|
Log-Analyse und Auswertung: GVU Trojaner auf Windows XP RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.07.2013, 22:21 | #1 |
| GVU Trojaner auf Windows XP Rechner Hallo, auf dem Rechner meiner Schwester ist hier der GVU Trojaner drauf. Ich komme nicht ins Windows XP rein, auch nicht im Abgesicherten Modus. Habe jetzt wie bei euch gelesen Abgesicherter Modus + Eingabeaufforderung angemacht und FRST durchlaufen lassen. Die Scans sind im Anhang. Für Eure Hilfe bei der Beseitigung bin ich euch dankbar. Da sich das Datum verstellt hat auf 2002 und ich es auf das aktuelle zurückgestellt habe, kann es sein dass bei modifizierte dateien des letzten monats etwas fehlt. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02 Ran by Administrator (administrator) on 18-07-2013 23:12:52 Running from H:\_ANTIVIR Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (SUPERAntiSpyware.com) C:\Programme\SUPERAntiSpyware\SASCORE.EXE (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\!SASWinLogon: C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [X] HKU\Timbo\...\Run: [msnmsgr] - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background [x] Lsa: [Authentication Packages] msv1_0 relog_ap nwprovau porated) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x] HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [PDFPrint] - C:\Programme\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [E06DXLRD_5083312] - C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE [301776 2005-06-04] (Microsoft Corporation) HKCU\...\Run: [SpybotSD TeaTimer] - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [MSMSGS] - C:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [Octoshape Streaming Services] - C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS) HKCU\...\Run: [swg] - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-15] (Google Inc.) HKCU\...\Winlogon: [Shell] explorer.exe,C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\cache.dat <==== ATTENTION Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) BootExecute: autocheck autochk * stera ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4767c182-3544-45ee-805e-4863d4e9007e&apn_sauid=05610234-2320-43D7-9C12-759B05FFA953 BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: No Name - {27D79A23-47BB-40A7-A860-0371C3CD082B} - No File BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Hilfsobjekt für Encarta Web-Begleiter - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File Toolbar: HKLM - Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ipp - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Mozilla\Firefox\Profiles\mnui3xkz.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Programme\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Programme\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com) S2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [172032 2006-01-04] (Acronis) S2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-07-15] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-07-15] (Google Inc.) S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-18] (Google) S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) S2 LVPrcSrv; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [154136 2009-04-30] (Logitech Inc.) S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-03] (Mozilla Foundation) S2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation) S3 ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies) S2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) S2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2prt.sys [9056 2001-10-19] ((Standard Mouse Types)) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) S1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] () S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [20480 2005-05-31] (IVT Corporation) S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) S3 BTHidEnum; C:\Windows\System32\DRIVERS\vbtenum.sys [11860 2005-04-30] () R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] () S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5b.sys [35328 2003-01-27] (VIA Technologies, Inc. ) S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-05-01] (Logitech Inc.) S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] () S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 Nokia USB Generic; C:\Windows\System32\drivers\nmwcdc.sys [8704 2006-05-29] (Nokia) S3 Nokia USB Modem; C:\Windows\System32\drivers\nmwcdcm.sys [13312 2006-05-29] (Nokia) S3 Nokia USB Phone Parent; C:\Windows\System32\drivers\nmwcd.sys [127488 2006-05-29] (Nokia) S3 Nokia USB Port; C:\Windows\System32\drivers\nmwcdcj.sys [13312 2006-05-29] (Nokia) S3 NTSIM; C:\WINDOWS\system32\ntsim.sys [6016 2002-09-12] (VIA Technologies, Inc. ) S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-23] (Microsoft Corporation) S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-23] (Microsoft Corporation) S3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S1 SASDIFSV; C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [639224 2007-02-15] () S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [30688 2006-04-29] (Acronis) S3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2006-04-19] (Alcohol Soft Co., Ltd.) S3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation) S3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation) R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.) R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) S3 vulfnths; C:\Windows\System32\Drivers\vulfnth.sys [6912 2003-01-02] (VIA Technologies, Inc.) R3 vulfntrs; C:\Windows\System32\Drivers\vulfntr.sys [10496 2003-01-02] (VIA Technologies, Inc.) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S4 IntelIde; No ImagePath U3 aan07puc; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-17 13:11 - 2002-01-01 01:30 - 00000004 _____ C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\cache.ini 2013-07-15 13:12 - 2013-07-15 13:12 - 00128717 _____ C:\WINDOWS\KB2834886.log 2013-07-15 13:12 - 2013-07-15 13:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$ 2013-07-15 13:06 - 2013-07-15 13:07 - 00127890 _____ C:\WINDOWS\KB2845142.log 2013-07-15 12:27 - 2013-07-15 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834903_WM10L$ 2013-07-15 12:26 - 2013-07-15 12:27 - 00120910 _____ C:\WINDOWS\KB2834903.log 2013-07-15 08:54 - 2013-07-15 13:09 - 00136199 _____ C:\WINDOWS\KB2850851.log 2013-07-15 08:54 - 2013-07-15 13:08 - 00136009 _____ C:\WINDOWS\KB2845187.log 2013-07-15 08:53 - 2013-07-15 12:51 - 00228510 _____ C:\WINDOWS\KB2846071-IE7.log 2013-07-03 10:33 - 2013-07-03 14:39 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-07-03 08:33 - 2013-07-03 08:33 - 00098304 _____ C:\WINDOWS\Minidump\Mini070313-01.dmp 2013-06-28 09:15 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-06-26 20:43 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-06-26 20:42 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-06-26 16:43 - 2013-06-26 16:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-06-26 16:43 - 2013-06-26 16:42 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-06-26 16:43 - 2013-06-26 16:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-06-26 16:43 - 2013-06-26 16:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-06-21 17:40 - 2013-06-21 17:40 - 00000000 _____ C:\WINDOWS\system32\jupdate-1.7.0_25-b16.log ==================== One Month Modified Files and Folders ======= 2013-07-17 13:30 - 2011-07-15 11:30 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-17 13:02 - 2012-04-11 11:28 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-07-17 12:25 - 2011-10-26 12:25 - 00000484 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2013-07-16 14:53 - 2006-04-19 15:46 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-07-16 14:27 - 2006-04-19 15:08 - 00000000 ___RD C:\Programme 2013-07-16 14:08 - 2011-11-21 14:38 - 00000000 ____D C:\Programme\Microsoft Silverlight 2013-07-16 14:08 - 2006-04-19 15:07 - 00182632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-15 13:12 - 2013-07-15 13:12 - 00128717 _____ C:\WINDOWS\KB2834886.log 2013-07-15 13:12 - 2013-07-15 13:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-15 13:12 - 2011-12-14 11:05 - 00543894 _____ C:\WINDOWS\iis6.