 3D Studio MAX/VIZ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E462A9AD-3376-4362-92CA-832E0F58C6CC}" = CoCreate License Server 14.0.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2545484-7B1C-484A-89B8-B0F8B38BC67F}" = O2Micro SmartCardBus Reader Windows Driver Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{FAE396F4-6684-4BAF-80B2-9B669C39540B}" = CoCreate OneSpace Designer Drafting 2006
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AFPL Ghostscript 8.13" = AFPL Ghostscript 8.13
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Creative Jukebox Driver" = Creative Jukebox Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOelan" = GOelan V5
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 5.5.2 Q:16_is1" = ImageMagick 5.5.2 Q:16 Beta (November 10, 2002)
"InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"InterActual Player" = InterActual Player
"ISDN CAPI Port" = ISDN CAPI Port
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonLive" = NortonLive
"Notepad++" = Notepad++
"PMDeinstKey" = Production Milling V10.0
"PrintKey2000" = PrintKey2000
"QuickBooks 2002" = QuickBooks 2002
"ST6UNST #1" = BatchPlot
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative-Systeminformationen
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Videoload Manager" = Videoload Manager 1.0.1095
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2013 01:58:59 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
Lan id 0x0011858661a6
Error - 24.01.2013 11:43:40 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
Lan id 0x0011858661a6
Error - 25.01.2013 10:19:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x100aa3d0.
Error - 26.01.2013 04:16:24 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
Error - 26.01.2013 04:21:27 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
Error - 08.02.2013 11:12:30 | Computer Name = EWALD-LAPTOP | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 09.02.2013 06:11:58 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000755f0.
Error - 10.02.2013 06:14:53 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
Error - 10.02.2013 06:15:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
Error - 14.02.2013 08:24:29 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = socket(bcst): WSAENOBUFS - No buffer space available
[ System Events ]
Error - 15.02.2013 01:57:01 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:57:02 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:57:30 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 01:57:35 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 15.02.2013 08:03:20 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 15.02.2013 09:04:19 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 15.02.2013 09:09:38 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 15.02.2013 14:46:33 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 15.02.2013 16:26:41 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 16.02.2013 03:34:28 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
< End of report >
[/code] Beim Combofix habe ich die Wiederherstellungskonsole installiert, jedoch ist er danach stundenlang gelaufen. Und nichts weiteres ist passiert. Es wurde auch keine Combofix.txt ausgegeben. Gibt es eine Alternative zu Combofix ? |
|
16.02.2013, 12:03
| #6 |
| /// TB-Ausbilder | BKA Trojaner/Virus GVU Version 2.11 Versuch es bitte noch einmal: Die ComboFix.exe löschen und eine neue herunterladen. Dann nochmals gemäss der Anleitung ausführen. Vorher unbedingt das Antivirenprogramm komplett ausschalten und während des Scans gar nichts am Rechner machen. Klappt's dieses Mal?
__________________ --> BKA Trojaner/Virus GVU Version 2.11 |
|
16.02.2013, 16:18
| #7 |
| | BKA Trojaner/Virus GVU Version 2.11 Klappt so leider immer noch nicht. Ich hab ComboFix nochmal 4 Stunden laufen lassen. |
|
16.02.2013, 16:20
| #8 |
| /// TB-Ausbilder | BKA Trojaner/Virus GVU Version 2.11 Noch ein letzter Versuch: Lass Combofix nochmals im abgesicherten Modus laufen. (Du musste nicht mehr 4 Stunden warten. Wenn nach einer halben Stunde gar nichts mehr passiert, kannst du abbrechen.)
__________________ cheers, Leo |
|
16.02.2013, 17:06
| #9 |
| | BKA Trojaner/Virus GVU Version 2.11 funktioniert so leider auch nicht |
|
16.02.2013, 17:15
| #10 |
| /// TB-Ausbilder | BKA Trojaner/Virus GVU Version 2.11 Ok, dann machen wir es anders: Schritt 1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers. Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
17.02.2013, 11:14
| #11 |
| | BKA Trojaner/Virus GVU Version 2.11 Erster Log von MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.16.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: EWALD-LAPTOP [administrator]
16.02.2013 18:40:30
mbar-log-2013-02-16 (18-40-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26225
Time elapsed: 58 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Dokumente und Einstellungen\Administrator\Favoriten\Online Pharmacy.url (Rogue.Link) -> Delete on reboot.
c:\DelUS.bat (Malware.Trace) -> Delete on reboot.
(end)
Zweiter Log MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.16.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: EWALD-LAPTOP [administrator]
16.02.2013 19:43:00
mbar-log-2013-02-16 (19-43-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26203
Time elapsed: 1 hour(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Log von TDSSKiller: Code:
ATTFilter 11:07:31.0559 4052 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:07:32.0350 4052 ============================================================
11:07:32.0350 4052 Current date / time: 2013/02/17 11:07:32.0350
11:07:32.0350 4052 SystemInfo:
11:07:32.0350 4052
11:07:32.0350 4052 OS Version: 5.1.2600 ServicePack: 3.0
11:07:32.0350 4052 Product type: Workstation
11:07:32.0350 4052 ComputerName: EWALD-LAPTOP
11:07:32.0350 4052 UserName: Administrator
11:07:32.0350 4052 Windows directory: C:\WINDOWS
11:07:32.0350 4052 System windows directory: C:\WINDOWS
11:07:32.0350 4052 Processor architecture: Intel x86
11:07:32.0350 4052 Number of processors: 1
11:07:32.0350 4052 Page size: 0x1000
11:07:32.0350 4052 Boot type: Normal boot
11:07:32.0350 4052 ============================================================
11:07:38.0139 4052 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:07:38.0149 4052 Drive \Device\Harddisk1\DR2 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:07:38.0149 4052 ============================================================
11:07:38.0149 4052 \Device\Harddisk0\DR0:
11:07:38.0149 4052 MBR partitions:
11:07:38.0149 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
11:07:38.0149 4052 \Device\Harddisk1\DR2:
11:07:38.0149 4052 MBR partitions:
11:07:38.0149 4052 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEA080
11:07:38.0149 4052 ============================================================
11:07:38.0219 4052 C: <-> \Device\Harddisk0\DR0\Partition1
11:07:38.0219 4052 ============================================================
11:07:38.0219 4052 Initialize success
11:07:38.0219 4052 ============================================================
11:07:44.0157 1460 ============================================================
11:07:44.0157 1460 Scan started
11:07:44.0157 1460 Mode: Manual;
11:07:44.0157 1460 ============================================================
