| |
| |||||||
Log-Analyse und Auswertung: TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/EglateWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.05.2013, 16:33
| #1 |
| |  TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Hallo, ich versuche alles so kurz wie möglich zu schildern, ohne etwas zu vergessen. Vielleicht benutze ich manchmal seltsame Formuliereungen, ich bin noch nicht so bewandert mit Computern, aber auf dem Weg. Alles begann mit dem Fund von TR/Spy.zBot.kumd mit dem Dateinamen ruir.exe durch meinen Avira Antivirusschutz. Diese wurde in Quarantäne verschoben, aber später wieder als Bedrohung erkannt. Danach ist mir eine gerade fertig gestellte Gimp-Datei im Nirvana verschwunden: Die Datei war noch vorhanden, nur die getane (zwischendurch immer mal wieder gespeicherte) Arbeit nicht mehr. Ich weiß nicht, ob es da einen Zusammenhang gibt  Der Gimp-Error wurde bezeichnet als Kernel Date Inpage Error (Ich habe die technischen Infos aufgeschrieben, wenn Bedarf besteht). Es sollte ein "Speicherabbild des physischen Speichers erstellt" werden ( was auch immer das bedeutet), das hat aber die Datei auch nicht retten können.Alles was passierte war, dass das Operating System nicht gefunden werden konnte. Runter und wieder Hochfahren hat wenigstens das wieder in Gang bekommen. Zudem ist der -eh schon alte- Laptop noch viel langsamer geworden, als er vorher war: Er benötigt nun 8 Minuten zum Hochfahren und ebensolange zum Herunterfahren. Neben diesen Problemen hat der Laptop kaum noch Speicher frei, ein externes Speichermedium (USB-Stick) ist unterwegs, im Moment müssen wir mit 1GB Freiraum auskommen. Ich habe angefangen, der Anleitung zu folgen, was für den ersten Thread auf dem Board erwartet wird. Dabei hat AVG hat mir den Zugriff verweigert. Meine Frau meinte sie könnte erst ein paar andere Sachen probieren, was sie auch tat: - die Registry gereinigt - unbenutzte Programme gelöscht Allerdings sind die Probleme geblieben. Neuerdings fährt der Laptop sich auch gerne einfach mal herunter und wieder rauf. Was besonders gut ankommt, wenn du gerade damit arbeiten musst (als DJ z.B.). Da die Probleme immer krasser werden, habe ich nun einen zweiten Anlauf gemacht hier zu posten. Dabei ist allerdings keine zweite Extras.txt Datei eintsatnden, weshalb ich die alte mitschicke. Beim Benutzen von GMER gab es zwei Mal die Meldung "Datenverlust beim Schreiben. C:/$Mft konnte nicht ganz gespeichert werden". Ich habe auch Aviras Luke Filewalker nochmal scannen lassen, was auch nur 3,5 Stunden dauerte  . Dabei wurde ein weiterer Virus gefunden: SpybotSd162.exe in C:/Zusatzprogramme. Dieser konnte in Quarantäne verschoben werden.Zudem wurde JAVA/Jogek.cak gefunden in C:/Dokumente und Einstellungen/Laptop/Lokale Einstellungen/Anwendungsdaten. Aber 15 andere betroffene Dateien mit Spuren des Virus konnten nicht repariert werden. Ich habe überlegt, was ich in der letzten Zeit mit dem Computer (riskantes) gemacht habe und alles was mir dazu einfällt sind: - Ad-ons für Mozilla (allerdings nur von der Originalseite) - irische Fonts als zip-Dateien heruntergeladen und geöffnet (auf mir bekannten Seiten für frei verfügbare Fonts leider nicht zu haben, deshalb von einer Irland-Thematischen-Homepage) Also bitte hilf mir jemand, der/die sich dazu in der Lage fühlt, bevor meine Frau ein neues Betriebssystem aufsetzt  , zwei Tage lang schlecht gelaunt ist wegen der unerwarteten Schwierigkeiten damit. Und mir anschließend rät keine individuellen Einstellungen mehr vorzunehmen, um den Rechner nicht -ihrer Meinung nach- unnötig zu beschäftigen.  Tausend Dank, Nicola PS: Hier die Scans:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.05.2013 17:48:33 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Laptop\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,36 Mb Total Physical Memory | 516,79 Mb Available Physical Memory | 50,55% Memory free 2,40 Gb Paging File | 1,90 Gb Available in Paging File | 78,93% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 0,79 Gb Free Space | 2,12% Space Free | Partition Type: NTFS Computer Name: THINKPAD-1F443C | User Name: Laptop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.07 11:36:09 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.25 13:29:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Laptop\Desktop\OTL.exe PRC - [2013.04.13 11:41:47 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.13 11:41:04 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.13 11:40:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.10 01:05:20 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE PRC - [2012.10.09 23:12:23 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.03.21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe PRC - [2004.10.14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2003.06.24 14:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 02:47:38 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll MOD - [2013.05.16 02:41:33 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2013.05.16 02:41:28 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013.04.13 11:41:54 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2013.02.15 15:51:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll MOD - [2013.01.10 04:29:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.10 04:28:43 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.10 04:25:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.10 04:25:09 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012.05.25 19:18:28 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2756.37527__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2012.05.25 19:18:28 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2756.37783__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2012.05.25 19:18:28 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2756.37480__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012.05.25 19:18:28 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2756.37542__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2012.05.25 19:18:28 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2756.37773__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2012.05.25 19:18:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2756.37518__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2012.05.25 19:18:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2756.37541__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2012.05.25 19:18:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2756.37651__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2012.05.25 19:18:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2756.37502__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2012.05.25 19:18:27 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2756.37817__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2012.05.25 19:18:27 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2756.37725__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2012.05.25 19:18:07 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2756.37825__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2756.37534__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:07 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2756.37495__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:06 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2756.37735__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:06 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2756.37742__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2012.05.25 19:18:06 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2756.37734__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2012.05.25 19:18:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2756.37533__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2012.05.25 19:18:05 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2756.37719__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2756.37724__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll MOD - [2012.05.25 19:18:04 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2756.37663__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:04 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2756.37504__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:04 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2756.37757__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2012.05.25 19:18:04 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2756.37549__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:04 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2756.37687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2756.37660__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2012.05.25 19:18:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2756.37685__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2012.05.25 19:18:03 | 000,917,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2756.37776__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:03 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2756.37555__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:03 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2756.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:03 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2756.37711__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:03 | 000,323,584 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2756.37645__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2012.05.25 19:18:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2756.37563__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2012.05.25 19:18:03 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2756.37652__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2012.05.25 19:18:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2756.37561__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2012.05.25 19:18:03 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2756.37710__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2012.05.25 19:18:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2756.37659__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2012.05.25 19:18:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012.05.25 19:18:02 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2012.05.25 19:18:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012.05.25 19:18:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012.05.25 19:18:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012.05.25 19:18:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2012.05.25 19:18:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012.05.25 19:18:01 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012.05.25 19:18:01 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2012.05.25 19:18:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2012.05.25 19:18:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2012.05.25 19:17:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll MOD - [2012.05.25 19:17:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll MOD - [2012.05.25 19:17:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2012.05.25 19:17:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012.05.25 19:17:55 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2756.37851__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012.05.25 19:17:55 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2756.37789_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2012.05.25 19:17:55 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2756.37475__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2012.05.25 19:17:54 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2756.37799__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012.05.25 19:17:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2756.37796__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012.05.25 19:17:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012.05.25 19:17:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012.05.25 19:17:53 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2756.37512__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012.05.25 19:17:53 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2756.37789__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012.05.25 19:17:53 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2756.37478__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012.05.25 19:17:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012.05.25 19:17:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012.05.25 19:17:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012.05.25 19:17:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2012.05.25 19:17:52 | 001,503,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2756.37489__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012.05.25 19:17:52 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2756.37479__90ba9c70f846762e\ATIDEMOS.dll MOD - [2012.05.25 19:17:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2756.37476__90ba9c70f846762e\AEM.Server.dll MOD - [2012.05.25 19:17:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012.05.25 19:17:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2756.37798__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012.05.25 19:17:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012.05.25 19:17:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.04.19 20:04:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.13 11:41:47 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.13 11:40:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.11 23:01:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.10 01:05:20 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012.10.09 23:12:23 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2007.03.21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.04.13 11:42:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.04.13 11:42:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.04.13 11:42:20 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.13 11:42:20 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.07.24 23:25:29 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2007.07.03 18:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2007.06.21 18:26:20 | 002,156,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007.05.02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.08.28 23:12:00 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.08.28 23:11:00 | 000,247,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2006.08.28 23:10:00 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.04.25 19:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2006.01.17 17:32:44 | 003,325,312 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.11.07 05:58:30 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.10.09 21:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ie" FF - prefs.js..extensions.enabledAddons: searchdictcc%40roughael:3.4 FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.9.0 FF - prefs.js..extensions.enabledAddons: Stratiform%40SoapySpew:3.0.