| |
| |||||||
Log-Analyse und Auswertung: GVU auf WIN 2008 Server nur 1 Benutzerkonto infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.03.2013, 20:48
| #1 |
| |  GVU auf WIN 2008 Server nur 1 Benutzerkonto infiziert Hallo Trojaner-Board-Team. habe seit letzter Woche den bekannten GVU/BKA-Trojaner. Habe KasperskyUnlocker und Scan durchgeführt. Auf AP02 bleibt der "Scheiss" weiter vorhanden und das Konto lässt sich nicht nutzen. Habe jetz ein OTL - OTLogfile erstellt Wer kann mir helfen? Möchte das System ungern neu aufsetzen. Danke im Voraus für die Unterstützung |
|
04.03.2013, 22:46
| #2 |
| | GVU auf WIN 2008 Server nur 1 Benutzerkonto infiziert Oh, hier sind noch die Logs richtigOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 04.03.2013 19:52:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop 64bit-Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 75,25% Memory free 16,04 Gb Paging File | 14,01 Gb Available in Paging File | 87,33% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 13,91 Gb Free Space | 28,49% Space Free | Partition Type: NTFS Drive I: | 508,92 Gb Total Space | 459,76 Gb Free Space | 90,34% Space Free | Partition Type: NTFS Drive W: | 48,83 Gb Total Space | 13,91 Gb Free Space | 28,49% Space Free | Partition Type: NTFS Computer Name: WTS-SERVER | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\medatixx\ixx.downloadservice\ixx.downloadservice.exe (medatixx GmbH & Co. KG) PRC - C:\Program Files (x86)\medatixx\ixx.servicecenter\ixx.updateservice.exe (medatixx GmbH & Co. KG) PRC - C:\Program Files (x86)\HÄVG Rechenzentrum AG\HÄVG-Prüfmodul\app\bin\HaevgRZ.Hpm.Starter.exe (H�VG Rechenzentrum AG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\AVKClient\AvkCl.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - c:\Programme\activefax\Server\ActSrvNT.exe (ActFax Communication) PRC - C:\Programme\activefax\Terminal\TSClientB.exe (ActFax Communication) PRC - C:\Program Files (x86)\Fujitsu\ServerView Suite\RAID Manager\amService.exe (Fujitsu Technology Solutions) PRC - C:\Programme\Fujitsu\ServerView Suite\Agents\VMEAgent\bin\vme_srv.exe () PRC - C:\Program Files (x86)\Fujitsu\ServerView Suite\Remote Connector\SVRemCon.exe (Fujitsu) PRC - C:\Program Files (x86)\Fujitsu\ServerView Suite\Agents\UpdateAgent\gf_agent.exe (Fujitsu Technology Solutions) PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) PRC - I:\mediDOK\BridgeServer\mediDOKServerB.exe (mediDOK Software-Entwicklungs GmbH) PRC - I:\mediDOK\Server\mediDOKServer.exe (mediDOK Software-Entwicklungs GmbH) PRC - C:\Programme\Fujitsu\ServerView Suite\Agents\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) PRC - I:\Programme\RDX\Service\RDXmon.exe () ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (TermServLicensing) -- C:\Windows\SysNative\lserver.dll (Microsoft Corporation) SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation) SRV:64bit: - (RSoPProv) -- C:\Windows\SysNative\RSoPProv.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (sacsvr) -- C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation) SRV:64bit: - (FCRegSvc) -- C:\Windows\SysNative\FCRegSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ixx.downloadservice) -- C:\Program Files (x86)\medatixx\ixx.downloadservice\ixx.downloadservice.exe (medatixx GmbH & Co. KG) SRV - (ixx.updateservice) -- C:\Program Files (x86)\medatixx\ixx.servicecenter\ixx.updateservice.exe (medatixx GmbH & Co. KG) SRV - (HaevgPruefmodul) -- C:\Program Files (x86)\HÄVG Rechenzentrum AG\HÄVG-Prüfmodul\app\bin\HaevgRZ.Hpm.Starter.exe (H�VG Rechenzentrum AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (Gdmms) -- i:\G DATA\G DATA AntiVirus ManagementServer\gdmms.exe (G Data Software AG) SRV - (AntiVirusKit Client) -- C:\Program Files (x86)\G DATA\AVKClient\AvkCl.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\AVKClient\AVKWCtlX64.exe (G Data Software AG) SRV - (GDBackupSvc) -- C:\Program Files (x86)\G DATA\AVKClient\AVKBackupService.exe (G Data Software AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ActiveFaxServiceNT) -- c:\Programme\activefax\Server\ActSrvNT.exe (ActFax Communication) SRV - (amService) -- C:\Program Files (x86)\Fujitsu\ServerView Suite\RAID Manager\amService.exe (Fujitsu Technology Solutions) SRV - (SrvCtrl) -- C:\Programme\Fujitsu\ServerView Suite\Agents\Server Control\SrvCtrl.exe (Fujitsu) SRV - (vme_srv) -- C:\Programme\Fujitsu\ServerView Suite\Agents\VMEAgent\bin\vme_srv.exe () SRV - (RemoteConnector) -- C:\Program Files (x86)\Fujitsu\ServerView Suite\Remote Connector\SVRemCon.exe (Fujitsu) SRV - (OfflineFlash) -- C:\Program Files (x86)\Fujitsu\ServerView Suite\Agents\UpdateAgent\gf_agent.exe (Fujitsu Technology Solutions) SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (mediDOKServer) -- I:\mediDOK\Server\mediDOKServer.exe (mediDOK Software-Entwicklungs GmbH) SRV - (BridgeServer) -- I:\mediDOK\BridgeServer\mediDOKServerB.exe (mediDOK Software-Entwicklungs GmbH) SRV - (TestHandler) -- C:\Programme\Fujitsu\ServerView Suite\Agents\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) SRV - (BackupExecRPCService) -- I:\Programme\Backup Exec\beserver.exe (Symantec Corporation) SRV - (BackupExecJobEngine) -- I:\Programme\Backup Exec\bengine.exe (Symantec Corporation) SRV - (BackupExecAgentAccelerator) -- I:\Programme\Backup Exec\beremote.exe (Symantec Corporation) SRV - (BackupExecAgentBrowser) -- I:\Programme\Backup Exec\benetns.exe (Symantec Corporation) SRV - (BackupExecDeviceMediaService) -- I:\Programme\Backup Exec\pvlsvr.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (MSSQLSERVER) -- I:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLSERVERAGENT) -- I:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE (Microsoft Corporation) SRV - (msftesql) -- I:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation) SRV - (RDXmon) -- I:\Programme\RDX\Service\RDXmon.exe () SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\vid.sys (Microsoft Corporation) DRV:64bit: - (ScSBB2) -- C:\Windows\SysNative\DRIVERS\ScSBB2.sys (Fujitsu) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Blfp) -- C:\Windows\SysNative\DRIVERS\basp.sys (Broadcom Corporation) DRV:64bit: - (tpfilter) -- C:\Windows\SysNative\DRIVERS\tpfilter.sys (Symantec Corporation) DRV:64bit: - (G200e) -- C:\Windows\SysNative\DRIVERS\G200em.sys (Matrox Graphics Inc.) DRV:64bit: - (sacdrv) -- C:\Windows\SysNative\DRIVERS\sacdrv.sys (Microsoft Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\storflt.sys (Microsoft Corporation) DRV:64bit: - (ioatdma) -- C:\Windows\SysNative\drivers\qd260x64.sys (Intel Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\s3cap.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SCSIChanger) -- C:\Windows\SysNative\DRIVERS\scsichng.sys (Symantec Corporation) DRV:64bit: - (FUS2BASE) -- C:\Windows\SysNative\DRIVERS\fus2base.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\DRIVERS\AVMCOWAN.sys (AVM GmbH) DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (BASFND) -- C:\Programme\Broadcom\SNMP\BASFND.sys (Broadcom Corporation) DRV - (Mtpd) -- C:\Windows\SysWOW64\drivers\Case\mtpd.sys () DRV - (MmsUsbWriter) -- C:\Windows\SysWOW64\drivers\Case\UsbWriter.sys (GE Healthcare) DRV - (COR_SYS) -- C:\Windows\SysWOW64\drivers\COR_SYS.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-241581776-1996070197-927993856-1014\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-241581776-1996070197-927993856-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-241581776-1996070197-927993856-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.20.0.5:3128 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.30 10:59:05 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-241581776-1996070197-927993856-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-241581776-1996070197-927993856-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [bacstray] C:\Programme\Broadcom\BACS\BacsTray.exe (Broadcom Corporation) O4 - HKLM..\Run: [ActiveFax Terminal Server] c:\Programme\activefax\Terminal\TSClientB.exe (ActFax Communication) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVK Client] C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe (G Data Software AG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-241581776-1996070197-927993856-500..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\AP01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveFax Client.lnk = C:\Programme\activefax\Client\ActFaxClient.exe (ActFax Communication) O4 - Startup: C:\Users\AP01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fax_leeren - Verknüpfung.lnk = I:\MCS-AG\fax_leeren.cmd () O4 - Startup: C:\Users\AP01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mediDOK.lnk = I:\mediDOK\mediDOK.exe (mediDOK Software-Entwicklungs GmbH) O4 - Startup: C:\Users\AP02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mediDOK.lnk = I:\mediDOK\mediDOK.exe (mediDOK Software-Entwicklungs GmbH) O4 - Startup: C:\Users\AP02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF602849-38DC-4FD5-AEFA-F1CFEFD8A926}: NameServer = 192.168.100.80 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{18194d3a-ad9a-11de-8c09-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{18194d3a-ad9a-11de-8c09-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Disk1\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 