| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Delta Search, danach extension.mismatch in MalwarebytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2013, 14:52
| #1 |
 |  Delta Search, danach extension.mismatch in Malwarebytes Hallo! Ich habe beim Installieren des Adobe Flash Players ungewollt Delta Search mitinstalliert. Danach ließ sich mein Astro-Programm nicht öffnen, ich fand heraus, dass Delta Search schädlich ist und habe es in der Software deinstalliert. Außerdem hat sich Firefox dann immer als Wiederherstellung wie nach einem Absturz geöffnet. Durch das Entfernen von Delta Search waren diese Probleme behoben (jetzt nach den ersten zwei Scans allerdings hat sich FF auch wieder mit der zuletzt offenen Seite geöffnet). Später habe ich mit Malwarebytes Anti-Malware gescannt und hatte den Fund extension.mismatch im Astro-Programm. (Angezeigt wurde "extension.mism", "mismatch" kam bei der Google-Suche.) Leider habe ich den Fund schon gelöscht. Ich habe jetzt keine gröberen Probleme festgestellt – nur die Programme ZoomBrowserEX und EOS Utility waren langsam, ersteres vorher wieder normal. Da der Rechner ja möglicherweise noch nicht sauber ist, möchte ich um eure Hilfe bitten, sich das anzusehen. Das Scannen mit GMER hat nicht geklappt, währenddessen war ein Systemneustart, dann die Meldung „Das System wird nach einem schwerwiegenden Fehler wieder ausgeführt.“ Ich habe den Haken bei C:/ gesetzt, das stimmt doch, oder? LG Emily75 OTL.Txt: OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2013 12:45:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 606,09 Mb Available Physical Memory | 59,23% Memory free 2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,93% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 43,30 Gb Free Space | 58,10% Space Free | Partition Type: NTFS Drive E: | 23,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.22 12:43:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe PRC - [2013.03.06 12:00:16 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.02.07 13:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2013.02.07 13:31:20 | 000,660,504 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2013.02.07 13:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2013.01.27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.05.26 18:12:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe PRC - [2005.03.18 15:35:46 | 000,098,393 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2005.03.10 09:46:18 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005.02.25 14:26:06 | 000,589,824 | ---- | M] (VIA Technologies) -- C:\Programme\VIA\RAID\raid_tool.exe PRC - [2001.11.15 17:59:00 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe ========== Modules (No Company Name) ========== MOD - [2005.05.26 18:12:26 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56spn.dll MOD - [2005.05.26 18:12:26 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56itl.dll MOD - [2005.05.26 18:12:26 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56ger.dll MOD - [2005.05.26 18:12:26 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56fra.dll MOD - [2005.05.26 18:12:26 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56eng.dll MOD - [2005.05.26 18:12:26 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56brz.dll MOD - [2005.05.26 18:12:26 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll MOD - [2005.05.26 18:12:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56cht.dll MOD - [2005.05.26 18:12:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56chs.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.03.14 15:11:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 11:05:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.06 12:00:16 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.02.07 13:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2013.02.07 13:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.03.22 09:54:38 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{CC0A95A0-64BC-4B43-9677-41D0343E905F}\MpKsl6c9c3db0.sys -- (MpKsl6c9c3db0) DRV - [2013.02.07 13:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2009.09.10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2005.05.26 18:19:18 | 000,839,724 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.03.23 16:08:52 | 002,547,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2004.12.02 17:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.10.29 18:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119370&tt=070312_wc&babsrc=HP_ss&mntrId=D4FC00150028FD0E IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&tt=070312_wc&babsrc=SP_ss&mntrId=D4FC00150028FD0E IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.08 11:05:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.26 18:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2013.03.15 21:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ld0ysrvo.default\extensions [2013.02.26 22:11:49 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ld0ysrvo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.14 14:10:49 | 000,001,294 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ld0ysrvo.default\searchplugins\delta.xml [2013.03.12 20:54:58 | 000,002,289 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ld0ysrvo.default\searchplugins\ecosia.xml [2013.03.08 11:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 11:05:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.14 14:10:05 | 000,006,507 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361884970515 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.25 20:22:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.03.05 17:34:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{36d4fe28-80dc-11e2-99f2-00150028fd0e}\Shell - "" = AutoRun O33 - MountPoints2\{36d4fe28-80dc-11e2-99f2-00150028fd0e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{36d4fe28-80dc-11e2-99f2-00150028fd0e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{5d06c248-800f-11e2-99ea-00150028fd0e}\Shell - "" = AutoRun O33 - MountPoints2\{5d06c248-800f-11e2-99ea-00150028fd0e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5d06c248-800f-11e2-99ea-00150028fd0e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{5d06c24c-800f-11e2-99ea-00150028fd0e}\Shell - "" = AutoRun O33 - MountPoints2\{5d06c24c-800f-11e2-99ea-00150028fd0e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5d06c24c-800f-11e2-99ea-00150028fd0e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{b95334c0-80da-11e2-99f1-00150028fd0e}\Shell - "" = AutoRun O33 - MountPoints2\{b95334c0-80da-11e2-99f1-00150028fd0e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b95334c0-80da-11e2-99f1-00150028fd0e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.20 11:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZoomBrowser [2013.03.20 11:53:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon Utilities [2013.03.17 20:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2013.03.17 20:29:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.03.17 20:28:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.03.17 20:28:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.03.17 20:28:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.03.14 14:09:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2013.03.14 14:09:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Babylon [2013.03.14 13:57:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ZoomBrowser EX [2013.03.08 11:03:53 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.03.06 20:05:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun [2013.03.06 12:02:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2013.03.06 11:49:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2013.03.06 11:42:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI [2013.03.06 11:42:44 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2013.03.05 13:35:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Hewlett-Packard [2013.03.05 13:33:06 | 000,000,000 | ---D | C] -- C:\Programme\Hewlett-Packard [2013.03.05 13:33:05 | 000,000,000 | ---D | C] -- C:\Programme\hp deskjet 840c series [2013.03.01 15:59:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView [2013.03.01 15:59:22 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView [2013.03.01 15:52:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Canon Bedienungsanleitungen [2013.03.01 15:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee [2013.03.01 15:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2013.03.01 14:58:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan [2013.03.01 14:58:45 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2013.03.01 14:57:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2013.03.01 14:57:41 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2013.03.01 11:06:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon [2013.03.01 10:14:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2013.03.01 10:14:47 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2013.03.01 10:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2013.03.01 10:14:38 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2013.03.01 10:14:14 | 000,000,000 | ---D | C] -- C:\52c81680766f05c72a7de3 [2013.03.01 09:53:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\CANON_INC [2013.02.28 20:13:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Adobe [2013.02.28 20:10:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee [2013.02.28 20:05:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2013.02.28 19:51:08 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2013.02.28 19:46:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Canon [2013.02.27 21:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\schreiben [2013.02.27 21:47:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Diverses [2013.02.27 21:45:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Briefe [2013.02.27 21:43:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\blog [2013.02.27 21:18:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Texte [2013.02.27 21:08:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Karten [2013.02.27 16:39:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Blog-Texte [2013.02.27 16:26:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3 [2013.02.27 12:26:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\AstroGlobe Installationen [2013.02.27 12:26:00 | 000,000,000 | ---D | C] -- C:\Programme\ASGlobe [2013.02.27 12:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\WINDOWS [2013.02.27 12:21:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Navigo [2013.02.27 12:19:34 | 000,064,432 | R--- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\threed.vbx [2013.02.27 12:19:33 | 000,091,792 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHTAB.VBX [2013.02.27 12:19:33 | 000,084,868 | R--- | C] (Simplex Software) -- C:\WINDOWS\System32\VBCTL3D.VBX [2013.02.27 12:19:33 | 000,073,008 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHRUN500.DLL [2013.02.27 12:19:33 | 000,041,936 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHOUTBX.VBX [2013.02.27 12:19:33 | 000,031,280 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHTIP.VBX [2013.02.27 12:19:33 | 000,024,880 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHPFST.VBX [2013.02.27 12:19:33 | 000,022,528 | R--- | C] (Outrider Systems, Inc.) -- C:\WINDOWS\System32\SPIN.VBX [2013.02.27 12:19:33 | 000,017,008 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGTXT.VBX [2013.02.27 12:19:33 | 000,014,288 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHROLL.VBX [2013.02.27 12:19:33 | 000,008,336 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHTM200.VBX [2013.02.27 12:19:33 | 000,008,192 