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2 FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1 FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307 FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.http: "http-proxy" FF - prefs.js..network.proxy.http_port: 8080 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.11 23:01:14 | 000,000,000 | ---D | M] [2012.05.25 21:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Extensions [2013.05.08 20:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions [2013.04.10 04:17:20 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013.04.10 04:42:24 | 000,000,000 | ---D | M] ("Bricks for Firefox") -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{1f052e2a-b7b9-11d9-945f-00e08161165f} [2013.04.10 04:17:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.04.10 04:17:26 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\donottrackplus@abine.com [2013.04.10 01:06:03 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\printPages2Pdf@reinhold.ripper [2013.04.10 04:17:26 | 000,275,665 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\artur.dubovoy@gmail.com.xpi [2013.04.10 04:17:21 | 000,021,861 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\gmailnoads@mywebber.com.xpi [2013.04.10 01:05:56 | 000,037,531 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\searchdictcc@roughael.xpi [2013.05.03 20:17:38 | 000,651,215 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\stefanvandamme@stefanvd.net.xpi [2013.04.10 01:06:06 | 000,240,755 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\Stratiform@SoapySpew.xpi [2013.04.10 03:52:13 | 000,005,490 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2013.05.08 20:58:10 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.07 02:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2013.04.11 23:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.11 23:00:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.11 23:01:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.11 09:37:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 09:37:23 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.11 09:37:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 09:37:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 09:37:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 09:37:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1785EA1-B905-498B-B3D1-DAC99A03222D}: DhcpNameServer = 89.101.160.5 89.101.160.4 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.05.25 18:44:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 15:33:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2013.05.10 00:15:49 | 000,000,000 | ---D | C] -- C:\Programme\Inkscape [2013.05.08 20:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\UbiSoft [2013.05.08 20:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Help [2013.05.08 20:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Help [2013.05.08 19:44:20 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax [2013.05.08 19:44:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2013.05.08 19:43:32 | 000,000,000 | ---D | C] -- C:\Programme\donald duck spiel [2013.05.08 19:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\WINDOWS [2013.04.27 00:22:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2013.04.27 00:13:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Laptop\Recent [2013.04.26 23:53:10 | 000,000,000 | ---D | C] -- C:\Programme\Eusing Free Registry Cleaner [2013.04.25 13:29:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Laptop\Desktop\OTL.exe [2013.04.23 19:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Taod [2013.04.23 19:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Niidmo [2013.04.23 19:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Eglate [2013.02.12 00:58:32 | 142,608,624 | ---- | C] (Microsoft Corporation) -- C:\Programme\wlsetup-all_de_16.4.3505.0912.exe [2013.02.12 00:17:01 | 063,842,784 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Programme\FreeStudio_6.0.0.128.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.20 15:05:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.20 15:00:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.20 15:00:25 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys [2013.05.17 00:52:37 | 000,093,711 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.05.16 17:19:08 | 000,455,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.16 02:42:35 | 000,492,998 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.16 02:42:35 | 000,473,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.16 02:42:35 | 000,091,210 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.16 02:42:35 | 000,076,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.16 02:21:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.15 02:26:48 | 000,000,696 | ---- | M] () -- C:\WINDOWS\disney.ini [2013.05.08 19:44:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013.05.08 19:44:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013.05.05 15:01:28 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat [2013.04.25 14:02:48 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\gmer_2.1.19163.exe [2013.04.25 13:29:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Laptop\Desktop\OTL.exe [2013.04.25 13:18:38 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\defogger_reenable [2013.04.25 13:16:54 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\Defogger.exe [2013.04.21 00:04:01 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.17 00:52:37 | 000,093,711 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.05.10 00:29:43 | 000,000,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Inkscape.lnk [2013.05.08 19:44:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2013.05.08 19:44:07 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd [2013.05.08 19:41:54 | 000,000,696 | ---- | C] () -- C:\WINDOWS\disney.ini [2013.04.27 00:17:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013.04.25 14:02:45 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\gmer_2.1.19163.exe [2013.04.25 13:18:15 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\defogger_reenable [2013.04.25 13:16:52 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\Defogger.exe [2013.02.07 02:45:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2013.01.24 01:34:35 | 000,340,214 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.11.07 14:23:22 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.11.05 13:27:47 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\.gtk-bookmarks [2012.10.11 20:39:54 | 000,038,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Startmenü.rar [2012.10.03 15:22:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini [2012.07.26 19:48:45 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2012.07.26 19:12:22 | 000,001,152 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2012.05.28 23:21:59 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.25 21:22:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.05.25 19:32:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.05.25 19:31:24 | 000,455,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.25 19:22:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2012.05.25 19:22:13 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2012.05.25 19:13:16 | 000,972,072 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012.05.25 19:13:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2012.05.25 19:13:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012.05.25 19:13:14 | 000,144,357 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012.05.25 18:47:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.05.25 18:40:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.05.25 19:14:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.02.28 20:49:18 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.03 22:50:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [2012.10.21 17:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileOpen [2013.01.23 19:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2012.10.21 18:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro [2012.10.18 20:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games [2013.05.07 12:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\.minecraft [2013.05.01 02:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\BitTorrent [2012.10.11 16:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\DAEMON Tools [2012.10.21 18:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Downloaded Installations [2012.12.03 17:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\DVDVideoSoft [2013.02.12 02:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\DVDVideoSoftIEHelpers [2013.04.25 12:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Eglate [2013.01.02 19:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\EuroTalk [2012.10.21 17:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\FileOpen [2013.05.10 00:30:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\inkscape [2012.10.10 00:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\LolClient [2013.04.23 19:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Niidmo [2012.10.21 18:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Nitro [2012.12.03 02:45:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\OpenOffice.org [2012.07.24 23:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Opera [2013.04.25 11:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Taod ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.04.2013 13:30:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Laptop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,36 Mb Total Physical Memory | 547,45 Mb Available Physical Memory | 53,55% Memory free