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00500815 _____ C:\WINDOWS\FaxSetup.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00239436 _____ C:\WINDOWS\ocgen.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00228501 _____ C:\WINDOWS\tsoc.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00166934 _____ C:\WINDOWS\comsetup.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00153824 _____ C:\WINDOWS\msmqinst.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00101101 _____ C:\WINDOWS\ntdtcsetup.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00087723 _____ C:\WINDOWS\netfxocm.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00034425 _____ C:\WINDOWS\MedCtrOC.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00027702 _____ C:\WINDOWS\ocmsn.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00025191 _____ C:\WINDOWS\tabletoc.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00025029 _____ C:\WINDOWS\msgsocm.log 2013-07-15 13:12 - 2011-12-14 11:05 - 00001374 _____ C:\WINDOWS\imsins.log 2013-07-15 13:09 - 2013-07-15 08:54 - 00136199 _____ C:\WINDOWS\KB2850851.log 2013-07-15 13:09 - 2011-12-14 11:05 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-15 13:08 - 2013-07-15 08:54 - 00136009 _____ C:\WINDOWS\KB2845187.log 2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$ 2013-07-15 13:07 - 2013-07-15 13:06 - 00127890 _____ C:\WINDOWS\KB2845142.log 2013-07-15 12:55 - 2006-04-19 15:44 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-07-15 12:51 - 2013-07-15 08:53 - 00228510 _____ C:\WINDOWS\KB2846071-IE7.log 2013-07-15 12:51 - 2011-12-14 11:15 - 00064881 _____ C:\WINDOWS\updspapi.log 2013-07-15 12:51 - 2002-01-01 01:22 - 00000000 ____D C:\WINDOWS\system32\de-de 2013-07-15 12:50 - 2011-07-17 10:18 - 00000000 ____D C:\WINDOWS\ie7updates 2013-07-15 12:27 - 2013-07-15 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834903_WM10L$ 2013-07-15 12:27 - 2013-07-15 12:26 - 00120910 _____ C:\WINDOWS\KB2834903.log 2013-07-15 08:59 - 2002-01-01 01:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop 2013-07-15 08:59 - 2002-01-01 01:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop 2013-07-05 14:52 - 2002-01-01 01:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM 2013-07-03 16:37 - 2012-09-10 13:05 - 00000000 ____D C:\Programme\Mozilla Maintenance Service 2013-07-03 14:39 - 2013-07-03 10:33 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-07-03 08:33 - 2013-07-03 08:33 - 00098304 _____ C:\WINDOWS\Minidump\Mini070313-01.dmp 2013-07-03 08:33 - 2006-04-29 20:24 - 00000000 ____D C:\WINDOWS\Minidump 2013-06-28 09:15 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-06-28 09:15 - 2013-06-26 20:43 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-06-28 09:15 - 2013-06-26 20:42 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-06-28 09:15 - 2013-04-08 15:53 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-06-28 09:15 - 2012-10-24 13:28 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-06-28 09:15 - 2012-10-24 13:28 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-06-26 16:48 - 2012-04-11 11:28 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-06-26 16:48 - 2011-07-15 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-06-26 16:43 - 2013-06-26 16:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-06-26 16:42 - 2013-06-26 16:43 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-06-26 16:42 - 2013-06-26 16:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-06-26 16:42 - 2013-06-26 16:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-06-26 16:42 - 2012-09-15 10:08 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll 2013-06-26 16:42 - 2012-09-15 10:08 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-06-26 16:42 - 2002-01-01 00:40 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-06-22 08:14 - 2006-12-25 