20:25:22 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.03.04 19:38:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GHISLER [2013.03.04 19:34:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2013.03.04 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP [4 C:\Users\Administrator\AppData\Local\*.tmp files -> C:\Users\Administrator\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.04 19:52:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.04 19:49:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F26A4C8C-0468-4F40-9DD7-0F922CA2A0B1}.job [2013.03.04 19:46:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.04 19:43:42 | 057,619,275 | ---- | M] () -- C:\Windows\SysNative\besnmp.TRC [2013.03.04 19:40:20 | 095,023,320 | ---- | M] () -- C:\ProgramData\7234908.pad [2013.03.04 19:36:03 | 001,947,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.04 19:36:03 | 000,826,420 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.04 19:36:03 | 000,768,366 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.04 19:36:03 | 000,193,902 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.04 19:36:03 | 000,157,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.04 19:32:55 | 000,001,460 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat [2013.03.04 19:32:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 19:30:04 | 000,000,163 | ---- | M] () -- C:\Windows\SysWow64\arcconfig.xml [2013.03.04 19:29:57 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 19:29:57 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 19:29:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 13:43:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2013.03.04 10:16:30 | 000,002,705 | ---- | M] () -- C:\ProgramData\7234908.js [2013.03.04 10:16:30 | 000,000,153 | ---- | M] () -- C:\ProgramData\7234908.reg [2013.03.04 10:16:30 | 000,000,059 | ---- | M] () -- C:\ProgramData\7234908.bat [2013.02.27 15:46:27 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.27 15:46:27 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.26 08:54:59 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.02.05 13:11:28 | 000,001,718 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp [2013.02.05 12:58:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.02.05 09:29:54 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.02.05 09:29:54 | 000,000,065 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [4 C:\Users\Administrator\AppData\Local\*.tmp files -> C:\Users\Administrator\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.04 10:16:30 | 000,002,705 | ---- | C] () -- C:\ProgramData\7234908.js [2013.03.04 10:16:30 | 000,000,153 | ---- | C] () -- C:\ProgramData\7234908.reg [2013.03.04 10:16:30 | 000,000,059 | ---- | C] () -- C:\ProgramData\7234908.bat [2013.03.04 10:16:26 | 095,023,320 | ---- | C] () -- C:\ProgramData\7234908.pad [2013.02.05 12:55:56 | 000,001,718 | -H-- | C] () -- C:\Users\Administrator\Documents\Default.rdp [2013.02.05 09:29:54 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.02.05 09:29:54 | 000,000,065 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.02.05 09:29:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.11 12:56:45 | 000,009,411 | ---- | C] () -- C:\Windows\SysWow64\UpdateAction_30032012.exe.dmp [2011.09.30 19:04:07 | 000,000,132 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.06.06 13:06:47 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat [2009.12.08 09:28:46 | 000,000,988 | ---- | C] () -- C:\Users\Administrator\dmpexp.gdt [2009.10.30 17:14:07 | 000,001,226 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.10.13 14:52:57 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\msq1edv1.001 [2009.10.13 14:06:16 | 000,001,024 | ---- | C] () -- C:\Users\Administrator\MKDEWE.TRN [2009.09.30 09:48:56 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2008.01.19 15:15:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009.04.11 17:12:19 | 012,897,792 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.04.11 17:12:36 | 011,584,000 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 17:11:30 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 17:11:50 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 09:04:26 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.11 13:00:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\G Data [2013.03.04 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER [2011.06.06 