11:07:54.0392 1460 ================ Scan system memory ========================
11:07:54.0402 1460 System memory - ok
11:07:54.0402 1460 ================ Scan services =============================
11:07:57.0366 1460 Abiosdsk - ok
11:07:57.0376 1460 abp480n5 - ok
11:07:58.0328 1460 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:07:58.0398 1460 ACPI - ok
11:07:58.0458 1460 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:07:58.0468 1460 ACPIEC - ok
11:07:59.0720 1460 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:08:00.0000 1460 AdobeFlashPlayerUpdateSvc - ok
11:08:00.0010 1460 adpu160m - ok
11:08:00.0360 1460 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
11:08:00.0701 1460 aeaudio - ok
11:08:00.0971 1460 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:08:01.0031 1460 aec - ok
11:08:01.0662 1460 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:08:01.0682 1460 AegisP - ok
11:08:02.0173 1460 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:08:02.0223 1460 AFD - ok
11:08:02.0994 1460 [ 3E60F847C0C57EEDB7C0639710512CCC ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:08:03.0595 1460 AgereSoftModem - ok
11:08:03.0715 1460 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:08:03.0866 1460 agp440 - ok
11:08:03.0876 1460 Aha154x - ok
11:08:03.0886 1460 aic78u2 - ok
11:08:03.0896 1460 aic78xx - ok
11:08:04.0036 1460 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:08:04.0066 1460 Alerter - ok
11:08:04.0176 1460 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
11:08:04.0196 1460 ALG - ok
11:08:04.0206 1460 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:08:04.0206 1460 AliIde - ok
11:08:04.0216 1460 amsint - ok
11:08:04.0677 1460 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:08:04.0747 1460 AppMgmt - ok
11:08:04.0997 1460 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:08:05.0328 1460 Arp1394 - ok
11:08:05.0338 1460 asc - ok
11:08:05.0348 1460 asc3350p - ok
11:08:05.0358 1460 asc3550 - ok
11:08:05.0708 1460 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
11:08:05.0818 1460 Aspi32 - ok
11:08:07.0270 1460 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:08:07.0631 1460 aspnet_state - ok
11:08:07.0711 1460 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:08:07.0751 1460 AsyncMac - ok
11:08:08.0302 1460 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:08:08.0312 1460 atapi - ok
11:08:08.0322 1460 Atdisk - ok
11:08:10.0415 1460 [ 74861E44690029BF25A99CF1AADCD8F4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:08:10.0545 1460 Ati HotKey Poller - ok
11:08:11.0216 1460 [ 75410DDA533D6B0DF3689341079FF215 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:08:11.0456 1460 ati2mtag - ok
11:08:11.0717 1460 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:08:11.0957 1460 Atmarpc - ok
11:08:12.0388 1460 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:08:12.0408 1460 AudioSrv - ok
11:08:12.0929 1460 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:08:13.0119 1460 audstub - ok
11:08:13.0489 1460 Automatisches LiveUpdate - Scheduler - ok
11:08:14.0361 1460 [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Programme\avmwlanstick\WlanNetService.exe
11:08:14.0481 1460 AVM WLAN Connection Service - ok
11:08:15.0192 1460 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys
11:08:15.0262 1460 avmeject - ok
11:08:15.0562 1460 [ 86BB2C24C716761CC4D143EEE35C2356 ] AVMPORT C:\WINDOWS\System32\drivers\avmport.sys
11:08:15.0723 1460 AVMPORT - ok
11:08:16.0253 1460 [ EB0EF89CCD0191AEC96CD6093FB9770F ] AVMWAN C:\WINDOWS\system32\DRIVERS\avmwan.sys
11:08:16.0353 1460 AVMWAN - ok
11:08:16.0634 1460 [ 0E72B88B05A5931C46EFA7D511D9AEB9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:08:16.0974 1460 b57w2k - ok
11:08:17.0575 1460 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:08:17.0665 1460 Beep - ok
11:08:22.0042 1460 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
11:08:23.0183 1460 BHDrvx86 - ok
11:08:23.0754 1460 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
11:08:24.0315 1460 BITS - ok
11:08:24.0365 1460 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
11:08:24.0756 1460 Bridge - ok
11:08:25.0967 1460 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
11:08:25.0967 1460 BridgeMP - ok
11:08:26.0368 1460 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
11:08:26.0398 1460 Browser - ok
11:08:26.0648 1460 [ 2D0FC1415956E84CBB06B2542F3BDA41 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:08:26.0748 1460 BTWUSB - ok
11:08:27.0920 1460 catchme - ok
11:08:28.0040 1460 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:08:28.0291 1460 cbidf2k - ok
11:08:29.0272 1460 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0604010.00E\ccSetx86.sys
11:08:29.0322 1460 ccSet_N360 - ok
11:08:29.0332 1460 cd20xrnt - ok
11:08:29.0372 1460 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:08:29.0402 1460 Cdaudio - ok
11:08:29.0703 1460 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:08:29.0813 1460 Cdfs - ok
11:08:30.0374 1460 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:08:30.0434 1460 Cdrom - ok
11:08:30.0444 1460 Changer - ok
11:08:30.0694 1460 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:08:30.0704 1460 CiSvc - ok
11:08:30.0774 1460 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:08:31.0325 1460 ClipSrv - ok
11:08:31.0435 1460 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:08:31.0445 1460 clr_optimization_v2.0.50727_32 - ok
11:08:31.0515 1460 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:08:31.0515 1460 CmBatt - ok
11:08:31.0525 1460 CmdIde - ok
11:08:31.0615 1460 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:08:31.0615 1460 Compbatt - ok
11:08:31.0625 1460 COMSysApp - ok
11:08:32.0056 1460 [ 32B0AC2449D9EF70B719BFAF631F998A ] CONAN C:\WINDOWS\system32\drivers\o2mmb.sys
11:08:32.0176 1460 CONAN - ok
11:08:32.0457 1460 Cpqarray - ok
11:08:32.0557 1460 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
11:08:32.0567 1460 Creative Service for CDROM Access - ok
11:08:32.0647 1460 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:08:32.0687 1460 CryptSvc - ok
11:08:32.0697 1460 dac2w2k - ok
11:08:32.0717 1460 dac960nt - ok
11:08:33.0308 1460 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:08:33.0498 1460 DcomLaunch - ok
11:08:33.0638 1460 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:08:33.0698 1460 Dhcp - ok
11:08:33.0748 1460 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:08:33.0759 1460 Disk - ok
11:08:33.0769 1460 dmadmin - ok
11:08:34.0470 1460 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:08:34.0790 1460 dmboot - ok
11:08:34.0860 1460 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:08:34.0930 1460 dmio - ok
11:08:34.0980 1460 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:08:34.0980 1460 dmload - ok
11:08:35.0050 1460 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:08:35.0080 1460 dmserver - ok
11:08:35.0120 1460 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:08:35.0291 1460 DMusic - ok
11:08:35.0591 1460 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:08:35.0611 1460 Dnscache - ok
11:08:35.0811 1460 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:08:35.0862 1460 Dot3svc - ok
11:08:35.0872 1460 dpti2o - ok
11:08:35.0912 1460 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:08:35.0922 1460 drmkaud - ok
11:08:35.0982 1460 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