17:59 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-06-21 17:40 - 2013-06-21 17:40 - 00000000 _____ C:\WINDOWS\system32\jupdate-1.7.0_25-b16.log 2013-06-21 17:40 - 2006-11-25 22:55 - 00000000 ____D C:\Programme\Java 2013-06-19 11:51 - 2002-01-01 01:03 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Briefe 2013-06-19 11:51 - 2002-01-01 01:03 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Briefe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 00:57] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2004-08-04 00:58] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2004-08-04 00:58] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2004-08-04 00:58] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\Windows\System32\User32.dll [2004-08-04 00:57] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2004-08-04 00:58] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 00:44] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2013 02 Ran by Administrator at 2002-01-01 00:41:22 Running from H:\_ANTIVIR Boot Mode: Safe Mode (minimal) ========================================================== ==================== Installed Programs ======================= Acronis*True*Image (Version: 9.0.2337) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) AGEIA PhysX v2.3.3 Apple Software Update (Version: 1.0.2.1) avast! Free Antivirus (Version: 8.0.1489.0) BlueSoleil BufferChm (Version: 53.0.13.000) Commandos Strike Force (Version: 1.00.0000) Destinations (Version: 53.0.13.000) DeviceFunctionQFolder (Version: 1.00.0000) DeviceManagementQFolder (Version: 1.00.0000) eMule eSupportQFolder (Version: 1.00.0000) GameSpy Arcade Ghost Recon Advanced Warfighter (Version: 1.00.000) Google Earth (Version: 5.2.1.1588) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.153) Gothic (Version: 1.32) Hotfix für Windows XP (KB2570791) (Version: 1) Hotfix für Windows XP (KB2633952) (Version: 1) Hotfix für Windows XP (KB2756822) (Version: 1) Hotfix für Windows XP (KB2779562) (Version: 1) Hotfix für Windows XP (KB952287) (Version: 1) Hotfix für Windows XP (KB981793) (Version: 1) HP Deskjet 3900 series (Version: 5.0) HP Image Zone Express (Version: 1.5.1.29) HP Imaging Device Functions 5.0 (Version: 5.0) HP Product Assistant (Version: 100.000.001.000) HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0) HP Update (Version: 5.003.001.001) HPDeskjet3900Series (Version: 1.00.0000) HPProductAssistant (Version: 53.0.13.000) J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100) J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 35 (Version: 6.0.350) King K-Lite Codec Pack 2.49 Full (Version: 2.49) L&H TTS3000 Deutsch Lame ACM MP3 Codec Logitech Webcam Software (Version: 12.00.1280) Logitech Webcam Software-Treiberpaket (Version: 12.0.1278) Macromedia Shockwave Player McAfee Security Scan Plus (Version: 3.0.318.3) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Age of Empires Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Encarta 2006 Enzyklopädie DVD (Version: 2006) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla (1.7.13) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 6 Ultra Edition Nokia Connectivity Cable Driver (Version: 6.81.1.2) Nokia PC Connectivity Solution (Version: 6.23.9.0) Nokia PC Suite (Version: 6.81.13.0) NVIDIA Drivers Octoshape Streaming Services OpenOffice.org 3.3 (Version: 3.3.9567) Opera 9.26 (Version: 9.26) PDF24 Creator 5.2.0 Platform (Version: 1.13) Prince of Persia The Sands of Time (Version: 1.00.181) Samsung Media Studio (Version: 5) Sicherheitsupdate für Microsoft Windows (KB2564958) Sicherheitsupdate für Windows Internet Explorer 7 (KB2544521) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2559049) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2586448) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2618444) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2647516) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2675157) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2699988) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2722913) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2744842) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2761465) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2792100) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2797052) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2799329) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2809289) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2817183) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2829530) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2838727) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB2846071) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2) (Version: 2) Sicherheitsupdate für Windows Internet Explorer 7 (KB982381) (Version: 1) Sicherheitsupdate für Windows Media Player (KB2378111) Sicherheitsupdate für Windows Media Player (KB2834903) Sicherheitsupdate für Windows Media Player (KB2845142) Sicherheitsupdate für Windows Media Player (KB911564) Sicherheitsupdate für Windows Media Player (KB952069) Sicherheitsupdate für Windows Media Player (KB954155) Sicherheitsupdate für Windows Media Player (KB973540) Sicherheitsupdate für Windows Media Player (KB975558) Sicherheitsupdate für Windows Media Player (KB978695) Sicherheitsupdate für Windows Media Player 10 (KB917734) Sicherheitsupdate für Windows Media Player 10 (KB936782) Sicherheitsupdate für Windows Media Player 6.4 (KB925398) Sicherheitsupdate für Windows Media Player 9 (KB911565) Sicherheitsupdate für Windows Media Player 9 (KB917734) Sicherheitsupdate für Windows XP (KB2079403) (Version: 1) Sicherheitsupdate für Windows XP (KB2229593) (Version: 1) Sicherheitsupdate für Windows XP (KB2296011) (Version: 1) Sicherheitsupdate für Windows XP (KB2347290) (Version: 1) Sicherheitsupdate für Windows XP (KB2360937) (Version: 1) Sicherheitsupdate für Windows XP (KB2387149) (Version: 1) Sicherheitsupdate für Windows XP (KB2393802) (Version: 1) Sicherheitsupdate für Windows XP (KB2412687) (Version: 1) Sicherheitsupdate für Windows XP (KB2419632) (Version: 1) Sicherheitsupdate für Windows XP (KB2423089) (Version: 1) Sicherheitsupdate für Windows XP (KB2440591) (Version: 1) Sicherheitsupdate für Windows XP (KB2443105) (Version: 1) Sicherheitsupdate für Windows XP (KB2476490) (Version: 1) Sicherheitsupdate für Windows XP (KB2478960) (Version: 1) Sicherheitsupdate für Windows XP (KB2478971) (Version: 1) Sicherheitsupdate für Windows XP (KB2479943) (Version: 1) Sicherheitsupdate für Windows XP (KB2481109) (Version: 1) Sicherheitsupdate für Windows XP (KB2483185) (Version: 1) Sicherheitsupdate für Windows XP (KB2485663) (Version: 1) Sicherheitsupdate für Windows XP (KB2503665) (Version: 1) Sicherheitsupdate für Windows XP (KB2506212) (Version: 1) Sicherheitsupdate für Windows XP (KB2507618) (Version: 1) Sicherheitsupdate für Windows XP (KB2507938) (Version: 1) Sicherheitsupdate für Windows XP (KB2508272) (Version: 1) Sicherheitsupdate für Windows XP (KB2508429) (Version: 1) Sicherheitsupdate für Windows XP (KB2509553) (Version: 1) Sicherheitsupdate für Windows XP (KB2510581) (Version: 1) Sicherheitsupdate für Windows XP (KB2535512) (Version: 1) Sicherheitsupdate für Windows XP (KB2536276-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2544893) (Version: 1) Sicherheitsupdate für Windows XP (KB2544893-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2555917) (Version: 1) Sicherheitsupdate für Windows XP (KB2562937) (Version: 1) Sicherheitsupdate für Windows XP (KB2566454) (Version: 1) Sicherheitsupdate für Windows XP (KB2567053) (Version: 1) Sicherheitsupdate für Windows XP (KB2567680) (Version: 1) Sicherheitsupdate für Windows XP (KB2570222) (Version: 1) Sicherheitsupdate für Windows XP (KB2570947) (Version: 1) Sicherheitsupdate für Windows XP (KB2584146) (Version: 1) Sicherheitsupdate für Windows XP (KB2585542) (Version: 1) Sicherheitsupdate für Windows XP (KB2592799) (Version: 1) Sicherheitsupdate für Windows XP (KB2598479) (Version: 1) Sicherheitsupdate für Windows XP (KB2603381) (Version: 