2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 1,09 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
Computer Name: THINKPAD-1F443C | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1454471165-1214440339-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\otalcmd\TOTALCMD.EXE" = C:\Programme\otalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"G:\Spiele\StarCraft II\StarCraft II.exe" = G:\Spiele\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"G:\Spiele\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe" = G:\Spiele\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Call of Warhammer - Part1"" = "Call of Warhammer - Part1"
""Call of Warhammer - Part2"" = "Call of Warhammer - Part2"
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{059AE497-59F8-D7B5-1DAA-FCF4BC1B7C58}" = Catalyst Control Center Localization Chinese Traditional
"{11169D60-471D-AAC1-A727-51FC104223CB}" = CCC Help Italian
"{163FC91B-DA1C-9DAA-0184-344B91C3E7FE}" = CCC Help German
"{1656575C-F009-CFA2-4685-055318C707E3}" = Catalyst Control Center Localization Swedish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{24F90735-7DE4-7A27-3964-C90B4D9F67B8}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2CDF078C-6D1C-B243-9620-BF85F35E28DD}" = ccc-core-static
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{378002DD-C967-EF30-E337-61E67942F68E}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}" = ThinkVantage Fingerprint Software 5.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B51ECD5-C2D1-7CFE-C88A-880BF38C7889}" = CCC Help Spanish
"{50CFCD01-A327-5D4B-012A-4D89353DA130}" = Catalyst Control Center Localization Dutch
"{538FDA9C-DD91-2E2F-6F25-D42081EDF7F1}" = CCC Help Chinese Traditional
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D32481F-53C1-F104-9FEF-5BFC4754D92F}" = Catalyst Control Center Localization Portuguese
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74FF7A9D-4E55-3229-52A7-134F766A3716}" = Catalyst Control Center Localization Chinese Standard
"{7E48FF00-7536-22BA-3E9A-6FD01767443F}" = Catalyst Control Center Core Implementation
"{833CEF67-C0D7-0AA3-B74B-E52ADD3CE6B6}" = CCC Help Portuguese
"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
"{89FC04CE-C79E-BF2A-5573-314C3C0217DA}" = CCC Help Japanese
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BCB35EE-A631-7B05-B298-CF1486CBFF5E}" = Skins
"{8C8643DD-0D2B-E72B-5F98-4092778D3526}" = Catalyst Control Center Localization French
"{8F3E0B73-FFEA-9C0A-D511-16853C9A1FB6}" = Catalyst Control Center Localization Spanish
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9AD8A944-31B5-4C6B-86D5-AC58F23497AA}" = easyC V4 for Cortex
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9AFFA0-5758-68E3-BA5A-109DF60D72F7}" = CCC Help Korean
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E63A58-18FE-8831-BB9E-242515A18820}" = ccc-utility
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B13A120F-D46D-9F48-2E23-D4669281EC03}" = Catalyst Control Center Graphics Full New
"{B279DA2D-982B-1304-896C-E404378538AB}" = CCC Help Dutch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B6669941-2CCC-5267-13C5-2C9F8388515E}" = Catalyst Control Center Localization Italian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE0B22AB-B352-7531-DEA9-7C82F1716454}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197A4E3-3897-AC35-38DA-EA226CA998BE}" = Catalyst Control Center Localization German
"{CA272BE1-F552-443C-B317-D82F021B3F74}" = Introduction to easyC V4 for Cortex 3.3.4.6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC6F8E02-185E-D81E-D286-B16C99D7D010}" = CCC Help French
"{DE459E52-1272-4F45-B5C5-679C78FA0DCD}" = easyC V4 for Cortex
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC67B83A-316C-FA07-D458-A7CE32640F34}" = Catalyst Control Center Localization Korean
"{EDD030C6-0CBD-E188-ED6C-1A05AE6E7B77}" = ccc-core-preinstall
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3285A15-1837-F47D-594B-DB1FEA898388}" = CCC Help Chinese Standard
"{F3302177-39F9-3E21-9C17-730E516445AD}" = CCC Help Swedish
"{F34FB75D-D496-C946-24CC-DE0A77536429}" = Catalyst Control Center Localization Japanese
"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Army Builder V2.2c" = Army Builder V2.2c
"ATI Display Driver" = ATI Display Driver
"Autodesk's VEX Robotics Curriculum 2011" = Autodesk's VEX Robotics Curriculum 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0, build 24
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GeoGebra 4.2" = GeoGebra 4.2
"GIMP-2_is1" = GIMP 2.8.2
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"Opera 11.61.1250" = Opera 11.61
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"ReplayMusic5.45" = Replay Music 5
"RESIDENT EVIL2" = RESIDENT EVIL2
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize" = TreeSize
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR archiver
"ZoomPlayer" = Zoom Player (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.04.2013 07:21:20 | Computer Name = THINKPAD-1F443C | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 09.04.2013 15:47:22 | Computer Name = THINKPAD-1F443C | Source = MsiInstaller | ID = 11609
Description =
Error - 09.04.2013 22:16:24 | Computer Name = THINKPAD-1F443C | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 11.04.2013 06:38:51 | Computer Name = THINKPAD-1F443C | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 16.04.2013 16:38:12 | Computer Name = THINKPAD-1F443C | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 17.04.2013 04:26:22 | Computer Name = THINKPAD-1F443C | Source = MsiInstaller | ID = 11609
Description =
Error - 24.04.2013 04:31:02 | Computer Name = THINKPAD-1F443C | Source = MsiInstaller | ID = 11609
Description =
[ System Events ]
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-20 19:05:27
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS424040M9AT00 rev.MA2OA71A 37,26GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Laptop\LOKALE~1\Temp\kwtdrpob.sys
---- System - GMER 2.1 ----
SSDT F7B1DB3C ZwClose
SSDT F7B1DAF6 ZwCreateKey
SSDT F7B1DB46 ZwCreateSection
SSDT F7B1DAEC ZwCreateThread
SSDT F7B1DAFB ZwDeleteKey
SSDT F7B1DB05 ZwDeleteValueKey
SSDT F7B1DB37 ZwDuplicateObject
SSDT F7B1DB0A ZwLoadKey
SSDT F7B1DAD8 ZwOpenProcess
SSDT F7B1DADD ZwOpenThread
SSDT F7B1DB5F ZwQueryValueKey
SSDT F7B1DB14 ZwReplaceKey
SSDT F7B1DB50 ZwRequestWaitReplyPort
SSDT F7B1DB0F ZwRestoreKey
SSDT F7B1DB4B ZwSetContextThread
SSDT F7B1DB55 ZwSetSecurityObject
SSDT F7B1DB00 ZwSetValueKey
SSDT F7B1DB5A ZwSystemDebugControl
SSDT F7B1DAE7 ZwTerminateProcess
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0xBE 0xBE 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2F 0xF8 0xF4 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xDC 0x11 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0xBE 0xBE 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2F 0xF8 0xF4 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xDC 0x11 0x4F ...