11:08:35.0982 1460 eabfiltr - ok
11:08:36.0022 1460 [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
11:08:36.0032 1460 eabusb - ok
11:08:36.0092 1460 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:08:36.0122 1460 EapHost - ok
11:08:37.0133 1460 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
11:08:37.0274 1460 eeCtrl - ok
11:08:37.0374 1460 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:08:37.0474 1460 EraserUtilRebootDrv - ok
11:08:37.0544 1460 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:08:37.0714 1460 ERSvc - ok
11:08:37.0824 1460 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
11:08:37.0935 1460 Eventlog - ok
11:08:38.0185 1460 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
11:08:38.0275 1460 EventSystem - ok
11:08:38.0525 1460 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:08:38.0575 1460 Fastfat - ok
11:08:38.0966 1460 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:08:39.0066 1460 FastUserSwitchingCompatibility - ok
11:08:39.0096 1460 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:08:39.0146 1460 Fdc - ok
11:08:39.0266 1460 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:08:39.0286 1460 Fips - ok
11:08:39.0407 1460 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:08:39.0407 1460 Flpydisk - ok
11:08:39.0507 1460 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:08:39.0557 1460 FltMgr - ok
11:08:40.0348 1460 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:08:40.0408 1460 FontCache3.0.0.0 - ok
11:08:40.0508 1460 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:08:40.0508 1460 Fs_Rec - ok
11:08:40.0598 1460 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:08:40.0658 1460 Ftdisk - ok
11:08:40.0859 1460 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
11:08:41.0219 1460 FWLANUSB - ok
11:08:41.0650 1460 [ AAC92FF0D958CF90156C74A9FE3E5E20 ] fxusbase C:\WINDOWS\system32\DRIVERS\fxusbase.sys
11:08:42.0822 1460 fxusbase - ok
11:08:43.0262 1460 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:08:43.0282 1460 Gpc - ok
11:08:43.0533 1460 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98bae82261480 C:\Programme\Google\Update\GoogleUpdate.exe
11:08:43.0583 1460 gupdate1c98bae82261480 - ok
11:08:43.0643 1460 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
11:08:43.0643 1460 gupdatem - ok
11:08:44.0073 1460 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
11:08:44.0163 1460 gusvc - ok
11:08:44.0464 1460 [ D64A40B94602158E40527AE95E7A9193 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
11:08:45.0165 1460 Hardlock - ok
11:08:45.0275 1460 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:08:45.0295 1460 helpsvc - ok
11:08:45.0345 1460 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
11:08:45.0355 1460 HidServ - ok
11:08:45.0415 1460 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:08:45.0415 1460 HidUsb - ok
11:08:45.0485 1460 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:08:45.0505 1460 hkmsvc - ok
11:08:45.0796 1460 hpn - ok
11:08:46.0497 1460 [ E7E0CF2E13994DAB2CE10DFEF25BF610 ] hpqwmi C:\Programme\HPQ\SHARED\HPQWMI.exe
11:08:46.0567 1460 hpqwmi - ok
11:08:46.0747 1460 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:08:46.0877 1460 HTTP - ok
11:08:46.0957 1460 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:08:46.0968 1460 HTTPFilter - ok
11:08:46.0978 1460 i2omgmt - ok
11:08:46.0988 1460 i2omp - ok
11:08:47.0018 1460 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:08:47.0278 1460 i8042prt - ok
11:08:47.0749 1460 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:08:48.0319 1460 idsvc - ok
11:08:49.0040 1460 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSxpx86.sys
11:08:49.0191 1460 IDSxpx86 - ok
11:08:49.0241 1460 [ D542B05BAB582295AFBD92B1965BE68A ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
11:08:49.0261 1460 IFXTPM - ok
11:08:49.0281 1460 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:08:49.0301 1460 Imapi - ok
11:08:49.0591 1460 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
11:08:49.0641 1460 ImapiService - ok
11:08:49.0671 1460 ini910u - ok
11:08:49.0701 1460 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:08:49.0711 1460 IntelIde - ok
11:08:49.0772 1460 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:08:49.0812 1460 intelppm - ok
11:08:50.0022 1460 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:08:50.0282 1460 Ip6Fw - ok
11:08:50.0382 1460 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:08:50.0402 1460 IpFilterDriver - ok
11:08:50.0483 1460 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:08:50.0493 1460 IpInIp - ok
11:08:50.0573 1460 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:08:50.0623 1460 IpNat - ok
11:08:50.0673 1460 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:08:50.0813 1460 IPSec - ok
11:08:51.0133 1460 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
11:08:51.0184 1460 irda - ok
11:08:51.0214 1460 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:08:51.0224 1460 IRENUM - ok
11:08:51.0294 1460 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
11:08:51.0304 1460 Irmon - ok
11:08:51.0344 1460 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:08:51.0354 1460 isapnp - ok
11:08:51.0824 1460 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
11:08:51.0845 1460 Iviaspi - ok
11:08:52.0095 1460 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
11:08:52.0145 1460 JavaQuickStarterService - ok
11:08:52.0225 1460 [ C4D1E49A7D853A6FDFE8EC2906AE5AAA ] Jukebox3 C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
11:08:52.0235 1460 Jukebox3 - ok
11:08:52.0255 1460 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:08:52.0265 1460 Kbdclass - ok
11:08:52.0355 1460 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:08:52.0576 1460 kmixer - ok
11:08:52.0666 1460 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:08:52.0706 1460 KSecDD - ok
11:08:53.0216 1460 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:08:53.0257 1460 lanmanserver - ok
11:08:53.0397 1460 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:08:53.0447 1460 lanmanworkstation - ok
11:08:53.0457 1460 lbrtfdc - ok
11:08:53.0527 1460 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:08:53.0547 1460 LmHosts - ok
11:08:53.0597 1460 [ 4C32B247524F91DB486D21DCB84D9C23 ] MbxStby C:\WINDOWS\system32\drivers\MbxStby.sys
11:08:53.0607 1460 MbxStby - ok
11:08:57.0062 1460 [ F5EC78762896F18285BF2E900B024775 ] MEls C:\Programme\CoCreate\MEls\MEls32.exe
11:09:01.0398 1460 MEls - ok
11:09:01.0629 1460 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:09:01.0639 1460 Messenger - ok
11:09:01.0739 1460 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:09:03.0201 1460 mnmdd - ok
11:09:03.0541 1460 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:09:03.0551 1460 mnmsrvc - ok
11:09:03.0812 1460 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:09:04.0212 1460 Modem - ok
11:09:04.0252 1460 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:09:04.0262 1460 Mouclass - ok
11:09:04.0503 1460 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:09:04.0503 1460 mouhid - ok
11:09:04.0553 1460 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:09:04.0693 1460 MountMgr - ok
11:09:04.0703 1460 mraid35x - ok
11:09:04.0783 1460 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:09:04.0913 1460 MRxDAV - ok