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHIV200.VBX [2013.02.27 12:19:32 | 000,200,040 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGLBX.VBX [2013.02.27 12:19:32 | 000,116,224 | R--- | C] (Fridum&Tamm) -- C:\WINDOWS\System32\JuCalc32.dll [2013.02.27 12:19:32 | 000,082,960 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGCMB.VBX [2013.02.27 12:19:32 | 000,049,872 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGCAL.VBX [2013.02.27 12:19:32 | 000,041,616 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGDIR.VBX [2013.02.27 12:19:32 | 000,040,880 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGMEN.VBX [2013.02.27 12:19:32 | 000,040,832 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGFIL.VBX [2013.02.27 12:19:32 | 000,033,584 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGGAG.VBX [2013.02.27 12:19:32 | 000,031,664 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGDRL.VBX [2013.02.27 12:19:32 | 000,026,576 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGOPT.VBX [2013.02.27 12:19:32 | 000,026,480 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGCHK.VBX [2013.02.27 12:19:32 | 000,023,248 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGGRP.VBX [2013.02.27 12:19:32 | 000,021,760 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGCMD.VBX [2013.02.27 12:19:32 | 000,020,560 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHCOMD.VBX [2013.02.27 12:19:32 | 000,019,184 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHCM200.VBX [2013.02.27 12:19:32 | 000,018,832 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGLBL.VBX [2013.02.27 12:19:32 | 000,014,160 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGFRM.VBX [2013.02.27 12:19:32 | 000,012,736 | R--- | C] (BeCubed Software, Inc.) -- C:\WINDOWS\System32\MHGKEY.VBX [2013.02.27 12:19:31 | 000,180,848 | R--- | C] (ImageFX) -- C:\WINDOWS\System32\IMGFX400.DLL [2013.02.27 12:19:31 | 000,072,368 | R--- | C] (ImageFX) -- C:\WINDOWS\System32\FXTLS400.DLL [2013.02.27 12:19:31 | 000,064,064 | R--- | C] (ImageFX) -- C:\WINDOWS\System32\FXIMG400.VBX [2013.02.27 12:19:31 | 000,063,776 | R--- | C] (ImageFX) -- C:\WINDOWS\System32\FXLBL400.VBX [2013.02.27 12:19:31 | 000,061,808 | R--- | C] (ImageFX) -- C:\WINDOWS\System32\FXRTX400.VBX [2013.02.27 12:19:31 | 000,043,856 | R--- | C] (WexTech Systems, Inc.) -- C:\WINDOWS\System32\D2HTOOLS.DLL [2013.02.27 12:19:31 | 000,038,064 | R--- | C] (ImageFX) -- C:\WINDOWS\System32\FXMTX400.VBX [2013.02.27 12:19:31 | 000,026,288 | R--- | C] (ImageFX) -- C:\WINDOWS\System32\FXSND400.VBX [2013.02.27 12:19:31 | 000,007,776 | R--- | C] (Desaware) -- C:\WINDOWS\System32\ASTRDRU.DLL [2013.02.27 12:19:27 | 000,059,392 | ---- | C] (MediaDesign) -- C:\WINDOWS\System32\Globe.exe [2013.02.27 12:19:21 | 000,000,000 | ---D | C] -- C:\Programme\Navigo [2013.02.27 10:27:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory [2013.02.27 10:26:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2013.02.27 09:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2013.02.27 09:33:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.02.26 23:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2013.02.26 22:13:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2013.02.26 22:02:50 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.4.1 [2013.02.26 21:56:34 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3 [2013.02.26 21:45:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads [2013.02.26 18:32:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2013.02.26 18:32:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2013.02.26 18:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla [2013.02.26 18:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2013.02.26 18:29:19 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2013.02.26 18:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2013.02.26 16:18:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2013.02.26 16:18:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2013.02.26 16:09:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2013.02.26 16:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2013.02.26 16:01:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2013.02.26 16:01:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2013.02.26 15:59:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2013.02.26 15:56:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2013.02.26 15:47:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2013.02.26 15:47:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [2013.02.26 15:16:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\LogMeIn Rescue Applet [2013.02.26 14:21:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2013.02.26 14:19:59 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2013.02.26 14:18:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2013.02.26 14:17:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013.02.26 14:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2013.02.26 13:27:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\UserData [2013.02.26 13:24:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mobile Partner [2013.02.26 13:24:32 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2013.02.26 13:24:32 | 000,102,528 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2013.02.26 13:24:32 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbdev.sys [2013.02.26 13:24:32 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2013.02.26 13:24:21 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Partner [2013.02.25 20:55:01 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2013.02.25 20:55:01 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2013.02.25 20:55:01 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2013.02.25 20:55:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\OEM [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2013.02.25 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2013.02.25 20:51:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2013.02.25 20:49:07 | 000,000,000 | ---D | C] -- C:\Programme\CyberLink [2013.02.25 20:49:06 | 000,000,000 | ---D | C] -- C:\Program Files [2013.02.25 20:48:46 | 000,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll [2013.02.25 20:48:46 | 000,069,721 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll [2013.02.25 20:48:46 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics [2013.02.25 20:48:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Motorola [2013.02.25 20:48:14 | 002,803,712 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2013.02.25 20:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2013.02.25 20:48:12 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2013.02.25 20:47:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview [2013.02.25 20:47:23 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2013.02.25 20:47:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2013.02.25 20:46:46 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2013.02.25 20:46:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VIA [2013.02.25 20:46:40 | 000,000,000 | ---D | C] -- C:\Programme\VIA [2013.02.25 20:46:36 | 000,000,000 | ---D | C] -- C:\VIARAID [2013.02.25 20:46:36 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield [2013.02.25 20:46:17 | 000,839,724 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\drivers\smserial.sys [2013.02.25 20:46:17 | 000,544,768 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe [2013.02.25 20:46:17 | 000,073,728 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\sm56co.dll [2013.02.25 20:36:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2013.02.25 20:36:52 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2013.02.25 20:36:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Musik [2013.02.25 20:36:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien [2013.02.25 20:36:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Bilder [2013.02.25 20:36:48 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2013.02.25 20:36:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\SendTo [2013.02.25 20:36:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2013.02.25 20:36:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten [2013.02.25 20:36:48 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Zubehör [2013.02.25 20:36:48 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü [2013.02.25 20:36:48 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Favoriten [2013.02.25 20:36:48 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart [2013.02.25 20:36:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\Cookies [2013.02.25 20:36:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Vorlagen [2013.02.25 20:36:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Netzwerkumgebung [2013.02.25 20:36:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen [2013.02.25 20:36:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Druckumgebung [2013.02.25 20:36:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft [2013.02.25 20:36:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop [2013.02.25 20:36:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{3248F0A6-6813-11D6-A77B-00B0D0150000} [2013.02.25 20:33:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2013.02.25 20:33:20 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2013.02.25 20:33:19 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2013.02.25 20:33:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2013.02.25 20:32:53 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2013.02.25 20:32:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2013.02.25 20:30:44 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2013.02.25 20:30:44 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2013.02.25 20:28:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2013.02.25 20:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2013.02.25 20:27:11 | 000,000,000 | ---D | C] -- C:\Programme\xerox [2013.02.25 20:27:11 | 000,000,000 | ---D | C] -- C:\Programme\microsoft frontpage [2013.02.25 20:26:09 | 000,000,000 | ---D | C] -- C:\Programme\Java [2013.02.25 20:26:07 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2013.02.25 20:24:27 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2013.02.25 20:24:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2013.02.25 20:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp [2013.02.25 20:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\fsc [2013.02.25 20:23:11 | 000,000,000 | ---D | C] -- C:\AddOn [2013.02.25 20:22:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2013.02.25 20:21:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\DRM [2013.02.25 20:21:45 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2013.02.25 20:21:44 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2013.02.25 20:21:36 | 000,000,000 | -H-D | C] -- C:\Programme\WindowsUpdate [2013.02.25 20:21:36 | 000,000,000 | ---D | C] -- C:\Programme\Online-Dienste [2013.02.25 20:21:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2013.02.25 20:20:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Dienste [2013.02.25 20:20:45 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2013.02.