1) Sicherheitsupdate für Windows XP (KB2618451) (Version: 1) Sicherheitsupdate für Windows XP (KB2619339) (Version: 1) Sicherheitsupdate für Windows XP (KB2620712) (Version: 1) Sicherheitsupdate für Windows XP (KB2621440) (Version: 1) Sicherheitsupdate für Windows XP (KB2624667) (Version: 1) Sicherheitsupdate für Windows XP (KB2631813) (Version: 1) Sicherheitsupdate für Windows XP (KB2633171) (Version: 1) Sicherheitsupdate für Windows XP (KB2639417) (Version: 1) Sicherheitsupdate für Windows XP (KB2641653) (Version: 1) Sicherheitsupdate für Windows XP (KB2646524) (Version: 1) Sicherheitsupdate für Windows XP (KB2647518) (Version: 1) Sicherheitsupdate für Windows XP (KB2653956) (Version: 1) Sicherheitsupdate für Windows XP (KB2655992) (Version: 1) Sicherheitsupdate für Windows XP (KB2659262) (Version: 1) Sicherheitsupdate für Windows XP (KB2660465) (Version: 1) Sicherheitsupdate für Windows XP (KB2676562) (Version: 1) Sicherheitsupdate für Windows XP (KB2685939) (Version: 1) Sicherheitsupdate für Windows XP (KB2686509) (Version: 1) Sicherheitsupdate für Windows XP (KB2691442) (Version: 1) Sicherheitsupdate für Windows XP (KB2695962) (Version: 1) Sicherheitsupdate für Windows XP (KB2698365) (Version: 1) Sicherheitsupdate für Windows XP (KB2705219) (Version: 1) Sicherheitsupdate für Windows XP (KB2707511) (Version: 1) Sicherheitsupdate für Windows XP (KB2709162) (Version: 1) Sicherheitsupdate für Windows XP (KB2712808) (Version: 1) Sicherheitsupdate für Windows XP (KB2718523) (Version: 1) Sicherheitsupdate für Windows XP (KB2719985) (Version: 1) Sicherheitsupdate für Windows XP (KB2723135) (Version: 1) Sicherheitsupdate für Windows XP (KB2724197) (Version: 1) Sicherheitsupdate für Windows XP (KB2727528) (Version: 1) Sicherheitsupdate für Windows XP (KB2731847) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2757638) (Version: 1) Sicherheitsupdate für Windows XP (KB2758857) (Version: 1) Sicherheitsupdate für Windows XP (KB2761226) (Version: 1) Sicherheitsupdate für Windows XP (KB2770660) (Version: 1) Sicherheitsupdate für Windows XP (KB2778344) (Version: 1) Sicherheitsupdate für Windows XP (KB2779030) (Version: 1) Sicherheitsupdate für Windows XP (KB2780091) (Version: 1) Sicherheitsupdate für Windows XP (KB2799494) (Version: 1) Sicherheitsupdate für Windows XP (KB2802968) (Version: 1) Sicherheitsupdate für Windows XP (KB2807986) (Version: 1) Sicherheitsupdate für Windows XP (KB2808735) (Version: 1) Sicherheitsupdate für Windows XP (KB2813170) (Version: 1) Sicherheitsupdate für Windows XP (KB2813345) (Version: 1) Sicherheitsupdate für Windows XP (KB2820197) (Version: 1) Sicherheitsupdate für Windows XP (KB2820917) (Version: 1) Sicherheitsupdate für Windows XP (KB2829361) (Version: 1) Sicherheitsupdate für Windows XP (KB2834886) (Version: 1) Sicherheitsupdate für Windows XP (KB2839229) (Version: 1) Sicherheitsupdate für Windows XP (KB2845187) (Version: 1) Sicherheitsupdate für Windows XP (KB2850851) (Version: 1) Sicherheitsupdate für Windows XP (KB923561) (Version: 1) Sicherheitsupdate für Windows XP (KB923689) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB946648) (Version: 1) Sicherheitsupdate für Windows XP (KB950762) (Version: 1) Sicherheitsupdate für Windows XP (KB950974) (Version: 1) Sicherheitsupdate für Windows XP (KB951376-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB951748) (Version: 1) Sicherheitsupdate für Windows XP (KB952004) (Version: 1) Sicherheitsupdate für Windows XP (KB952954) (Version: 1) Sicherheitsupdate für Windows XP (KB955069) (Version: 1) Sicherheitsupdate für Windows XP (KB956572) (Version: 1) Sicherheitsupdate für Windows XP (KB956744) (Version: 1) Sicherheitsupdate für Windows XP (KB956802) (Version: 1) Sicherheitsupdate für Windows XP (KB956803) (Version: 1) Sicherheitsupdate für Windows XP (KB956844) (Version: 1) Sicherheitsupdate für Windows XP (KB958644) (Version: 1) Sicherheitsupdate für Windows XP (KB958869) (Version: 1) Sicherheitsupdate für Windows XP (KB959426) (Version: 1) Sicherheitsupdate für Windows XP (KB960225) (Version: 