11:09:05.0454 1460 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:09:05.0704 1460 MRxSmb - ok
11:09:06.0045 1460 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:09:06.0405 1460 MSDTC - ok
11:09:06.0436 1460 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:09:06.0446 1460 Msfs - ok
11:09:06.0456 1460 MSIServer - ok
11:09:06.0486 1460 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:09:06.0626 1460 MSKSSRV - ok
11:09:06.0736 1460 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:09:06.0816 1460 MSPCLOCK - ok
11:09:07.0126 1460 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:09:07.0147 1460 MSPQM - ok
11:09:07.0177 1460 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:09:07.0307 1460 mssmbios - ok
11:09:07.0547 1460 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:09:07.0587 1460 Mup - ok
11:09:08.0238 1460 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
11:09:08.0288 1460 N360 - ok
11:09:08.0669 1460 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
11:09:08.0799 1460 napagent - ok
11:09:09.0480 1460 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS
11:09:09.0600 1460 NAVENG - ok
11:09:10.0752 1460 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS
11:09:11.0503 1460 NAVEX15 - ok
11:09:11.0723 1460 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:09:11.0803 1460 NDIS - ok
11:09:11.0953 1460 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:09:12.0164 1460 NdisTapi - ok
11:09:12.0304 1460 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:09:12.0454 1460 Ndisuio - ok
11:09:12.0624 1460 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:09:12.0654 1460 NdisWan - ok
11:09:12.0735 1460 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:09:12.0845 1460 NDProxy - ok
11:09:13.0245 1460 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:09:13.0385 1460 NetBIOS - ok
11:09:13.0716 1460 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:09:13.0816 1460 NetBT - ok
11:09:14.0257 1460 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
11:09:14.0687 1460 NetDDE - ok
11:09:14.0737 1460 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:09:14.0747 1460 NetDDEdsdm - ok
11:09:14.0788 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:09:15.0208 1460 Netlogon - ok
11:09:15.0559 1460 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
11:09:15.0629 1460 Netman - ok
11:09:16.0380 1460 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:09:16.0430 1460 NetTcpPortSharing - ok
11:09:16.0490 1460 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:09:16.0600 1460 NIC1394 - ok
11:09:16.0830 1460 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
11:09:17.0271 1460 Nla - ok
11:09:17.0311 1460 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:09:17.0371 1460 Npfs - ok
11:09:17.0602 1460 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
11:09:17.0722 1460 NSNDIS5 - ok
11:09:18.0252 1460 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:09:18.0463 1460 Ntfs - ok
11:09:18.0843 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:09:18.0863 1460 NtLmSsp - ok
11:09:19.0284 1460 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:09:19.0444 1460 NtmsSvc - ok
11:09:19.0604 1460 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:09:19.0614 1460 Null - ok
11:09:19.0725 1460 [ C34A6A72DEC2C317D67355DC18F87090 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
11:09:19.0775 1460 NWCWorkstation - ok
11:09:19.0805 1460 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:09:19.0805 1460 NwlnkFlt - ok
11:09:19.0845 1460 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:09:19.0885 1460 NwlnkFwd - ok
11:09:20.0406 1460 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:09:20.0436 1460 NwlnkIpx - ok
11:09:20.0476 1460 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:09:20.0506 1460 NwlnkNb - ok
11:09:20.0556 1460 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:09:20.0576 1460 NwlnkSpx - ok
11:09:20.0666 1460 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
11:09:20.0726 1460 NWRDR - ok
11:09:20.0766 1460 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:09:20.0786 1460 ohci1394 - ok
11:09:21.0147 1460 [ A7AFD93CC20A4064A81F82D87C9026A7 ] OOCleverCache C:\Programme\OO Software\CleverCache\OOCCSVC.exe
11:09:21.0227 1460 OOCleverCache - ok
11:09:21.0397 1460 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:09:22.0058 1460 ose - ok
11:09:22.0148 1460 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:09:22.0208 1460 Parport - ok
11:09:22.0228 1460 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:09:22.0228 1460 PartMgr - ok
11:09:22.0308 1460 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:09:22.0318 1460 ParVdm - ok
11:09:22.0358 1460 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:09:22.0378 1460 PCI - ok
11:09:22.0388 1460 PCIDump - ok
11:09:22.0489 1460 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:09:22.0489 1460 PCIIde - ok
11:09:22.0569 1460 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:09:22.0629 1460 Pcmcia - ok
11:09:22.0639 1460 PDCOMP - ok
11:09:22.0649 1460 PDFRAME - ok
11:09:22.0669 1460 PDRELI - ok
11:09:22.0679 1460 PDRFRAME - ok
11:09:22.0689 1460 perc2 - ok
11:09:22.0699 1460 perc2hib - ok
11:09:23.0660 1460 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
11:09:23.0760 1460 PEVSystemStart - ok
11:09:23.0790 1460 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
11:09:23.0800 1460 Pfc - ok
11:09:24.0331 1460 [ 0ABC514F6606324CE15484D079027798 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
11:09:24.0351 1460 PfModNT - ok
11:09:24.0411 1460 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
11:09:24.0421 1460 PlugPlay - ok
11:09:24.0812 1460 [ B597C2C966B447E011B4AE1B4D053677 ] PMBDeviceInfoProvider C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
11:09:25.0152 1460 PMBDeviceInfoProvider - ok
11:09:25.0253 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:09:25.0493 1460 PolicyAgent - ok
11:09:25.0593 1460 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:09:25.0673 1460 PptpMiniport - ok
11:09:25.0683 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:09:25.0683 1460 ProtectedStorage - ok
11:09:25.0733 1460 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:09:25.0773 1460 PSched - ok
11:09:25.0813 1460 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:09:25.0823 1460 Ptilink - ok
11:09:25.0833 1460 ql1080 - ok
11:09:25.0843 1460 Ql10wnt - ok
11:09:25.0853 1460 ql12160 - ok
11:09:26.0004 1460 ql1240 - ok
11:09:26.0014 1460 ql1280 - ok
11:09:26.0054 1460 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:09:26.0064 1460 RasAcd - ok
11:09:26.0444 1460 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:09:26.0474 1460 RasAuto - ok
11:09:26.0504 1460 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:09:26.0514 1460 Rasirda - ok
11:09:26.0544 1460 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:09:26.0574 1460 Rasl2tp - ok
11:09:26.0765 1460 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:09:26.0835 1460 RasMan - ok
11:09:26.0885 1460 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:09:26.0895 1460 RasPppoe - ok
11:09:26.0925 1460 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:09:27.0075 1460 Raspti - ok
11:09:27.0255 1460 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:09:27.0316 1460 Rdbss - ok
11:09:27.0336 1460 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:09:27.0336 1460 RDPCDD - ok