---- EOF - GMER 2.1 ----
|
|
23.05.2013, 22:35
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.05.2013, 14:10
| #3 | ||
| | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Super, dass du mir hilfst!
__________________ Zitat:
Zitat:
Code:
ATTFilter
Avira Free Antivirus
Report file date: Donnerstag, 25. April 2013 18:33
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Laptop
Computer name : THINKPAD-1F443C
Version information:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:37:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 13.04.2013 09:41:03
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 13.04.2013 09:41:03
LUKE.DLL : 13.6.0.902 67808 Bytes 13.04.2013 09:41:31
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 13.04.2013 09:42:21
AVREG.DLL : 13.6.0.940 250592 Bytes 13.04.2013 09:42:21
avlode.dll : 13.6.2.940 434912 Bytes 13.04.2013 09:41:01
avlode.rdf : 13.0.0.46 15591 Bytes 13.04.2013 09:42:22
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 22:27:23
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 22:27:24
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 22:27:24
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 22:27:24
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 22:27:24
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 22:27:24
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 22:27:24
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 22:27:25
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 22:27:25
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 22:27:25
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 22:27:25
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 22:27:25
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 22:27:25
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 22:27:25
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 20:16:33
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 20:16:34
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 21:10:24
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 11:47:48
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 11:47:48
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 11:47:49
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 10:33:39
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 10:33:58
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 12:21:57
VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 16:00:08
VBASE024.VDF : 7.11.73.133 164864 Bytes 19.04.2013 19:44:18
VBASE025.VDF : 7.11.73.201 225792 Bytes 22.04.2013 09:26:07
VBASE026.VDF : 7.11.73.251 161280 Bytes 23.04.2013 19:49:44
VBASE027.VDF : 7.11.74.55 126976 Bytes 24.04.2013 14:39:09
VBASE028.VDF : 7.11.74.56 2048 Bytes 24.04.2013 14:39:09
VBASE029.VDF : 7.11.74.57 2048 Bytes 24.04.2013 14:39:09
VBASE030.VDF : 7.11.74.58 2048 Bytes 24.04.2013 14:39:09
VBASE031.VDF : 7.11.74.98 178176 Bytes 25.04.2013 16:26:33
Engine version : 8.2.12.32
AEVDF.DLL : 8.1.2.10 102772 Bytes 08.10.2012 12:34:46
AESCRIPT.DLL : 8.1.4.108 483709 Bytes 25.04.2013 14:15:44
AESCN.DLL : 8.1.10.4 131446 Bytes 27.03.2013 12:41:16
AESBX.DLL : 8.2.5.12 606578 Bytes 17.06.2012 14:28:36
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 12:15:25
AEPACK.DLL : 8.3.2.6 827767 Bytes 02.04.2013 17:14:58
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 11.03.2013 18:55:19
AEHEUR.DLL : 8.1.4.318 5894521 Bytes 25.04.2013 14:15:41
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 23:00:54
AEGEN.DLL : 8.1.7.2 442741 Bytes 27.03.2013 12:41:12
AEEXP.DLL : 8.4.0.24 196982 Bytes 25.04.2013 14:15:45
AEEMU.DLL : 8.1.3.2 393587 Bytes 08.10.2012 12:34:41
AECORE.DLL : 8.1.31.2 201080 Bytes 06.03.2013 00:00:14
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 21:22:52
AVWINLL.DLL : 13.6.0.480 26480 Bytes 13.04.2013 09:40:15
AVPREF.DLL : 13.6.0.480 51056 Bytes 13.04.2013 09:41:02
AVREP.DLL : 13.6.0.480 178544 Bytes 13.04.2013 09:42:21
AVARKT.DLL : 13.6.0.902 260832 Bytes 13.04.2013 09:40:53
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 13.04.2013 09:40:56
SQLITE3.DLL : 3.7.0.1 397704 Bytes 13.04.2013 09:41:54
AVSMTP.DLL : 13.6.0.480 62832 Bytes 13.04.2013 09:41:05
NETNT.DLL : 13.6.0.480 16240 Bytes 13.04.2013 09:41:41
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 13.04.2013 09:40:17
RCTEXT.DLL : 13.6.0.976 67296 Bytes 13.04.2013 09:40:17
Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\programme\avira\antivir desktop\alldrives.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+JOKE,+PCK,+SPR,
Start of the scan: Donnerstag, 25. April 2013 18:33
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
The scan of running processes will be started:
Scan process 'taskmgr.exe' - '36' Module(s) have been scanned
Scan process 'avscan.exe' - '93' Module(s) have been scanned
Scan process 'avcenter.exe' - '83' Module(s) have been scanned
Scan process 'ccc.exe' - '159' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'SMAgent.exe' - '14' Module(s) have been scanned
Scan process 'c2c_service.exe' - '31' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '21' Module(s) have been scanned
Scan process 'NLSSRV32.EXE' - '14' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '36' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'jqs.exe' - '88' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '23' Module(s) have been scanned
Scan process 'MOM.EXE' - '54' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '16' Module(s) have been scanned