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MSSoap [2013.02.25 20:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2013.02.25 20:20:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2013.02.25 20:20:31 | 000,000,000 | ---D | C] -- C:\Programme\Movie Maker [2013.02.25 20:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2013.02.25 20:20:18 | 000,000,000 | ---D | C] -- C:\Programme\NetMeeting [2013.02.25 20:20:15 | 000,000,000 | ---D | C] -- C:\Programme\Outlook Express [2013.02.25 20:20:08 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\System [2013.02.25 20:20:06 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder [2013.02.25 20:20:06 | 000,000,000 | ---D | C] -- C:\Programme\Internet Explorer [2013.02.25 20:20:03 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications [2013.02.25 20:20:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Verwaltung [2013.02.25 20:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2013.02.25 20:19:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spiele [2013.02.25 20:19:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2013.02.25 20:19:44 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Player [2013.02.25 20:19:44 | 000,000,000 | ---D | C] -- C:\Programme\Online Services [2013.02.25 20:19:41 | 000,000,000 | ---D | C] -- C:\Programme\Messenger [2013.02.25 20:19:37 | 000,000,000 | ---D | C] -- C:\Programme\MSN Gaming Zone [2013.02.25 20:18:59 | 000,000,000 | ---D | C] -- C:\Programme\MSN [2013.02.25 20:18:57 | 000,000,000 | ---D | C] -- C:\Programme\Windows NT [2013.02.25 20:18:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2013.02.25 20:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2013.02.25 20:18:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zubehör [2013.02.25 20:10:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2013.02.25 20:10:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ODBC [2013.02.25 20:10:40 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeechEngines [2013.02.25 20:10:39 | 000,000,000 | R--D | C] -- C:\Programme [2013.02.25 20:10:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared [2013.02.25 20:10:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien [2013.02.25 20:10:17 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü [2013.02.25 20:10:17 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente [2013.02.25 20:10:17 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart [2013.02.25 20:10:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Vorlagen [2013.02.25 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Favoriten [2013.02.25 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop [2013.02.25 20:10:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2013.02.25 20:10:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2013.02.25 20:10:00 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft [2013.02.25 20:10:00 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten [2013.02.25 20:09:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen [2013.02.25 20:09:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.22 12:55:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.03.22 12:39:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013.03.22 12:34:55 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2013.03.22 10:01:55 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.03.22 09:51:48 | 000,022,051 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.03.22 09:51:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.21 20:53:07 | 000,459,686 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.03.21 20:53:07 | 000,441,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.03.21 20:53:07 | 000,085,012 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.21 20:53:07 | 000,071,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.03.21 16:27:30 | 000,006,340 | ---- | M] () -- C:\WINDOWS\ASPROFI2.INI [2013.03.21 16:27:24 | 000,033,509 | ---- | M] () -- C:\WINDOWS\ASGLOBE.HIS [2013.03.21 16:08:01 | 000,000,572 | ---- | M] () -- C:\WINDOWS\AsProfi2.lic [2013.03.20 11:54:32 | 000,000,895 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk [2013.03.20 11:53:50 | 000,000,742 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picture Style Editor.lnk [2013.03.20 11:53:48 | 000,000,712 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\EOS Utility.lnk [2013.03.20 11:53:16 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Digital Photo Professional.lnk [2013.03.19 22:17:34 | 000,038,448 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gedanken 4.odt [2013.03.17 20:29:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.14 13:06:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.03.06 11:42:49 | 000,000,725 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk [2013.03.05 13:35:06 | 000,000,772 | ---- | M] () -- C:\WINDOWS\hpinfo.lnk [2013.03.01 15:59:54 | 000,001,537 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk [2013.03.01 15:59:54 | 000,000,665 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk [2013.03.01 15:37:08 | 000,001,739 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.03.01 15:37:08 | 000,001,733 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2013.03.01 14:58:25 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.03.01 10:41:24 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.27 12:21:21 | 000,000,710 | ---- | M] () -- C:\WINDOWS\asglobe.ini [2013.02.27 10:27:46 | 000,000,137 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2013.02.26 22:02:52 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.02.26 18:29:20 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.02.26 16:19:26 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013.02.26 16:18:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.26 16:11:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2013.02.26 15:56:27 | 000,251,712 | RHS- | M] () -- C:\ntldr [2013.02.26 13:24:35 | 000,000,726 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mobile Partner.lnk [2013.02.25 20:32:56 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2013.02.25 20:32:15 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2013.02.25 20:22:35 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013.02.25 20:22:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013.02.25 20:22:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2013.02.25 20:22:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2013.02.25 20:22:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2013.02.25 20:22:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013.02.25 20:22:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013.02.25 20:22:21 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2013.02.25 20:20:04 | 000,021,740 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2013.02.25 20:18:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.22 12:39:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013.03.20 11:54:32 | 000,000,895 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk [2013.03.20 11:53:50 | 000,000,742 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picture Style Editor.lnk [2013.03.20 11:53:48 | 000,000,712 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\EOS Utility.lnk [2013.03.20 11:53:16 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Digital Photo Professional.lnk [2013.03.17 20:29:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 22:28:53 | 000,033,509 | ---- | C] () -- C:\WINDOWS\ASGLOBE.HIS [2013.03.06 11:42:49 | 000,000,725 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk [2013.03.06 11:42:49 | 000,000,688 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk [2013.03.05 13:35:06 | 000,000,772 | ---- | C] () -- C:\WINDOWS\hpinfo.lnk [2013.03.01 15:59:54 | 000,001,537 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk [2013.03.01 15:59:54 | 000,000,665 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk [2013.03.01 15:37:08 | 000,001,739 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.03.01 14:58:56 | 000,001,733 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2013.03.01 14:58:25 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2013.03.01 14:58:25 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.02.27 21:52:08 | 000,014,377 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Copyright J. A..odt [2013.02.27 21:18:31 | 000,090,295 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gedanken 3.odt [2013.02.27 12:21:34 | 000,000,572 | ---- | C] () -- C:\WINDOWS\AsProfi2.lic [2013.02.27 12:21:20 | 000,006,340 | ---- | C] () -- C:\WINDOWS\ASPROFI2.INI [2013.02.27 12:21:20 | 000,000,710 | ---- | C] () -- C:\WINDOWS\asglobe.ini [2013.02.27 12:19:34 | 000,014,933 | R--- | C] () -- C:\WINDOWS\System32\Vshare.386 [2013.02.27 12:19:33 | 000,051,815 | R--- | C] () -- C:\WINDOWS\System32\QPRO200.DLL [2013.02.27 12:19:32 | 000,100,352 | R--- | C] () -- C:\WINDOWS\System32\JUCALC4.DLL [2013.02.27 12:19:32 | 000,100,352 | R--- | C] () -- C:\WINDOWS\System32\Jucalc2.dll [2013.02.27 12:19:32 | 000,100,352 | R--- | C] () -- C:\WINDOWS\System32\JUCALC.DLL [2013.02.27 12:19:31 | 000,282,112 | R--- | C] () -- C:\WINDOWS\System32\ASTR.DLL [2013.02.27 12:19:31 | 000,112,640 | R--- | C] () -- C:\WINDOWS\System32\AW300.DLL [2013.02.27 12:19:31 | 000,018,688 | R--- | C] () -- C:\WINDOWS\System32\CMDIALOG.VBX [2013.02.27 11:52:16 | 000,038,448 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gedanken 4.odt [2013.02.27 10:27:46 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2013.02.27 09:56:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013.02.27 09:56:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2013.02.26 22:14:18 | 000,000,836 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\OpenOffice.org 3.4.1.lnk [2013.02.26 22:02:52 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.02.26 18:32:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.26 18:29:20 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.02.26 18:29:19 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.02.26 16:29:11 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.02.26 16:29:10 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2013.02.26 16:19:26 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2013.02.26 16:19:13 | 000,001,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk [2013.02.26 16:02:18 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2013.02.26 16:02:18 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2013.02.26 16:02:17 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2013.02.26 16:02:17 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2013.02.26 16:02:17 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2013.02.26 16:02:17 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2013.02.26 16:02:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2013.02.26 16:02:16 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2013.02.26 16:02:16 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2013.02.26 16:02:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2013.02.26 16:02:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2013.02.26 16:02:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2013.02.26 16:02:16 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2013.02.26 16:02:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2013.02.26 16:02:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2013.02.26 16:02:15 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2013.02.26 16:02:15 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf [2013.02.26 16:02:14 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2013.02.26 16:02:14 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2013.02.26 16:02:13 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2013.02.26 16:02:13 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2013.02.26 16:02:13 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2013.02.26 16:02:13 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2013.02.26 16:02:13 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2013.02.26 16:02:13 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2013.02.26 16:02:13 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2013.02.26 16:02:13 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2013.02.26 16:02:13 