1) Sicherheitsupdate für Windows XP (KB960803) (Version: 1) Sicherheitsupdate für Windows XP (KB960859) (Version: 1) Sicherheitsupdate für Windows XP (KB961501) (Version: 1) Sicherheitsupdate für Windows XP (KB969059) (Version: 1) Sicherheitsupdate für Windows XP (KB970238) (Version: 1) Sicherheitsupdate für Windows XP (KB970430) (Version: 1) Sicherheitsupdate für Windows XP (KB971468) (Version: 1) Sicherheitsupdate für Windows XP (KB971657) (Version: 1) Sicherheitsupdate für Windows XP (KB971961) (Version: 1) Sicherheitsupdate für Windows XP (KB972270) (Version: 1) Sicherheitsupdate für Windows XP (KB973507) (Version: 1) Sicherheitsupdate für Windows XP (KB973869) (Version: 1) Sicherheitsupdate für Windows XP (KB973904) (Version: 1) Sicherheitsupdate für Windows XP (KB974112) (Version: 1) Sicherheitsupdate für Windows XP (KB974318) (Version: 1) Sicherheitsupdate für Windows XP (KB974392) (Version: 1) Sicherheitsupdate für Windows XP (KB974571) (Version: 1) Sicherheitsupdate für Windows XP (KB975025) (Version: 1) Sicherheitsupdate für Windows XP (KB975467) (Version: 1) Sicherheitsupdate für Windows XP (KB975560) (Version: 1) Sicherheitsupdate für Windows XP (KB975561) (Version: 1) Sicherheitsupdate für Windows XP (KB975562) (Version: 1) Sicherheitsupdate für Windows XP (KB975713) (Version: 1) Sicherheitsupdate für Windows XP (KB977816) (Version: 1) Sicherheitsupdate für Windows XP (KB977914) (Version: 1) Sicherheitsupdate für Windows XP (KB978037) (Version: 1) Sicherheitsupdate für Windows XP (KB978338) (Version: 1) Sicherheitsupdate für Windows XP (KB978542) (Version: 1) Sicherheitsupdate für Windows XP (KB978601) (Version: 1) Sicherheitsupdate für Windows XP (KB978706) (Version: 1) Sicherheitsupdate für Windows XP (KB979309) (Version: 1) Sicherheitsupdate für Windows XP (KB979482) (Version: 1) Sicherheitsupdate für Windows XP (KB979559) (Version: 1) Sicherheitsupdate für Windows XP (KB979683) (Version: 1) Sicherheitsupdate für Windows XP (KB979687) (Version: 1) Sicherheitsupdate für Windows XP (KB980195) (Version: 1) Sicherheitsupdate für Windows XP (KB980218) (Version: 1) Sicherheitsupdate für Windows XP (KB980232) (Version: 1) Sicherheitsupdate für Windows XP (KB980436) (Version: 1) Sicherheitsupdate für Windows XP (KB981322) (Version: 1) Sicherheitsupdate für Windows XP (KB981349) (Version: 1) Sicherheitsupdate für Windows XP (KB981997) (Version: 1) Sicherheitsupdate für Windows XP (KB982132) (Version: 1) Sicherheitsupdate für Windows XP (KB982665) (Version: 1) Siedler3 Skype™ 6.1 (Version: 6.1.129) SolutionCenter (Version: 50.0.152.000) SoundMAX (Version: 5.12.01.3663) Spybot - Search & Destroy (Version: 1.6.2) Status (Version: 53.0.13.000) SUPERAntiSpyware (Version: 5.0.1118) TrayApp (Version: 53.0.13.000) Trust Ami Mouse 250S Cordless Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update für Windows XP (KB2345886) (Version: 1) Update für Windows XP (KB2541763) (Version: 1) Update für Windows XP (KB2616676-v2) (Version: 2) Update für Windows XP (KB2641690) (Version: 1) Update für Windows XP (KB2661254-v2) (Version: 2) Update für Windows XP (KB2718704) (Version: 1) Update für Windows XP (KB2736233) (Version: 1) Update für Windows XP (KB2749655) (Version: 1) Update für Windows XP (KB951978) (Version: 1) Update für Windows XP (KB955759) (Version: 1) Update für Windows XP (KB967715) (Version: 1) Update für Windows XP (KB968389) (Version: 1) Update für Windows XP (KB971029) (Version: 1) Update für Windows XP (KB971737) (Version: 1) Update für Windows XP (KB973687) (Version: 1) Update für Windows XP (KB973815) (Version: 1) VIA Platform Device Manager (Version: 1.13) VLC media player 1.1.11 (Version: 1.1.11) WebFldrs XP (Version: 9.50.7523) WebReg (Version: 53.0.13.000) Winamp (remove only) Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) (Version: 06/12/2006 6.81.0.21) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Internet Explorer 7 (Version: 20070813.185237) Windows Live Sign-in Assistant (Version: 4.000.249.1) Windows XP Service Pack 3 (Version: 20080414.031514) WinRAR