Scan process 'TpScrex.exe' - '30' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '33' Module(s) have been scanned
Scan process 'TPONSCR.exe' - '29' Module(s) have been scanned
Scan process 'acs.exe' - '49' Module(s) have been scanned
Scan process 'tposdsvc.exe' - '44' Module(s) have been scanned
Scan process 'TPHKSVC.exe' - '38' Module(s) have been scanned
Scan process 'TPHKLOAD.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '40' Module(s) have been scanned
Scan process 'spoolsv.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '125' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '38' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '29' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '11' Module(s) have been scanned
Scan process 'avshadow.exe' - '18' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '92' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '5512' files ).
Starting the file scan:
Begin scan in 'C:\' <WinXP>
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Das Gerät ist nicht bereit.
End of the scan: Donnerstag, 25. April 2013 22:15
Used time: 3:42:06 Hour(s)
The scan has been done completely.
9855 Scanned directories
435557 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
435557 Files not concerned
4888 Archives were scanned
0 Warnings
0 Notes
Aber dann hat meine Frau erstmal die Registry gereinigt und unbenutzte Programme gelöscht. Der Laptop ging aber immer nur schlechter, also habe ich einen zweiten Anlauf gemacht, die Scans ein zweites Mal gemacht und Avira Filewalker nochmal drüber laufen lassen: Code:
ATTFilter
Avira Free Antivirus
Report file date: Montag, 20. Mai 2013 19:47
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : THINKPAD-1F443C
Version information:
BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:36:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 07.05.2013 09:36:12
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 13.04.2013 09:41:03
LUKE.DLL : 13.6.0.1262 65080 Bytes 07.05.2013 09:36:45
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 07.05.2013 09:36:12
AVREG.DLL : 13.6.0.1262 247864 Bytes 07.05.2013 09:36:10
avlode.dll : 13.6.2.1262 432184 Bytes 07.05.2013 09:36:10
avlode.rdf : 13.0.1.12 25921 Bytes 16.05.2013 15:30:35
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 22:27:23
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 21:37:22
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 21:37:22
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 21:37:22
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 21:37:22
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 21:37:22
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 21:37:22
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 21:37:22
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 21:37:23
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 21:37:23
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 21:37:23
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 21:37:23
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 21:37:23
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 21:37:23
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 09:33:56
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 22:22:18
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 13:20:41
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 17:20:41
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 22:33:33
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 20:32:48
VBASE020.VDF : 7.11.77.145 141312 Bytes 10.05.2013 12:47:59
VBASE021.VDF : 7.11.77.225 155648 Bytes 12.05.2013 12:32:50
VBASE022.VDF : 7.11.78.21 202752 Bytes 13.05.2013 14:04:41
VBASE023.VDF : 7.11.78.71 140800 Bytes 13.05.2013 09:52:08
VBASE024.VDF : 7.11.78.147 167936 Bytes 15.05.2013 19:30:42
VBASE025.VDF : 7.11.78.207 147456 Bytes 16.05.2013 15:30:14
VBASE026.VDF : 7.11.79.17 198656 Bytes 17.05.2013 20:23:33
VBASE027.VDF : 7.11.79.81 251392 Bytes 20.05.2013 13:11:11
VBASE028.VDF : 7.11.79.82 2048 Bytes 20.05.2013 13:11:11
VBASE029.VDF : 7.11.79.83 2048 Bytes 20.05.2013 13:11:11
VBASE030.VDF : 7.11.79.84 2048 Bytes 20.05.2013 13:11:11
VBASE031.VDF : 7.11.79.94 14848 Bytes 20.05.2013 17:41:57
Engine version : 8.2.12.44
AEVDF.DLL : 8.1.2.10 102772 Bytes 08.10.2012 12:34:46
AESCRIPT.DLL : 8.1.4.116 487805 Bytes 16.05.2013 15:30:33
AESCN.DLL : 8.1.10.4 131446 Bytes 27.03.2013 12:41:16
AESBX.DLL : 8.2.5.12 606578 Bytes 17.06.2012 14:28:36
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 12:15:25
AEPACK.DLL : 8.3.2.12 754040 Bytes 08.05.2013 14:28:11
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 11.03.2013 18:55:19
AEHEUR.DLL : 8.1.4.368 5943673 Bytes 16.05.2013 15:30:31
AEHELP.DLL : 8.1.25.10 258425 Bytes 08.05.2013 14:28:02
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 14:28:02
AEEXP.DLL : 8.4.0.30 201078 Bytes 16.05.2013 15:30:34
AEEMU.DLL : 8.1.3.2 393587 Bytes 08.10.2012 12:34:41
AECORE.DLL : 8.1.31.2 201080 Bytes 06.03.2013 00:00:14
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 21:22:52
AVWINLL.DLL : 13.6.0.480 26480 Bytes 13.04.2013 09:40:15
AVPREF.DLL : 13.6.0.480 51056 Bytes 13.04.2013 09:41:02
AVREP.DLL : 13.6.0.480 178544 Bytes 13.04.2013 09:42:21
AVARKT.DLL : 13.6.0.1262 258104 Bytes 07.05.2013 09:36:05
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 07.05.2013 09:36:08
SQLITE3.DLL : 3.7.0.1 397704 Bytes 13.04.2013 09:41:54
AVSMTP.DLL : 13.6.0.480 62832 Bytes 13.04.2013 09:41:05
NETNT.DLL : 13.6.0.480 16240 Bytes 13.04.2013 09:41:41