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2013.02.26 16:02:13 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2013.02.26 16:02:13 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2013.02.26 16:02:13 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2013.02.26 16:02:13 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2013.02.26 16:02:13 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2013.02.26 16:02:13 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2013.02.26 16:02:13 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2013.02.26 16:02:13 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2013.02.26 16:02:13 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2013.02.26 16:02:13 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2013.02.26 16:02:13 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2013.02.26 16:02:13 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2013.02.26 16:02:13 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2013.02.26 16:02:12 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2013.02.26 16:02:12 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2013.02.26 16:02:12 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2013.02.26 16:02:12 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2013.02.26 16:02:12 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl [2013.02.26 16:02:12 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl [2013.02.26 16:02:12 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl [2013.02.26 16:02:12 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl [2013.02.26 16:02:12 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl [2013.02.26 16:02:12 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2013.02.26 16:02:12 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl [2013.02.26 16:02:12 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl [2013.02.26 16:02:12 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl [2013.02.26 16:02:12 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl [2013.02.26 16:02:12 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl [2013.02.26 16:02:12 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl [2013.02.26 16:02:12 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl [2013.02.26 16:02:12 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl [2013.02.26 16:02:11 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2013.02.26 16:02:11 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2013.02.26 16:02:11 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl [2013.02.26 16:02:11 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl [2013.02.26 16:02:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2013.02.26 16:02:10 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2013.02.26 16:02:10 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2013.02.26 16:02:10 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2013.02.26 16:02:09 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2013.02.26 16:02:09 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2013.02.26 16:02:08 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2013.02.26 16:02:08 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2013.02.26 16:02:08 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2013.02.26 16:02:08 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2013.02.26 16:02:08 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2013.02.26 16:02:08 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2013.02.26 16:02:08 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2013.02.26 16:02:08 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2013.02.26 16:02:08 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2013.02.26 16:02:08 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2013.02.26 16:02:08 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2013.02.26 15:56:49 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2013.02.26 15:56:49 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2013.02.26 15:56:47 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2013.02.26 13:24:35 | 000,000,726 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mobile Partner.lnk [2013.02.25 21:08:54 | 000,000,211 | -HS- | C] () -- C:\boot.ini [2013.02.25 21:08:53 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2013.02.25 20:49:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic [2013.02.25 20:48:13 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2013.02.25 20:48:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2013.02.25 20:47:44 | 000,014,531 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu [2013.02.25 20:46:18 | 000,022,051 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml [2013.02.25 20:46:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll [2013.02.25 20:46:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll [2013.02.25 20:46:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll [2013.02.25 20:46:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll [2013.02.25 20:46:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll [2013.02.25 20:46:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll [2013.02.25 20:46:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll [2013.02.25 20:46:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll [2013.02.25 20:46:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll [2013.02.25 20:36:54 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Outlook Express.lnk [2013.02.25 20:36:52 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Internet Explorer.lnk [2013.02.25 20:36:48 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Remoteunterstützung.lnk [2013.02.25 20:36:48 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Windows Media Player.lnk [2013.02.25 20:32:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2013.02.25 20:31:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013.02.25 20:30:29 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2013.02.25 20:29:53 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2013.02.25 20:29:36 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2013.02.25 20:29:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2013.02.25 20:29:27 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2013.02.25 20:29:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2013.02.25 20:28:52 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2013.02.25 20:28:18 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2013.02.25 20:26:48 | 000,017,638 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP [2013.02.25 20:26:47 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2013.02.25 20:22:35 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2013.02.25 20:22:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2013.02.25 20:22:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2013.02.25 20:22:35 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2013.02.25 20:22:35 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2013.02.25 20:22:26 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2013.02.25 20:22:26 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2013.02.25 20:22:25 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2013.02.25 20:21:36 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Movie Maker.lnk [2013.02.25 20:21:29 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2013.02.25 20:20:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2013.02.25 20:20:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2013.02.25 20:20:50 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2013.02.25 20:20:04 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2013.02.25 20:19:45 | 000,000,621 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Messenger.lnk [2013.02.25 20:19:44 | 000,002,004 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSN.lnk [2013.02.25 20:19:20 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp [2013.02.25 20:19:20 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp [2013.02.25 20:19:20 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp [2013.02.25 20:19:20 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp [2013.02.25 20:19:20 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp [2013.02.25 20:19:20 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2013.02.25 20:19:20 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp [2013.02.25 20:19:20 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp [2013.02.25 20:19:20 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp [2013.02.25 20:19:20 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp [2013.02.25 20:19:19 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp [2013.02.25 20:19:17 | 000,001,237 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2013.02.25 20:19:16 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2013.02.25 20:19:15 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2013.02.25 20:19:09 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2013.02.25 20:10:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013.02.25 20:10:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2013.02.25 20:10:41 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2013.02.25 20:10:41 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2013.02.25 20:10:40 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2013.02.25 20:10:40 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2013.02.25 20:10:22 | 000,001,806 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2013.02.25 20:10:16 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2013.02.25 20:10:16 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2013.02.25 20:10:16 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2013.02.25 20:10:16 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2013.02.25 20:10:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2013.02.25 20:10:16 | 000,007,506 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2013.02.25 20:10:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2013.02.25 20:10:15 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2013.02.25 20:09:35 | 000,127,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2013.02.25 20:24:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.14 14:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2013.03.14 14:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Babylon [2013.03.01 11:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon [2013.02.26 22:13:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org ========== Purity Check ========== < End of report > --- --- --- Extras.Txt: OTL Logfile:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2013 12:45:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 606,09 Mb Available Physical Memory | 59,23% Memory free
2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 43,30 Gb Free Space | 58,10% Space Free | Partition Type: NTFS
Drive E: | 23,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B9AE2466-D9D4-11D6-A4D6-0030847A41CE}" = AstroStar Profi 2.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EOS Utility" = Canon Utilities EOS Utility
"hp deskjet 840c series" = hp deskjet 840c series (nur entfernen)
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{B9AE2466-D9D4-11D6-A4D6-0030847A41CE}" = AstroStar Profi 2.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WFTK" = Canon Utilities WFT Utility
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.02.2013 09:04:35 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2523, Fehleradresse 0x000659bb.
Error - 26.02.2013 09:04:53 | Computer Name = *** | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 142420983.
Error - 26.02.2013 09:08:30 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2523, Fehleradresse 0x000659bb.