11:09:27.0466 1460 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:09:27.0586 1460 rdpdr - ok
11:09:27.0726 1460 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:09:27.0796 1460 RDPWD - ok
11:09:28.0397 1460 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:09:28.0457 1460 RDSessMgr - ok
11:09:28.0507 1460 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:09:28.0547 1460 redbook - ok
11:09:28.0597 1460 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:09:28.0617 1460 RemoteAccess - ok
11:09:28.0698 1460 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:09:28.0728 1460 RemoteRegistry - ok
11:09:28.0828 1460 [ 05BE5E68F6F733D3B913B53BC6B52B13 ] RiotDrv C:\WINDOWS\system32\Drivers\RiotDrv.sys
11:09:28.0868 1460 RiotDrv - ok
11:09:29.0198 1460 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:09:29.0228 1460 RpcLocator - ok
11:09:29.0709 1460 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:09:29.0709 1460 RpcSs - ok
11:09:29.0899 1460 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:09:29.0969 1460 RSVP - ok
11:09:30.0360 1460 [ ABDC839BD1C53F9C17449B10221CB942 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
11:09:30.0480 1460 RT73 - ok
11:09:30.0580 1460 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus C:\WINDOWS\system32\DRIVERS\s0017bus.sys
11:09:30.0620 1460 s0017bus - ok
11:09:30.0750 1460 [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
11:09:31.0051 1460 s0017mdfl - ok
11:09:31.0311 1460 [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
11:09:31.0351 1460 s0017mdm - ok
11:09:31.0461 1460 [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
11:09:31.0502 1460 s0017mgmt - ok
11:09:31.0592 1460 [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5 C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
11:09:31.0602 1460 s0017nd5 - ok
11:09:31.0742 1460 [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex C:\WINDOWS\system32\DRIVERS\s0017obex.sys
11:09:31.0812 1460 s0017obex - ok
11:09:31.0872 1460 [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic C:\WINDOWS\system32\DRIVERS\s0017unic.sys
11:09:32.0092 1460 s0017unic - ok
11:09:32.0433 1460 [ AA786AD3A2684D39630744787B00E6F4 ] s3017bus C:\WINDOWS\system32\DRIVERS\s3017bus.sys
11:09:32.0623 1460 s3017bus - ok
11:09:32.0703 1460 [ CBA4CA5BCE44084E98CE420FD6692D3A ] s3017mdfl C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys
11:09:32.0733 1460 s3017mdfl - ok
11:09:32.0843 1460 [ 68036EFF647970D6C0399789C8707CAD ] s3017mdm C:\WINDOWS\system32\DRIVERS\s3017mdm.sys
11:09:32.0914 1460 s3017mdm - ok
11:09:32.0994 1460 [ 3672E7F9349BD98FD3F5AC33E7B2B1A6 ] s3017mgmt C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys
11:09:33.0034 1460 s3017mgmt - ok
11:09:33.0074 1460 [ B1133B37EB184AEF81D56B4302DBAE9C ] s3017nd5 C:\WINDOWS\system32\DRIVERS\s3017nd5.sys
11:09:33.0094 1460 s3017nd5 - ok
11:09:33.0154 1460 [ D81B1D504AA1426622E7EC09F25130A9 ] s3017obex C:\WINDOWS\system32\DRIVERS\s3017obex.sys
11:09:33.0595 1460 s3017obex - ok
11:09:33.0665 1460 [ 7B95C53EA8BB585013767EEF2875C0A0 ] s3017unic C:\WINDOWS\system32\DRIVERS\s3017unic.sys
11:09:33.0705 1460 s3017unic - ok
11:09:33.0845 1460 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
11:09:33.0845 1460 SamSs - ok
11:09:33.0875 1460 SANDRA - ok
11:09:34.0396 1460 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:09:34.0446 1460 SCardSvr - ok
11:09:34.0576 1460 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:09:34.0646 1460 Schedule - ok
11:09:34.0746 1460 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:09:34.0806 1460 Secdrv - ok
11:09:34.0836 1460 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
11:09:34.0886 1460 seclogon - ok
11:09:35.0297 1460 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
11:09:35.0317 1460 seehcri - ok
11:09:35.0527 1460 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
11:09:35.0557 1460 SENS - ok
11:09:35.0668 1460 [ 95A26D5D8CEDA33377AF627DAFC2796F ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:09:35.0738 1460 Sentinel - ok
11:09:36.0068 1460 [ 731D9B3DE4BC0A3E0830B9BF9DBCE2A5 ] SentinelKeysServer C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
11:09:36.0178 1460 SentinelKeysServer - ok
11:09:36.0278 1460 [ 925E88D7C5A51E25769D9CEB4F7F2E85 ] SentinelProtectionServer C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
11:09:36.0359 1460 SentinelProtectionServer - ok
11:09:36.0859 1460 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:09:36.0869 1460 serenum - ok
11:09:36.0909 1460 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:09:36.0949 1460 Serial - ok
11:09:36.0999 1460 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:09:37.0019 1460 Sfloppy - ok
11:09:37.0210 1460 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:09:37.0350 1460 SharedAccess - ok
11:09:37.0550 1460 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:09:37.0550 1460 ShellHWDetection - ok
11:09:37.0560 1460 Simbad - ok
11:09:37.0570 1460 SipIMNDI - ok
11:09:37.0640 1460 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:09:37.0650 1460 SMCIRDA - ok
11:09:38.0331 1460 [ F5A256E9755FD361D277FE1F5D02DD7A ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
11:09:38.0702 1460 smwdm - ok
11:09:38.0852 1460 [ 8D4A96868AE13C3CF8425B383B59D802 ] SNTNLUSB C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
11:09:39.0052 1460 SNTNLUSB - ok
11:09:39.0964 1460 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Programme\Sony\Sony PC Companion\PCCService.exe
11:09:40.0034 1460 Sony PC Companion - ok
11:09:40.0745 1460 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
11:09:40.0765 1460 SoundMAX Agent Service (default) - ok
11:09:40.0775 1460 Sparrow - ok
11:09:40.0815 1460 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:09:40.0835 1460 splitter - ok
11:09:40.0955 1460 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:09:40.0975 1460 Spooler - ok
11:09:41.0035 1460 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:09:41.0055 1460 sr - ok
11:09:41.0205 1460 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
11:09:41.0316 1460 srservice - ok
11:09:42.0467 1460 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0604010.00E\SRTSP.SYS
11:09:42.0898 1460 SRTSP - ok
11:09:42.0958 1460 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0604010.00E\SRTSPX.SYS
11:09:42.0988 1460 SRTSPX - ok
11:09:43.0168 1460 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:09:43.0339 1460 Srv - ok
11:09:43.0419 1460 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:09:43.0459 1460 SSDPSRV - ok
11:09:43.0929 1460 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:09:44.0050 1460 stisvc - ok
11:09:44.0210 1460 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:09:44.0330 1460 swenum - ok
11:09:44.0480 1460 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:09:44.0500 1460 swmidi - ok
11:09:44.0560 1460 SwPrv - ok
11:09:44.0570 1460 symc810 - ok
11:09:44.0580 1460 symc8xx - ok
11:09:45.0091 1460 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0604010.00E\SYMDS.SYS
11:09:45.0241 1460 SymDS - ok
11:09:45.0622 1460 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0604010.00E\SYMEFA.SYS
11:09:46.0413 1460 SymEFA - ok
11:09:46.0543 1460 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:09:46.0593 1460 SymEvent - ok
11:09:46.0603 1460 SYMFW - ok
11:09:46.0623 1460 SYMIDS - ok