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 13.04.2013 09:40:17
RCTEXT.DLL : 13.6.0.976 67296 Bytes 13.04.2013 09:40:17
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+JOKE,+PCK,+SPR,
Start of the scan: Montag, 20. Mai 2013 19:47
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started:
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '96' Module(s) have been scanned
Scan process 'avcenter.exe' - '70' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
Scan process 'ccc.exe' - '158' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'SMAgent.exe' - '14' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '36' Module(s) have been scanned
Scan process 'c2c_service.exe' - '31' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '21' Module(s) have been scanned
Scan process 'avgnt.exe' - '64' Module(s) have been scanned
Scan process 'NLSSRV32.EXE' - '14' Module(s) have been scanned
Scan process 'MOM.EXE' - '54' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '23' Module(s) have been scanned
Scan process 'jqs.exe' - '88' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '16' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '32' Module(s) have been scanned
Scan process 'acs.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '40' Module(s) have been scanned
Scan process 'spoolsv.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '104' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '38' Module(s) have been scanned
Scan process 'EvtEng.exe' - '55' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '29' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '11' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '85' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '853' files ).
Starting the file scan:
Begin scan in 'C:\' <WinXP>
[0] Archive type: Runtime Packed
--> C:\Dokumente und Einstellungen\Laptop\Eigene Dateien\Downloads\jre-7u21-windows-i586-iftw.exe
[1] Archive type: Runtime Packed
--> C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41\24ae3ae9-38b99e99
[2] Archive type: ZIP
--> Bottom.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.bzw Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom010.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cah Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom011.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.bzx Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom012.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.bzy Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom013.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.bzz Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom014.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.caa Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom02.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cai Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom03.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cab Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom04.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cac Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom05.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2013-0431.BT exploit
[WARNING] Infected files in archives cannot be repaired
--> Bottom06.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cad Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom07.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cae Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom08.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.caj Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bottom09.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.caf Java virus
[WARNING] Infected files in archives cannot be repaired
--> hw.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cak Java virus
[WARNING] Infected files in archives cannot be repaired
C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41\24ae3ae9-38b99e99
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cak Java virus
Beginning disinfection:
C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41\24ae3ae9-38b99e99
[DETECTION] Contains recognition pattern of the JAVA/Jogek.cak Java virus
[NOTE] The file was moved to the quarantine directory under the name '57d50c67.qua'!
End of the scan: Dienstag, 21. Mai 2013 00:46
Used time: 3:36:06 Hour(s)
The scan has been done completely.
9321 Scanned directories
373374 Files were scanned
16 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
373358 Files not concerned
4274 Archives were scanned
15 Warnings
1 Notes
661086 Objects were scanned with rootkit scan
0 Hidden objects were found
Nicola Geändert von Nicola Sacco (26.05.2013 um 14:12 Uhr) Grund: hatte mich verschrieben |
|
26.05.2013, 18:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.05.2013, 22:31
| #5 | |
| | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/EglateZitat:
|
|
27.05.2013, 08:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Nein, dass ist nicht leichtsinnig, es wäre gefährlicher wenn du CF mit aktivem Virenscanner ausführst! Lass die Windows-Firewall bitte aktiv
__________________ --> TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate |
|
27.05.2013, 19:21
| #7 |
| | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate O.k. Ich habe das Programm heute Nachmittag gestartet (ca. 20 nach 2). Erst habe ich die aktuellere Version angeboten bekommen und akzeptiert, dann musste ich diesen Windows-Container installieren, dann lief das Programm erstmal weiter ohne Nachfragen. Um 14:41 ist die Uhr auf dem Desktop stehen geblieben. Jetzt ist immer noch der selbe Bildschirm zu sehen wie seit dem (Auto-Scan: "Suche nach infizierten Dateien. Dauert nur 10 Minuten. Vielleicht doppelt so lang."). Was soll ich tun?  |
|
27.05.2013, 21:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2013, 10:44
| #9 |
| | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Ja, ich habe das nochmal versucht, wie du gesagt hast. Aber er ist wieder an der selben Stelle hängen geblieben. Diesmal war das Mitteilungsfenster der Internetverbindung offen. Die Verbindung ist in den letzten Tagen etwas brüchig geworden. Beim Wirelesslan aber auch per Kabel ist zwischendurch immer mal wieder die Verbindung abgebrochen, der Rechner stellt die Verbindung automatisch wieder her und teilt mir das dann mit, zusammen mit dem Hinweis, dass die Signalstärke wunderbar ist Hat dieser Vorgang vielleicht Combofix behindert? Ich habe extra beobachtet, ob während des Runterladen des Programms vielleicht etwas schiefläuft. Aber das ging ohne Probleme. Nochmal versuchen?  |
|
28.05.2013, 12:35
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Letzter Versuch: Starte den Rechner im abgesicherten Modus mit Netzwerk, lade CF neu runter und probier es nochmal. Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2013, 23:35
| #11 |
| | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Also das hat auch wieder nicht geklappt. Combofix hat wieder an der selben Stelle gestopt. Vorher hatte ich aber schon das Problem, dass mir gemeldet wurde Avira sei noch an. Aber das Programm wurde weder in der Taskleiste angezeigt noch war es im Taskmanager als Prozess zu erkennen. Also habe ich "ok, trotzdem machen" geklickt. Meine Frau kann es kaum erwarten endlich ein neues Betriebssystem auf zu setzen (,ein "Habe ich dir doch gleich gesagt- Gesicht" machend). Oder kann ich noch etwas anderes versuchen ? Eine letzte Chance würde ich dem Gerät noch geben. Von meiner Geduld her. Danke für deine schonmal. |
|
29.05.2013, 08:58
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Nunja, andererseits sollte man nicht sofort aufgeben, es ist mitunter normal, dass CF nicht auf Anhieb läuft. Kommt zwar rel. selten vor, aber ich hab es schon ein paar Mal erlebt. Andererseits hinsichtlich des Betriebssystem wäre es schon sinnvoll sich von XP so langsam zu trennen. Es wird nur nich bis April/Mai 2014 von MS offiziell unterstützt, danach gibt es keine weiteren Updates mehr und entdeckte Sicherheitslücken werden damit nicht mehr gestopft. Zudem wird es mehr und mehr Software geben, die dann min. ein Vista oder Win7 voraussetzt. Mir stellt sich daher die Frage, ob du noch etwas mit WinXP auf diesem Rechner weitermachen willst oder an dieser Stelle abbrechen und ein neues Windows auf diesem Rechner installieren willst.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2013, 17:53
| #13 |
| | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Hey, sorry für die späte Antwort: Wir hatten wilde Diskussionen darüber, was jetzt mit diesem Rechner anzufangen ist. Das Ergebnis ist, dass wir Windows XP neu installieren -oder eher meine Frau- und uns dann in einem Jahr nochmal neu damit auseinandersetzten. Danke für deine Hilfe, ich habe ein wenig über Computer gelernt, werde meiner Frau weiter über die Schulter schauen und die Hoffnung nicht aufgeben irgendwann der "Super-Computer-Experte" zu sein. Danke, Nicola |
|
01.06.2013, 18:07
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Jetzt wieder XP zu installieren, da würde ich echt von abraten. Allein für die Updateorgie geht locker ein Tag drauf wenn man nicht viel Erfahrung hat. Mal ne Frage, was genau macht ihr mit diesem Rechner? Es muss nicht immer Windows sein nur weil man nichts anderes kennt. In vielen Fällen ist eine Linuxdistro die bessere Alternative als das angestaubte WinXP.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2013, 00:49
| #15 |
| | TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate Hey, ja, wem sagst du das? Ich hatte schonmal einen Linuxrechner. Sogar selbst installiert! Von einer CD in einem Computer-Heft, aber ich war stolz wie Oskar. Die meisten Programme, die ich benutze, haben damit kein Problem. Leider ist meine Frau dagegen (deshalb die o.g. Diskussionen), weil wir dann wahrscheinlich manche Sachen nicht benutzen können, besonders Spiele (LoL? Minecraft?). Oder das DJ-Programm. In einem Jahr sieht die Welt ganz anders aus und vielleicht wird´s dann ein Linux... Ja, mit einem bis zwei Tagen rechnen wir wohl, dass es dauern wird den Laptop neu zu machen... Aber das wird die Tage in Angriff genommen. Viel Tee trinken und die Sonne genießen hilft auch das durch zu stehen! Danke für deine Hilfe! Ich bin wirklich froh, dass es so Plattformen, wie diese hier gibt. Auch wenn es bei meiner alten Möhre diesmal nicht ganz gelungen ist, weiss ich mehr über mein Gerät. Ich komme dann mit dem nächsten Hinkebein wieder her. Nicola |
|
| Themen zu TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate |
| 32 bit, ad-ons, adobe, adobe reader xi, avira, computer, computern, converter, dvdvideosoft ltd., euro, excel, explorer, firefox, flash player, format, internet browser, java/jogek.cak, logfile, mozilla, msiinstaller, ntdll.dll, opera, plug-in, registry, security, seiten, software, spontaner neustart, spybot, system, thinkpad, total commander, tr/spy.zbot.kumd, trojaner, udp, windows internet |
Linear-Darstellung