Error - 26.02.2013 11:19:07 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.2.223.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 26.02.2013 11:19:16 | Computer Name = *** | Source = Microsoft Security Client | ID = 5000
Description =
Error - 26.02.2013 11:27:35 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050a003, P2 mpupdateengine, P3 am fe,
P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.2.223.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 01.03.2013 09:41:31 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:31 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:31 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:31 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:31 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:31 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:31 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:32 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:32 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 01.03.2013 09:41:32 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
< End of report >
--- --- --- Geändert von Emily75 (22.03.2013 um 15:04 Uhr) |
|
22.03.2013, 18:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Delta Search, danach extension.mismatch in Malwarebytes Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.03.2013, 10:20
| #3 |
| | Delta Search, danach extension.mismatch in Malwarebytes Hallo cosinus,
__________________hier ist das Logfile von Malwarebytes. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.17.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 *** :: *** [Administrator] 18.03.2013 12:18:34 mbam-log-2013-03-18 (12-18-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233183 Laufzeit: 2 Stunde(n), 16 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Programme\Navigo\asglobe\AsProfi2\GEWMM\IMAGE789.BMP (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
23.03.2013, 10:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search, danach extension.mismatch in Malwarebytes Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.03.2013, 16:15
| #5 |
| | Delta Search, danach extension.mismatch in Malwarebytes Beim Versuch, mit GMER zu scannen, sind folgende Probleme aufgetreten: 1. Versuch: Haken entfernt bei IAT/EAT und Show all, Haken gesetzt bei Quick Scan => Blue Screen ("Windows heruntergefahren, damit der Computer nicht beschädigt wird...") 2. Versuch: zusätzlich Haken entfernt bei Devices => wieder Blue Screen 3. Versuch: abgesicherter Modus und Haken entfernt bei Devices => dasselbe Problem Windows gestartet habe ich wieder mit "Letzte als funktionierend bekannte Konfiguration", "Windows normal starten" ging nicht. Den Echtzeitschutz vom Virenscanner habe ich jedesmal deaktiviert. (Ist Secunia PSI auch ein Echtzeitscanner, sollte ich das deinstallieren?) |
|
23.03.2013, 17:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search, danach extension.mismatch in Malwarebytes Windows startet aber nun wieder? Wenn ja bitte GMER sein lassen, mach bitte mit dem anderen Programm weiter
__________________ --> Delta Search, danach extension.mismatch in Malwarebytes |
|
23.03.2013, 21:19
| #7 |
| | Delta Search, danach extension.mismatch in Malwarebytes Ja, Windows hat wieder gestartet. Im MBAR waren keine Funde. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.23.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: *** [administrator]
23.03.2013 21:13:36
mbar-log-2013-03-23 (21-13-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 24826
Time elapsed: 43 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
23.03.2013, 21:52
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search, danach extension.mismatch in Malwarebytes aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2013, 11:20
| #9 |
| | Delta Search, danach extension.mismatch in MalwarebytesCode:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-24 10:32:56
-----------------------------
10:32:56.937 OS Version: Windows 5.1.2600 Service Pack 3
10:32:56.937 Number of processors: 1 586 0xD08
10:32:56.937 ComputerName: *** UserName: ***
10:32:57.468 Initialize success
10:36:56.656 AVAST engine defs: 13032400
10:37:27.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
10:37:27.203 Disk 0 Vendor: ST980811 3.AL Size: 76319MB BusType: 1
10:37:27.312 Disk 0 MBR read successfully
10:37:27.312 Disk 0 MBR scan
10:37:27.375 Disk 0 unknown MBR code
10:37:27.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:37:27.375 Disk 0 scanning sectors +156280320
10:37:27.406 Disk 0 scanning C:\WINDOWS\system32\drivers
10:37:35.828 Service scanning
10:37:40.953 Service MpKslc5b083bc c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{32DE39F1-C046-4E94-B4B3-6BC124CE0E8B}\MpKslc5b083bc.sys **LOCKED** 32
10:37:48.328 Modules scanning
10:37:56.515 Disk 0 trace - called modules:
10:37:56.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys
10:37:56.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d4fab8]
10:37:56.875 3 CLASSPNP.SYS[f768bfd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x86d09a38]
10:37:57.140 AVAST engine scan C:\WINDOWS
10:38:10.765 AVAST engine scan C:\WINDOWS\system32
10:40:16.640 AVAST engine scan C:\WINDOWS\system32\drivers
10:40:28.453 AVAST engine scan C:\Dokumente und Einstellungen\***
10:46:22.578 AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:47:05.656 Scan finished successfully
10:54:20.765 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
10:54:20.765 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
Code:
ATTFilter 11:01:12.0046 0204 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:01:12.0421 0204 ============================================================
11:01:12.0421 0204 Current date / time: 2013/03/24 11:01:12.0421
11:01:12.0421 0204 SystemInfo:
11:01:12.0421 0204
11:01:12.0421 0204 OS Version: 5.1.2600 ServicePack: 3.0
11:01:12.0421 0204 Product type: Workstation
11:01:12.0421 0204 ComputerName: ***
11:01:12.0421 0204 UserName: ***
11:01:12.0421 0204 Windows directory: C:\WINDOWS
11:01:12.0421 0204 System windows directory: C:\WINDOWS
11:01:12.0421 0204 Processor architecture: Intel x86
11:01:12.0421 0204 Number of processors: 1
11:01:12.0421 0204 Page size: 0x1000
11:01:12.0421 0204 Boot type: Normal boot
11:01:12.0421 0204 ============================================================
11:01:15.0453 0204 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
11:01:15.0484 0204 ============================================================
11:01:15.0484 0204 \Device\Harddisk0\DR0:
11:01:15.0484 0204 MBR partitions:
11:01:15.0484 0204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:01:15.0484 0204 ============================================================
11:01:15.0500 0204 C: <-> \Device\Harddisk0\DR0\Partition1
11:01:15.0500 0204 ============================================================
11:01:15.0500 0204 Initialize success
11:01:15.0500 0204 ============================================================
11:02:44.0375 0560 ============================================================
11:02:44.0375 0560 Scan started
11:02:44.0375 0560 Mode: Manual; SigCheck; TDLFS;
11:02:44.0375 0560 ============================================================
11:02:44.0625 0560 ================ Scan system memory ========================
11:02:44.0625 0560 System memory - ok
11:02:44.0625 0560 ================ Scan services =============================
11:02:44.0718 0560 Abiosdsk - ok
11:02:44.0718 0560 abp480n5 - ok
11:02:44.0781 0560 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:02:45.0593 0560 ACPI - ok
11:02:45.0656 0560 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:02:45.0843 0560 ACPIEC - ok
11:02:45.0937 0560 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:02:45.0968 0560 AdobeFlashPlayerUpdateSvc - ok
11:02:45.0968 0560 adpu160m - ok
11:02:46.0031 0560 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:02:46.0265 0560 aec - ok
11:02:46.0375 0560 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:02:46.0468 0560 AFD - ok
11:02:46.0484 0560 Aha154x - ok
11:02:46.0484 0560 aic78u2 - ok
11:02:46.0500 0560 aic78xx - ok
11:02:46.0531 0560 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:02:46.0703 0560 Alerter - ok
11:02:46.0734 0560 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
11:02:46.0937 0560 ALG - ok
11:02:46.0953 0560 AliIde - ok
11:02:46.0953 0560 amsint - ok
11:02:46.0968 0560 AppMgmt - ok
11:02:46.0984 0560 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:02:47.0203 0560 Arp1394 - ok
11:02:47.0203 0560 asc - ok
11:02:47.0218 0560 asc3350p - ok
11:02:47.0218 0560 asc3550 - ok
11:02:47.0375 0560 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:02:47.0453 0560 aspnet_state - ok
11:02:47.0500 0560 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:02:47.0687 0560 AsyncMac - ok
11:02:47.0718 0560 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:02:47.0953 0560 atapi - ok
11:02:47.0953 0560 Atdisk - ok
11:02:47.0984 0560 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:02:48.0171 0560 Atmarpc - ok
11:02:48.0218 0560 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:02:48.0421 0560 AudioSrv - ok
11:02:48.0468 0560 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:02:48.0625 0560 audstub - ok
11:02:48.0671 0560 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:02:48.0875 0560 Beep - ok
11:02:48.0953 0560 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