11:09:46.0703 1460 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
11:09:46.0884 1460 SymIM - ok
11:09:46.0994 1460 [ A7100EA17ED9EAF365362A05BF430E77 ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
11:09:46.0994 1460 SymIMMP - ok
11:09:47.0124 1460 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0604010.00E\Ironx86.SYS
11:09:47.0204 1460 SymIRON - ok
11:09:47.0535 1460 SYMNDIS - ok
11:09:47.0765 1460 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0604010.00E\SYMTDI.SYS
11:09:48.0095 1460 SYMTDI - ok
11:09:48.0105 1460 sym_hi - ok
11:09:48.0115 1460 sym_u3 - ok
11:09:48.0366 1460 [ 0C1762FEF34B265498EF2F3BEF7F1D64 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:09:48.0476 1460 SynTP - ok
11:09:48.0947 1460 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:09:48.0977 1460 sysaudio - ok
11:09:49.0087 1460 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:09:49.0147 1460 SysmonLog - ok
11:09:49.0277 1460 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:09:49.0367 1460 TapiSrv - ok
11:09:49.0968 1460 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:09:50.0098 1460 Tcpip - ok
11:09:50.0138 1460 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:09:50.0208 1460 TDPIPE - ok
11:09:50.0689 1460 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:09:50.0789 1460 TDTCP - ok
11:09:50.0819 1460 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:09:50.0839 1460 TermDD - ok
11:09:51.0530 1460 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
11:09:51.0831 1460 TermService - ok
11:09:52.0251 1460 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:09:52.0251 1460 Themes - ok
11:09:52.0382 1460 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:09:52.0422 1460 TlntSvr - ok
11:09:52.0902 1460 [ 747E60B773E95F6C93D5621B550D6865 ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
11:09:53.0493 1460 TomTomHOMEService - ok
11:09:53.0503 1460 TosIde - ok
11:09:53.0914 1460 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:09:54.0475 1460 TrkWks - ok
11:09:54.0785 1460 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:09:54.0815 1460 Udfs - ok
11:09:54.0825 1460 ultra - ok
11:09:55.0837 1460 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:09:56.0497 1460 Update - ok
11:09:56.0738 1460 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:09:56.0808 1460 upnphost - ok
11:09:56.0838 1460 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
11:09:56.0908 1460 UPS - ok
11:09:57.0779 1460 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:09:57.0789 1460 usbccgp - ok
11:09:57.0990 1460 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:09:58.0240 1460 usbehci - ok
11:09:58.0480 1460 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:09:58.0651 1460 usbhub - ok
11:09:58.0701 1460 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:09:58.0721 1460 usbprint - ok
11:09:58.0741 1460 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:09:58.0781 1460 usbscan - ok
11:09:58.0821 1460 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:09:58.0871 1460 USBSTOR - ok
11:09:58.0911 1460 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:09:58.0951 1460 usbuhci - ok
11:09:59.0081 1460 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:09:59.0261 1460 VgaSave - ok
11:09:59.0752 1460 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:09:59.0752 1460 ViaIde - ok
11:09:59.0782 1460 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:09:59.0812 1460 VolSnap - ok
11:10:00.0553 1460 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
11:10:00.0673 1460 VSS - ok
11:10:00.0914 1460 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
11:10:01.0274 1460 W32Time - ok
11:10:01.0324 1460 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:10:01.0415 1460 Wanarp - ok
11:10:01.0425 1460 WDICA - ok
11:10:01.0655 1460 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:10:01.0815 1460 wdmaud - ok
11:10:02.0386 1460 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:10:02.0406 1460 WebClient - ok
11:10:02.0536 1460 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:10:02.0596 1460 winmgmt - ok
11:10:02.0756 1460 [ 26E962C7FDAA6FF951DFF46E44A3FD31 ] WLAN_400_500_SERVICE C:\WINDOWS\system32\DRIVERS\ar5211.sys
11:10:02.0917 1460 WLAN_400_500_SERVICE - ok
11:10:03.0217 1460 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:10:03.0237 1460 WmdmPmSN - ok
11:10:03.0548 1460 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:10:03.0828 1460 Wmi - ok
11:10:03.0848 1460 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:10:03.0918 1460 WmiAcpi - ok
11:10:04.0309 1460 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:10:04.0349 1460 WmiApSrv - ok
11:10:04.0819 1460 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
11:10:05.0450 1460 WMPNetworkSvc - ok
11:10:05.0490 1460 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:10:05.0510 1460 WpdUsb - ok
11:10:05.0551 1460 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:10:05.0551 1460 WS2IFSL - ok
11:10:05.0631 1460 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:10:05.0671 1460 wscsvc - ok
11:10:05.0691 1460 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:10:05.0721 1460 wuauserv - ok
11:10:05.0791 1460 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:10:05.0821 1460 WudfPf - ok
11:10:05.0911 1460 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:10:06.0382 1460 WUDFRd - ok
11:10:06.0422 1460 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:10:06.0442 1460 WudfSvc - ok
11:10:06.0692 1460 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:10:06.0973 1460 WZCSVC - ok
11:10:07.0333 1460 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:10:07.0403 1460 xmlprov - ok
11:10:07.0463 1460 ================ Scan global ===============================
11:10:07.0543 1460 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:10:07.0704 1460 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:10:08.0014 1460 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:10:08.0094 1460 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:10:08.0094 1460 [Global] - ok
11:10:08.0094 1460 ================ Scan MBR ==================================
11:10:08.0124 1460 [ 15F0BAA85007F74493FA368029DCE5F7 ] \Device\Harddisk0\DR0
11:10:08.0365 1460 \Device\Harddisk0\DR0 - ok
11:10:08.0375 1460 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR2
11:10:09.0426 1460 \Device\Harddisk1\DR2 - ok
11:10:09.0426 1460 ================ Scan VBR ==================================
11:10:09.0436 1460 [ 333A94996F2FC035DDD06887574C89E0 ] \Device\Harddisk0\DR0\Partition1
11:10:09.0436 1460 \Device\Harddisk0\DR0\Partition1 - ok
11:10:09.0446 1460 [ B38CD0E8724492870CDA8946FE25F463 ] \Device\Harddisk1\DR2\Partition1
11:10:09.0446 1460 \Device\Harddisk1\DR2\Partition1 - ok
11:10:09.0446 1460 ============================================================
11:10:09.0446 1460 Scan finished
11:10:09.0446 1460 ============================================================
11:10:09.0466 0228 Detected object count: 0
11:10:09.0466 0228 Actual detected object count: 0
11:12:23.0028 3992 Deinitialize success
|
|
17.02.2013, 13:35
| #12 |
| /// TB-Ausbilder | BKA Trojaner/Virus GVU Version 2.11 Hi, das sah unauffällig aus. Wie läuft der Rechner jetzt? Alles in Ordnung oder siehst du noch Probleme? Schritt 1
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) - File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.
:commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Starte bitte die OTL.exe.
Schritt 5 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
18.02.2013, 16:56
| #13 |
| | BKA Trojaner/Virus GVU Version 2.11 Hallo Leo, der Rechner läuft soweit super, nur zu Beginn (bevor das Anmeldefenster) erscheint öffnet sich eine Box ich hab ein Foto davon gemacht und auf meine dropbox gestellt hier der link: https://www.dropbox.com/l/PpkCFKbuwyjKstMi Fixlog von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.02.2013 14:05:49 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 543,72 Mb Available Physical Memory | 53,13% Memory free 2,40 Gb Paging File | 2,05 Gb Available in Paging File | 85,38% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 10,21 Gb Free Space | 18,27% Space Free | Partition Type: NTFS Drive E: | 7,45 Gb Total Space | 6,54 Gb Free Space | 87,78% Space Free | Partition Type: FAT32 Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe ========== Modules (No Company Name) ========== MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll MOD - [2001.03.02 12:02:04 | 000,037,808 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart) SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG) DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA) DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS) DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3) DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE) DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN) DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby) DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv) DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.17 14:01:44 | 000,000,000 | ---D | M] [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) - File not found O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.16 17:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.16 17:34:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar [2013.02.16 17:28:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2013.02.16 17:26:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.02.16 16:37:47 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.08 17:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.17 14:08:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.17 14:00:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.17 14:00:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job [2013.02.17 13:58:23 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini [2013.02.17 13:58:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.17 13:57:36 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.17 13:57:34 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2013.02.17 11:25:41 | 000,762,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB [2013.02.17 11:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.17 11:14:05 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 11:12:28 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.17 11:12:28 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.17 11:12:28 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.17 11:12:28 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.16 17:23:58 | 013,711,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip [2013.02.16 17:21:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job [2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job [2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021 [2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini [2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk [2013.02.08 17:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.08 17:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.08 17:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini [2013.01.26 04:55:37 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll [2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.16 17:28:19 | 013,711,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip [2013.02.16 17:25:31 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys [2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst [2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su [2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475 [2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak [2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak [2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su [2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su [2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su [2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su [2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su [2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su [2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini [2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < :OTL > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1 > Invalid Switch: search.php?qq=%1 < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html > Invalid Switch: bar.html < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1 > Invalid Switch: search.php?qq=%1 < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1 > Invalid Switch: search.php?qq=%1 < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local> > < O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found > < O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) - File not found > < O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found. > < > < :commands > < [emptytemp] > < > < End of report > MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.17.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: EWALD-LAPTOP [Administrator] 17.02.2013 14:19:44 mbam-log-2013-02-17 (14-19-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205564 Laufzeit: 12 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Code:
ATTFilter C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\b474f75-336e3084 a variant of Java/Exploit.CVE-2012-0507.FQ trojan
C:\T-Online4\EMAIL4\mui.exe probably a variant of Win32/Agent.IUKDZWI trojan
C:\WINDOWS\system32\AscConTest.dll Win32/Adware.Ascentive application
C:\_OTL\MovedFiles\02142013_071214\C_Dokumente und Einstellungen\Administrator\3748115.dll a variant of Win32/Kryptik.AUFR trojan
OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.02.2013 16:35:37 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 633,70 Mb Available Physical Memory | 61,92% Memory free 2,40 Gb Paging File | 2,11 Gb Available in Paging File | 87,59% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 10,07 Gb Free Space | 18,01% Space Free | Partition Type: NTFS Drive E: | 7,45 Gb Total Space | 6,53 Gb Free Space | 87,62% Space Free | Partition Type: FAT32 Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe ========== Modules (No Company Name) ========== MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll MOD - [2001.03.02 12:02:04 | 000,037,808 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart) SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG) DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA) DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS) DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3) DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE) DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN) DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby) DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv) DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.18 08:58:46 | 000,000,000 | ---D | M] [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O4 - HKU\S-1-5-21-686225105-3868835699-3303831392-500..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) - File not found O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.18 16:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\log4 [2013.02.18 09:07:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.02.18 09:06:53 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe [2013.02.17 14:16:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2013.02.17 14:16:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.17 14:16:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.17 14:16:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.17 14:15:41 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.16 17:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.16 17:34:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar [2013.02.16 17:28:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2013.02.16 17:26:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.02.16 16:37:47 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.18 16:14:04 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.18 16:08:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.18 11:18:40 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini [2013.02.18 08:59:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.18 08:59:44 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job [2013.02.18 08:57:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.18 08:57:02 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2013.02.17 14:16:11 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.17 14:04:28 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.17 14:04:26 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe [2013.02.17 13:57:36 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.17 11:25:41 | 000,762,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB [2013.02.17 11:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.17 11:12:28 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.17 11:12:28 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.17 11:12:28 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.17 11:12:28 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.16 17:23:58 | 013,711,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip [2013.02.16 17:21:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job [2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job [2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job [2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job [2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021 [2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini [2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk [2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini [2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.17 14:16:11 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.16 17:28:19 | 013,711,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip [2013.02.16 17:25:31 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys [2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst [2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su [2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475 [2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak [2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak [2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su [2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su [2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su [2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su [2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su [2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su [2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini [2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.11 08:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM [2008.04.18 16:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\cadenas [2007.06.12 17:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2011.02.10 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CoCreate [2007.10.05 15:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DWGeditor [2007.05.09 19:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ectaco [2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust [2005.01.12 00:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo [2012.02.06 11:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++ [2006.02.27 10:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OD2 [2007.12.15 15:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sldIM [2009.12.05 11:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony [2009.12.05 15:28:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software [2009.12.05 11:43:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup [2006.11.11 16:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-DSL SpeedManager [2011.08.21 04:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tific [2010.06.01 16:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom [2008.01.24 20:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software [2010.03.14 10:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\371AC [2010.04.23 11:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive [2009.03.22 07:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012.11.01 08:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverGenius [2008.03.19 20:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD [2008.03.19 20:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM [2006.01.11 18:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2 [2009.08.14 07:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2012.09.11 07:29:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2005.07.07 07:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2010.06.01 16:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2008.01.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2008.10.07 08:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009.09.14 08:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} [2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\InterTrust ========== Purity Check ========== < End of report > [SIZE="4"Security Check[/SIZE] Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Please wait while WMIC compiles updated MOF files.d i s p l a y N a m e ECHO ist ausgeschaltet (OFF). N o r t o n ECHO ist ausgeschaltet (OFF). 3 6 0 ECHO ist ausgeschaltet (OFF). Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java(TM) 6 Update 27 Java 2 Runtime Environment, SE v1.4.2 Java version out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` |
|
18.02.2013, 17:23
| #14 |
| /// TB-Ausbilder | BKA Trojaner/Virus GVU Version 2.11 Hallo, seit wann taucht diese Box vor dem Anmeldefenster auf? Passiert dies immer oder nur einmalig? Du hast den OTL-Fix nicht richtig gemacht. Du musst auf den Fix Button drücken, nachdem du den Text reinkopiert hast, und nicht auf den Scan-Button. Mach das mit folgendem Fix bitte noch einmal: Schritt 1
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) - File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.