13:30:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\medatixx [2009.10.13 10:49:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2009.10.13 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mediDOK [2009.10.13 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OPHK [2011.06.06 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Roaming [2013.02.05 12:22:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer [2011.11.08 10:56:48 | 000,000,000 | ---D | M] -- C:\Users\AP01\AppData\Roaming\BACS.exe [2011.06.06 13:46:19 | 000,000,000 | ---D | M] -- C:\Users\AP01\AppData\Roaming\medatixx [2009.10.14 08:28:47 | 000,000,000 | ---D | M] -- C:\Users\AP01\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2009.10.13 17:53:13 | 000,000,000 | ---D | M] -- C:\Users\AP01\AppData\Roaming\mediDOK [2009.10.14 07:32:01 | 000,000,000 | ---D | M] -- C:\Users\AP01\AppData\Roaming\OPHK [2013.01.23 13:34:49 | 000,000,000 | ---D | M] -- C:\Users\AP01\AppData\Roaming\TeamViewer [2009.10.19 16:55:14 | 000,000,000 | ---D | M] -- C:\Users\AP02\AppData\Roaming\BACS.exe [2012.12.13 14:08:25 | 000,000,000 | ---D | M] -- C:\Users\AP02\AppData\Roaming\G Data [2011.06.06 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\AP02\AppData\Roaming\medatixx [2009.10.14 09:03:28 | 000,000,000 | ---D | M] -- C:\Users\AP02\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2009.10.13 15:42:01 | 000,000,000 | ---D | M] -- C:\Users\AP02\AppData\Roaming\mediDOK [2009.10.15 10:28:09 | 000,000,000 | ---D | M] -- C:\Users\AP02\AppData\Roaming\OPHK [2009.11.12 13:07:49 | 000,000,000 | ---D | M] -- C:\Users\AP02\AppData\Roaming\TeamViewer [2010.08.18 14:41:26 | 000,000,000 | ---D | M] -- C:\Users\AP03\AppData\Roaming\BACS.exe [2013.03.04 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\AP03\AppData\Roaming\CoreFTP [2011.06.07 07:04:41 | 000,000,000 | ---D | M] -- C:\Users\AP03\AppData\Roaming\medatixx [2009.10.14 10:27:43 | 000,000,000 | ---D | M] -- C:\Users\AP03\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2009.10.14 11:08:36 | 000,000,000 | ---D | M] -- C:\Users\AP03\AppData\Roaming\mediDOK [2009.10.14 11:11:43 | 000,000,000 | ---D | M] -- C:\Users\AP03\AppData\Roaming\OPHK [2011.05.12 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\AP03\AppData\Roaming\TeamViewer [2011.06.07 07:02:12 | 000,000,000 | ---D | M] -- C:\Users\AP04\AppData\Roaming\medatixx [2009.10.19 09:23:59 | 000,000,000 | ---D | M] -- C:\Users\AP04\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2009.10.23 08:15:54 | 000,000,000 | ---D | M] -- C:\Users\AP04\AppData\Roaming\mediDOK [2009.11.24 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\AP04\AppData\Roaming\OPHK [2009.11.27 11:25:29 | 000,000,000 | ---D | M] -- C:\Users\AP04\AppData\Roaming\TeamViewer [2010.07.04 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\AP05\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2011.06.09 20:54:18 | 000,000,000 | ---D | M] -- C:\Users\AP06\AppData\Roaming\medatixx [2010.06.14 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\AP06\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2009.12.09 20:03:06 | 000,000,000 | ---D | M] -- C:\Users\AP06\AppData\Roaming\mediDOK [2013.01.15 12:16:55 | 000,000,000 | ---D | M] -- C:\Users\AP06\AppData\Roaming\TeamViewer [2011.06.07 07:14:16 | 000,000,000 | ---D | M] -- C:\Users\AP07\AppData\Roaming\medatixx [2009.10.14 09:22:49 | 000,000,000 | ---D | M] -- C:\Users\AP07\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2011.04.14 12:56:02 | 000,000,000 | ---D | M] -- C:\Users\AP07\AppData\Roaming\mediDOK [2009.10.13 18:39:13 | 000,000,000 | ---D | M] -- C:\Users\AP07\AppData\Roaming\OPHK [2011.04.14 12:51:56 | 000,000,000 | ---D | M] -- C:\Users\AP07\AppData\Roaming\TeamViewer [2013.01.30 14:44:34 | 000,000,000 | ---D | M] -- C:\Users\MCS.WTS-SERVER\AppData\Roaming\medatixx [2009.11.09 15:04:20 | 000,000,000 | ---D | M] -- C:\Users\MCSNORD\AppData\Roaming\medatiXX - Medizinische Informationssysteme GmbH & Co.KG [2009.11.09 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\MCSNORD\AppData\Roaming\mediDOK ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 41 bytes -> C:\PostInstall:NUL < End of report > |
|
06.03.2013, 15:07
| #3 |
| | GVU auf WIN 2008 Server nur 1 Benutzerkonto infiziert Kann keiner Helfen? Ist das Problem so gravierend? Oder liegt es an WIN Server 2008?
__________________Danke |
|
| Themen zu GVU auf WIN 2008 Server nur 1 Benutzerkonto infiziert |
| bekannte, benutzerkonto, erstell, infiziert, konto, logfile, neu, nutze, otlogfile, scan, scheiss, server, system, troja, unterstützung, vorhanden, win, woche |
Linear-Darstellung