11:02:49.0171 0560 BITS - ok
11:02:49.0218 0560 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
11:02:49.0328 0560 Browser - ok
11:02:49.0375 0560 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:02:49.0562 0560 cbidf2k - ok
11:02:49.0578 0560 cd20xrnt - ok
11:02:49.0671 0560 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:02:49.0859 0560 Cdaudio - ok
11:02:49.0906 0560 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:02:50.0109 0560 Cdfs - ok
11:02:50.0171 0560 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:02:50.0375 0560 Cdrom - ok
11:02:50.0375 0560 Changer - ok
11:02:50.0421 0560 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:02:50.0593 0560 CiSvc - ok
11:02:50.0609 0560 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:02:50.0843 0560 ClipSrv - ok
11:02:50.0875 0560 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:02:51.0015 0560 clr_optimization_v2.0.50727_32 - ok
11:02:51.0062 0560 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:02:51.0234 0560 CmBatt - ok
11:02:51.0234 0560 CmdIde - ok
11:02:51.0312 0560 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:02:51.0484 0560 Compbatt - ok
11:02:51.0484 0560 COMSysApp - ok
11:02:51.0500 0560 Cpqarray - ok
11:02:51.0593 0560 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:02:51.0765 0560 CryptSvc - ok
11:02:51.0781 0560 dac2w2k - ok
11:02:51.0781 0560 dac960nt - ok
11:02:51.0828 0560 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:02:51.0906 0560 DcomLaunch - ok
11:02:51.0968 0560 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:02:52.0171 0560 Dhcp - ok
11:02:52.0203 0560 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:02:52.0390 0560 Disk - ok
11:02:52.0390 0560 dmadmin - ok
11:02:52.0437 0560 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:02:52.0703 0560 dmboot - ok
11:02:52.0718 0560 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:02:52.0937 0560 dmio - ok
11:02:52.0953 0560 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:02:53.0140 0560 dmload - ok
11:02:53.0156 0560 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:02:53.0343 0560 dmserver - ok
11:02:53.0375 0560 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:02:53.0562 0560 DMusic - ok
11:02:53.0593 0560 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:02:53.0687 0560 Dnscache - ok
11:02:53.0734 0560 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:02:53.0968 0560 Dot3svc - ok
11:02:53.0984 0560 dpti2o - ok
11:02:54.0000 0560 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:02:54.0187 0560 drmkaud - ok
11:02:54.0218 0560 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:02:54.0406 0560 EapHost - ok
11:02:54.0453 0560 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:02:54.0625 0560 ERSvc - ok
11:02:54.0656 0560 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
11:02:54.0750 0560 Eventlog - ok
11:02:54.0796 0560 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
11:02:54.0921 0560 EventSystem - ok
11:02:54.0968 0560 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:02:55.0187 0560 Fastfat - ok
11:02:55.0296 0560 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:02:55.0390 0560 FastUserSwitchingCompatibility - ok
11:02:55.0421 0560 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:02:55.0593 0560 Fdc - ok
11:02:55.0640 0560 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:02:55.0843 0560 Fips - ok
11:02:55.0859 0560 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:02:56.0046 0560 Flpydisk - ok
11:02:56.0109 0560 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:02:56.0296 0560 FltMgr - ok
11:02:56.0359 0560 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:02:56.0421 0560 FontCache3.0.0.0 - ok
11:02:56.0437 0560 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:02:56.0625 0560 Fs_Rec - ok
11:02:56.0656 0560 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:02:56.0859 0560 Ftdisk - ok
11:02:56.0890 0560 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:02:57.0062 0560 Gpc - ok
11:02:57.0109 0560 [ F58D2900C66A1E773E3375098E0E9337 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
11:02:57.0281 0560 HdAudAddService - ok
11:02:57.0296 0560 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:02:57.0515 0560 HDAudBus - ok
11:02:57.0593 0560 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:02:57.0765 0560 helpsvc - ok
11:02:57.0781 0560 HidServ - ok
11:02:57.0828 0560 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:02:58.0031 0560 hkmsvc - ok
11:02:58.0046 0560 hpn - ok
11:02:58.0171 0560 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:02:58.0250 0560 HTTP - ok
11:02:58.0296 0560 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:02:58.0468 0560 HTTPFilter - ok
11:02:58.0531 0560 [ 20330198554B7DDB44403AF21D6AE179 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
11:02:58.0640 0560 hwdatacard - ok
11:02:58.0671 0560 [ 60726CB5F063FB25F8B6B71DF34FA1D8 ] hwusbdev C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
11:02:58.0781 0560 hwusbdev - ok
11:02:58.0796 0560 i2omgmt - ok
11:02:58.0812 0560 i2omp - ok
11:02:58.0843 0560 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:02:59.0046 0560 i8042prt - ok
11:02:59.0156 0560 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:02:59.0453 0560 idsvc - ok
11:02:59.0500 0560 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:02:59.0703 0560 Imapi - ok
11:02:59.0750 0560 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
11:02:59.0984 0560 ImapiService - ok
11:03:00.0000 0560 ini910u - ok
11:03:00.0140 0560 [ E7D8F417A4CFE7F1EACA6AE6256347E8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:03:00.0593 0560 IntcAzAudAddService - ok
11:03:00.0625 0560 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:03:00.0796 0560 IntelIde - ok
11:03:00.0828 0560 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:03:01.0031 0560 intelppm - ok
11:03:01.0093 0560 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:03:01.0328 0560 Ip6Fw - ok
11:03:01.0359 0560 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:03:01.0531 0560 IpFilterDriver - ok
11:03:01.0562 0560 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:03:01.0750 0560 IpInIp - ok
11:03:01.0781 0560 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:03:02.0000 0560 IpNat - ok
11:03:02.0031 0560 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:03:02.0265 0560 IPSec - ok
11:03:02.0312 0560 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:03:02.0515 0560 IRENUM - ok
11:03:02.0546 0560 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:03:02.0734 0560 isapnp - ok
11:03:02.0890 0560 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
11:03:03.0046 0560 JavaQuickStarterService - ok
11:03:03.0062 0560 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:03:03.0250 0560 Kbdclass - ok
11:03:03.0281 0560 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:03:03.0453 0560 kmixer - ok
11:03:03.0500 0560 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:03:03.0671 0560 KSecDD - ok
11:03:03.0718 0560 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:03:03.0812 0560 lanmanserver - ok
11:03:03.0859 0560 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:03:03.0968 0560 lanmanworkstation - ok
11:03:03.0968 0560 lbrtfdc - ok
11:03:04.0015 0560 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:03:04.0203 0560 LmHosts - ok
11:03:04.0296 0560 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe
11:03:04.0453 0560 McComponentHostService - ok
11:03:04.0484 0560 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:03:04.0671 0560 Messenger - ok
11:03:04.0718 0560 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:03:04.0906 0560 mnmdd - ok
11:03:04.0953 0560 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:03:05.0156 0560 mnmsrvc - ok
11:03:05.0187 0560 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:03:05.0390 0560 Modem - ok
11:03:05.0421 0560 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:03:05.0609 0560 Mouclass - ok
11:03:05.0640 0560 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:03:05.0843 0560 MountMgr - ok
11:03:05.0937 0560 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:03:06.0046 0560 MozillaMaintenance - ok
11:03:06.0093 0560 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:03:06.0171 0560 MpFilter - ok
11:03:06.0296 0560 [ A69630D039C38018689190234F866D77 ] MpKsl08ca3265 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{20C1EDCA-7F80-48A2-8AF6-EA21CAC8379D}\MpKsl08ca3265.sys
11:03:06.0312 0560 MpKsl08ca3265 - ok
11:03:06.0312 0560 mraid35x - ok
11:03:06.0343 0560 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:03:06.0515 0560 MRxDAV - ok
11:03:06.0562 0560 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:03:06.0703 0560 MRxSmb - ok
11:03:06.0750 0560 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:03:06.0937 0560 MSDTC - ok
11:03:06.0968 0560 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:03:07.0250 0560 Msfs - ok
11:03:07.0265 0560 MSIServer - ok
11:03:07.0343 0560 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:03:07.0500 0560 MSKSSRV - ok
11:03:07.0625 0560 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
11:03:07.0671 0560 MsMpSvc - ok
11:03:07.0687 0560 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:03:07.0859 0560 MSPCLOCK - ok
11:03:07.0906 0560 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:03:08.0093 0560 MSPQM - ok