O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job
[2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job
[2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job
O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found
:files
C:\WINDOWS\system32\AscConTest.dll
:commands
[emptytemp]
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
18.02.2013, 18:16
| #15 |
| | BKA Trojaner/Virus GVU Version 2.11 Müsste nach dem Fix vom 16.02.2013, 17:15 da sein, ganz sicher bin ich mir aber nicht. Die Box kommt nach jedem Start. Fixlog OTL: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6AC3806F-8B39-4746-9C38-6B01CB7331FF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
File C:\WINDOWS\screen.html not found.
C:\WINDOWS\tasks\pos08.job moved successfully.
C:\WINDOWS\tasks\pos07.job moved successfully.
C:\WINDOWS\tasks\pos05.job moved successfully.
C:\WINDOWS\tasks\01008.job moved successfully.
C:\WINDOWS\tasks\01007.job moved successfully.
C:\WINDOWS\tasks\01005.job moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Performance Center deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\AscConTest.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 4465891 bytes
->Temporary Internet Files folder emptied: 29550200 bytes
->Java cache emptied: 3744989 bytes
->Google Chrome cache emptied: 6611499 bytes
->Flash cache emptied: 35053 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 69385 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130854 bytes
RecycleBin emptied: 6159679 bytes
Total Files Cleaned = 49,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02182013_180326
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Log von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.02.2013 18:08:43 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 662,72 Mb Available Physical Memory | 64,76% Memory free 2,40 Gb Paging File | 2,18 Gb Available in Paging File | 90,49% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 10,11 Gb Free Space | 18,09% Space Free | Partition Type: NTFS Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe ========== Modules (No Company Name) ========== MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart) SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG) DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA) DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS) DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3) DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE) DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN) DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby) DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv) DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/ IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.18 18:10:08 | 000,000,000 | ---D | M] [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.18 16:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\log4 [2013.02.18 09:07:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.02.18 09:06:53 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe [2013.02.17 14:16:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2013.02.17 14:16:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.17 14:16:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.17 14:16:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.17 14:15:41 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.16 17:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.16 17:34:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar [2013.02.16 17:28:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2013.02.16 17:26:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.02.16 16:37:47 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.18 18:14:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.18 18:08:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.18 18:07:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.18 18:07:04 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini [2013.02.18 18:06:54 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job [2013.02.18 18:06:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.18 18:06:39 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2013.02.17 14:16:11 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.17 14:07:48 | 000,881,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe [2013.02.17 14:04:28 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.17 14:04:26 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe [2013.02.17 13:57:36 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.17 11:25:41 | 000,762,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB [2013.02.17 11:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.17 11:12:28 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.17 11:12:28 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.17 11:12:28 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.17 11:12:28 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.16 17:23:58 | 013,711,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip [2013.02.16 17:21:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021 [2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini [2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk [2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini [2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ] [12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.18 16:43:20 | 000,881,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe [2013.02.17 14:16:11 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.16 17:28:19 | 013,711,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip [2013.02.16 17:25:31 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys [2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html [2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html [2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst [2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su [2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su [2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini [2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475 [2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak [2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak [2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su [2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su [2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini [2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su [2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su [2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su [2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su [2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini [2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.11 08:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM [2008.04.18 16:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\cadenas [2007.06.12 17:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2011.02.10 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CoCreate [2007.10.05 15:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DWGeditor [2007.05.09 19:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ectaco [2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust [2005.01.12 00:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo [2012.02.06 11:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++ [2006.02.27 10:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OD2 [2007.12.15 15:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sldIM [2009.12.05 11:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony [2009.12.05 15:28:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software [2009.12.05 11:43:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup [2006.11.11 16:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-DSL SpeedManager [2011.08.21 04:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tific [2010.06.01 16:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom [2008.01.24 20:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software [2010.03.14 10:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\371AC [2010.04.23 11:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive [2009.03.22 07:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012.11.01 08:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverGenius [2008.03.19 20:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD [2008.03.19 20:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM [2006.01.11 18:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2 [2009.08.14 07:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2012.09.11 07:29:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2005.07.07 07:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2010.06.01 16:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2008.01.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2008.10.07 08:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009.09.14 08:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} [2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\InterTrust ========== Purity Check ========== < End of report > |
|
| Themen zu BKA Trojaner/Virus GVU Version 2.11 |
| bho, bka - trojaner, converter, driver genius, error, excel, firefox, flash player, format, ftp, google, gvu 2.11, home, homepage, launch, microsoft office 2003, mp3, msiexec.exe, object, plug-in, registry, rundll, scan, schannel.dll, security, server, software, starten, stick, trojaner, trojaner/virus, usb, visual studio, windows, windows internet, windows xp |
Textbox.
Linear-Darstellung