11:03:08.0125 0560 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:03:08.0296 0560 mssmbios - ok
11:03:08.0359 0560 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:03:08.0468 0560 Mup - ok
11:03:08.0515 0560 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
11:03:08.0750 0560 napagent - ok
11:03:08.0781 0560 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:03:09.0000 0560 NDIS - ok
11:03:09.0062 0560 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:03:09.0156 0560 NdisTapi - ok
11:03:09.0203 0560 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:03:09.0375 0560 Ndisuio - ok
11:03:09.0406 0560 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:03:09.0640 0560 NdisWan - ok
11:03:09.0671 0560 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:03:09.0765 0560 NDProxy - ok
11:03:09.0781 0560 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:03:09.0984 0560 NetBIOS - ok
11:03:10.0031 0560 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:03:10.0250 0560 NetBT - ok
11:03:10.0296 0560 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
11:03:10.0578 0560 NetDDE - ok
11:03:10.0593 0560 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:03:10.0734 0560 NetDDEdsdm - ok
11:03:10.0796 0560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:03:10.0968 0560 Netlogon - ok
11:03:11.0015 0560 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
11:03:11.0218 0560 Netman - ok
11:03:11.0281 0560 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:03:11.0343 0560 NetTcpPortSharing - ok
11:03:11.0375 0560 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:03:11.0578 0560 NIC1394 - ok
11:03:11.0609 0560 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
11:03:11.0656 0560 Nla - ok
11:03:11.0687 0560 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:03:11.0859 0560 Npfs - ok
11:03:11.0906 0560 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:03:12.0156 0560 Ntfs - ok
11:03:12.0171 0560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:03:12.0312 0560 NtLmSsp - ok
11:03:12.0375 0560 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:03:12.0609 0560 NtmsSvc - ok
11:03:12.0625 0560 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:03:12.0812 0560 Null - ok
11:03:13.0000 0560 [ 0F584DB6AB91CF32846BDED40A8F91DF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:03:13.0437 0560 nv - ok
11:03:13.0468 0560 [ 1342F2261BE567EA04CB4102BEB03AF7 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:03:13.0578 0560 NVSvc - ok
11:03:13.0625 0560 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:03:13.0812 0560 NwlnkFlt - ok
11:03:13.0828 0560 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:03:14.0031 0560 NwlnkFwd - ok
11:03:14.0062 0560 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:03:14.0265 0560 ohci1394 - ok
11:03:14.0312 0560 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:03:14.0546 0560 Parport - ok
11:03:14.0562 0560 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:03:14.0750 0560 PartMgr - ok
11:03:14.0781 0560 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:03:14.0968 0560 ParVdm - ok
11:03:15.0000 0560 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:03:15.0203 0560 PCI - ok
11:03:15.0203 0560 PCIDump - ok
11:03:15.0218 0560 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:03:15.0406 0560 PCIIde - ok
11:03:15.0453 0560 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:03:15.0625 0560 Pcmcia - ok
11:03:15.0625 0560 PDCOMP - ok
11:03:15.0640 0560 PDFRAME - ok
11:03:15.0640 0560 PDRELI - ok
11:03:15.0656 0560 PDRFRAME - ok
11:03:15.0656 0560 perc2 - ok
11:03:15.0671 0560 perc2hib - ok
11:03:15.0750 0560 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
11:03:15.0796 0560 PlugPlay - ok
11:03:15.0796 0560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:03:15.0937 0560 PolicyAgent - ok
11:03:16.0000 0560 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:03:16.0203 0560 PptpMiniport - ok
11:03:16.0234 0560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:03:16.0375 0560 ProtectedStorage - ok
11:03:16.0390 0560 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:03:16.0625 0560 PSched - ok
11:03:16.0656 0560 [ 68B57D7C11277EA89F78255480376B4D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys
11:03:16.0734 0560 PSI - ok
11:03:16.0750 0560 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:03:16.0937 0560 Ptilink - ok
11:03:16.0953 0560 ql1080 - ok
11:03:16.0953 0560 Ql10wnt - ok
11:03:16.0968 0560 ql12160 - ok
11:03:16.0984 0560 ql1240 - ok
11:03:16.0984 0560 ql1280 - ok
11:03:17.0062 0560 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:03:17.0234 0560 RasAcd - ok
11:03:17.0328 0560 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:03:17.0500 0560 RasAuto - ok
11:03:17.0531 0560 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:03:17.0734 0560 Rasl2tp - ok
11:03:17.0781 0560 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:03:17.0968 0560 RasMan - ok
11:03:18.0000 0560 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:03:18.0203 0560 RasPppoe - ok
11:03:18.0203 0560 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:03:18.0406 0560 Raspti - ok
11:03:18.0437 0560 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:03:18.0609 0560 Rdbss - ok
11:03:18.0687 0560 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:03:18.0843 0560 RDPCDD - ok
11:03:18.0921 0560 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:03:19.0031 0560 RDPWD - ok
11:03:19.0093 0560 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:03:19.0312 0560 RDSessMgr - ok
11:03:19.0343 0560 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:03:19.0562 0560 redbook - ok
11:03:19.0593 0560 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:03:19.0796 0560 RemoteAccess - ok
11:03:19.0828 0560 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:03:20.0046 0560 RpcLocator - ok
11:03:20.0078 0560 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:03:20.0125 0560 RpcSs - ok
11:03:20.0187 0560 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:03:20.0390 0560 RSVP - ok
11:03:20.0500 0560 [ 4A0AE7891FCF74ACC848B109294CB80F ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
11:03:20.0609 0560 RTL8023xp - ok
11:03:20.0640 0560 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
11:03:20.0796 0560 SamSs - ok
11:03:20.0828 0560 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:03:21.0062 0560 SCardSvr - ok
11:03:21.0109 0560 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:03:21.0343 0560 Schedule - ok
11:03:21.0375 0560 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:03:21.0546 0560 Secdrv - ok
11:03:21.0593 0560 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
11:03:21.0781 0560 seclogon - ok
11:03:21.0828 0560 Secunia PSI Agent - ok
11:03:21.0828 0560 Secunia Update Agent - ok
11:03:21.0875 0560 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
11:03:22.0046 0560 SENS - ok
11:03:22.0078 0560 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:03:22.0343 0560 Serial - ok
11:03:22.0375 0560 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:03:22.0546 0560 Sfloppy - ok
11:03:22.0609 0560 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:03:22.0843 0560 SharedAccess - ok
11:03:22.0875 0560 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:03:22.0921 0560 ShellHWDetection - ok
11:03:22.0937 0560 Simbad - ok
11:03:23.0000 0560 [ 34D634366FC57524F5932EAEC40E4FCB ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
11:03:23.0171 0560 smserial - ok
11:03:23.0187 0560 Sparrow - ok
11:03:23.0234 0560 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:03:23.0406 0560 splitter - ok
11:03:23.0437 0560 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:03:24.0343 0560 Spooler - ok
11:03:24.0390 0560 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:03:24.0593 0560 sr - ok
11:03:24.0671 0560 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
11:03:24.0875 0560 srservice - ok
11:03:24.0937 0560 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:03:25.0062 0560 Srv - ok
11:03:25.0125 0560 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:03:25.0343 0560 SSDPSRV - ok
11:03:25.0421 0560 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:03:25.0656 0560 stisvc - ok
11:03:25.0687 0560 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:03:25.0859 0560 swenum - ok
11:03:25.0906 0560 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:03:26.0109 0560 swmidi - ok
11:03:26.0109 0560 SwPrv - ok
11:03:26.0125 0560 symc810 - ok
11:03:26.0140 0560 symc8xx - ok
11:03:26.0140 0560 sym_hi - ok
11:03:26.0156 0560 sym_u3 - ok
11:03:26.0250 0560 [ 59E9D90D6373F8AD4E3EBD0ECDEDD35E ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:03:26.0390 0560 SynTP - ok
11:03:26.0421 0560 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:03:26.0625 0560 sysaudio - ok
11:03:26.0671 0560 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:03:26.0890 0560 SysmonLog - ok
11:03:26.0921 0560 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:03:27.0125 0560 TapiSrv - ok
11:03:27.0171 0560 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:03:27.0281 0560 Tcpip - ok
11:03:27.0328 0560 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:03:27.0515 0560 TDPIPE - ok
11:03:27.0531 0560 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:03:27.0765 0560 TDTCP - ok
11:03:27.0796 0560 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:03:28.0000 0560 TermDD - ok
11:03:28.0046 0560 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
11:03:28.0265 0560 TermService - ok
11:03:28.0296 0560 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:03:28.0312 0560 Themes - ok
11:03:28.0328 0560 TosIde - ok
11:03:28.0390 0560 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:03:28.0578 0560 TrkWks - ok
11:03:28.0609 0560 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:03:28.0828 0560 Udfs - ok
11:03:28.0843 0560 ultra - ok
11:03:28.0921 0560 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:03:29.0125 0560 Update - ok
11:03:29.0156 0560 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:03:29.0359 0560 upnphost - ok
11:03:29.0390 0560 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
11:03:29.0609 0560 UPS - ok
11:03:29.0656 0560 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:03:29.0859 0560 usbccgp - ok
11:03:29.0906 0560 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:03:30.0078 0560 usbehci - ok
11:03:30.0109 0560 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:03:30.0312 0560 usbhub - ok
11:03:30.0359 0560 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:03:30.0546 0560 usbprint - ok
11:03:30.0562 0560 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:03:30.0765 0560 usbscan - ok
11:03:30.0796 0560 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:03:30.0984 0560 USBSTOR - ok
11:03:31.0015 0560 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:03:31.0187 0560 usbuhci - ok
11:03:31.0296 0560 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:03:31.0484 0560 VgaSave - ok
11:03:31.0484 0560 ViaIde - ok
11:03:31.0546 0560 [ 0363E216E4EB5052969C96608934DBDE ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
11:03:31.0593 0560 viamraid - ok
11:03:31.0609 0560 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:03:31.0828 0560 VolSnap - ok
11:03:31.0937 0560 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
11:03:32.0156 0560 VSS - ok
11:03:32.0328 0560 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:03:32.0718 0560 w29n51 - ok
11:03:32.0750 0560 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
11:03:32.0968 0560 W32Time - ok
11:03:32.0984 0560 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:03:33.0171 0560 Wanarp - ok
11:03:33.0171 0560 WDICA - ok
11:03:33.0218 0560 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:03:33.0421 0560 wdmaud - ok
11:03:33.0500 0560 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:03:33.0671 0560 WebClient - ok
11:03:33.0765 0560 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:03:33.0984 0560 winmgmt - ok
11:03:34.0031 0560 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:03:34.0218 0560 WmdmPmSN - ok
11:03:34.0250 0560 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:03:34.0421 0560 WmiAcpi - ok
11:03:34.0453 0560 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:03:34.0671 0560 WmiApSrv - ok
11:03:34.0765 0560 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:03:34.0968 0560 wscsvc - ok
11:03:35.0000 0560 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:03:35.0187 0560 wuauserv - ok
11:03:35.0296 0560 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:03:35.0515 0560 WZCSVC - ok
11:03:35.0562 0560 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:03:35.0765 0560 xmlprov - ok
11:03:35.0781 0560 ================ Scan global ===============================
11:03:35.0828 0560 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:03:35.0921 0560 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:03:36.0000 0560 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:03:36.0015 0560 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:03:36.0015 0560 [Global] - ok
11:03:36.0015 0560 ================ Scan MBR ==================================
11:03:36.0046 0560 [ 590F675487DC3387CC62EEE236CE6FA5 ] \Device\Harddisk0\DR0
11:03:36.0171 0560 \Device\Harddisk0\DR0 - ok
11:03:36.0171 0560 ================ Scan VBR ==================================
11:03:36.0171 0560 [ 63D1DB2DCD3215A25359E5D8A54957E6 ] \Device\Harddisk0\DR0\Partition1
11:03:36.0187 0560 \Device\Harddisk0\DR0\Partition1 - ok
11:03:36.0187 0560 ============================================================
11:03:36.0187 0560 Scan finished
11:03:36.0187 0560 ============================================================
11:03:36.0296 3628 Detected object count: 0
11:03:36.0296 3628 Actual detected object count: 0
11:04:55.0640 1008 Deinitialize success
|
|
24.03.2013, 14:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search, danach extension.mismatch in Malwarebytes JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2013, 11:37
| #11 |
| | Delta Search, danach extension.mismatch in Malwarebytes Die OTL.txt ist zu groß, soll ich sie zippen? Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Microsoft Windows XP x86
Ran by *** on 25.03.2013 at 10:14:27,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1547161642-764733703-725345543-1005\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\***\Anwendungsdaten\babylon"
~~~ FireFox
Successfully deleted: [File] "C:\Programme\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Dokumente und Einstellungen\***\Anwendungsdaten\mozilla\firefox\profiles\ld0ysrvo.default\user.js
Successfully deleted: [File] C:\Dokumente und Einstellungen\***\Anwendungsdaten\mozilla\firefox\profiles\ld0ysrvo.default\searchplugins\delta.xml
Successfully deleted the following from C:\Dokumente und Einstellungen\***\Anwendungsdaten\mozilla\firefox\profiles\ld0ysrvo.default\prefs.js
user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119370&tt=070312_wc&babsrc=HP_ss&mntrId=D4FC00150028FD0E");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "d4fc2d8d00000000000000150028fd0e");
user_pref("extensions.delta.instlDay", "15778");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.014:10:46");
user_pref("extensions.delta.vrsni", "1.8.10.0");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2013 at 10:32:50,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 25/03/2013 um 10:42:33 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\f2888ab668e415
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\f2888ab668e415
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ld0ysrvo.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1547 octets] - [25/03/2013 10:42:33]
########## EOF - C:\AdwCleaner[S1].txt - [1607 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 10:54:06 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 494,31 Mb Available Physical Memory | 48,30% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 43,15 Gb Free Space | 57,91% Space Free | Partition Type: NTFS
Drive E: | 23,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1547161642-764733703-725345543-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B9AE2466-D9D4-11D6-A4D6-0030847A41CE}" = AstroStar Profi 2.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EOS Utility" = Canon Utilities EOS Utility
"hp deskjet 840c series" = hp deskjet 840c series (nur entfernen)
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{B9AE2466-D9D4-11D6-A4D6-0030847A41CE}" = AstroStar Profi 2.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WFTK" = Canon Utilities WFT Utility
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.02.2013 09:04:35 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2523, Fehleradresse 0x000659bb.
Error - 26.02.2013 09:04:53 | Computer Name = *** | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 142420983.
Error - 26.02.2013 09:08:30 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2523, Fehleradresse 0x000659bb.
Error - 26.02.2013 11:19:07 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.2.223.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 26.02.2013 11:19:16 | Computer Name = *** | Source = Microsoft Security Client | ID = 5000
Description =
Error - 26.02.2013 11:27:35 | Computer Name = *** | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050a003, P2 mpupdateengine, P3 am fe,
P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.2.223.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.
< End of report >
Geändert von Emily75 (25.03.2013 um 11:43 Uhr) |
|
25.03.2013, 15:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search, danach extension.mismatch in Malwarebytes Wo ist das andere Log von OTL?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2013, 16:12
| #13 |
| | Delta Search, danach extension.mismatch in Malwarebytes OTL.txt war zu groß für einen Beitrag (ich habe im vorigen Beitrag gefragt, ob ich die Datei zippen soll). Soll ich zippen und als Anhang posten? |
|
25.03.2013, 16:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Delta Search, danach extension.mismatch in Malwarebytes Ja bitte, mach das aber nur bei zu großen Logs
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2013, 17:34
| #15 |
| | Delta Search, danach extension.mismatch in Malwarebytes OTL-Log ist angehängt. |
|
| Themen zu Delta Search, danach extension.mismatch in Malwarebytes |
| absturz, askbar, bho, desktop, einstellungen, entfernen, error, fehler, firefox, format, hdaudio.sys, helper, home, iexplore.exe, install.exe, karte, langsam, logfile, mozilla, mpsigstub.exe, nicht öffnen, plug-in, realtek, registry, rundll, secunia psi, security, server, software, system, windows internet, wlan |
Linear-Darstellung