XviD MPEG-4 Video Codec (Version: XviD-1.0.3-20122004) Zax: The Alien Hunter (Version: 1.0) ==================== Restore Points ========================= 16-07-2013 13:13:41 Systemprüfpunkt ==================== Hosts content: ========================== 2001-08-23 13:00 - 2012-06-07 16:28 - 00442879 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programme\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/03/2013 07:35:40 AM) (Source: WmiAdapter) (User: VORDEFINIERT) Description: Dienst konnte nicht geöffnet werden. Error: (05/08/2013 08:27:59 AM) (Source: Microsoft Office 11) (User: ) Description: Rejected Safe Mode action : Microsoft Office Word. Error: (04/05/2013 11:26:15 AM) (Source: ESENT) (User: ) Description: wuaueng.dll (3676) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (04/05/2013 11:26:15 AM) (Source: ESENT) (User: ) Description: wuauclt (3676) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (04/05/2013 11:26:05 AM) (Source: ESENT) (User: ) Description: wuaueng.dll (3676) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (04/05/2013 11:26:05 AM) (Source: ESENT) (User: ) Description: wuauclt (3676) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (12/31/2001 11:14:35 PM) (Source: WmiAdapter) (User: VORDEFINIERT) Description: Dienst konnte nicht geöffnet werden. Error: (03/25/2013 09:17:10 AM) (Source: WmiAdapter) (User: VORDEFINIERT) Description: Dienst konnte nicht geöffnet werden. Error: (03/15/2013 07:00:00 AM) (Source: WmiAdapter) (User: VORDEFINIERT) Description: Dienst konnte nicht geöffnet werden. Error: (03/04/2013 10:22:36 AM) (Source: WmiAdapter) (User: VORDEFINIERT) Description: Dienst konnte nicht geöffnet werden. System errors: ============= Error: (05/27/2013 08:05:33 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:05:33 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:05:33 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:05:33 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:05:01 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:04:56 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:04:51 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:04:46 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:04:40 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (05/27/2013 08:04:40 AM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Microsoft Office Sessions: ========================= Error: (07/03/2013 07:35:40 AM) (Source: WmiAdapter)(User: VORDEFINIERT) Description: Error: (05/08/2013 08:27:59 AM) (Source: Microsoft Office 11)(User: ) Description: Microsoft Office WordWord hat ein Problem mit Normal.dot festgestellt. Möchten Sie eine neue Normal.dot erstellen? Error: (04/05/2013 11:26:15 AM) (Source: ESENT)(User: ) Description: wuaueng.dll3676SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8) Error: (04/05/2013 11:26:15 AM) (Source: ESENT)(User: ) Description: wuauclt3676C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (04/05/2013 11:26:05 AM) (Source: ESENT)(User: ) Description: wuaueng.dll3676SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8) Error: (04/05/2013 11:26:05 AM) (Source: ESENT)(User: ) Description: wuauclt3676C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (12/31/2001 11:14:35 PM) (Source: WmiAdapter)(User: VORDEFINIERT) Description: Error: (03/25/2013 09:17:10 AM) (Source: WmiAdapter)(User: VORDEFINIERT) Description: Error: (03/15/2013 07:00:00 AM) (Source: WmiAdapter)(User: VORDEFINIERT) Description: Error: (03/04/2013 10:22:36 AM) (Source: WmiAdapter)(User: VORDEFINIERT) Description: ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 767.53 MB Available physical RAM: 589.5 MB Total Pagefile: 1491.74 MB Available Pagefile: 1417.15 MB Total Virtual: 2047.88 MB Available Virtual: 1956.02 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:34.18 GB) (Free:3.26 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (Daten) (Fixed) (Total:42.5 GB) (Free:29.56 GB) NTFS Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive h: (SANDISC) (Removable) (Total:7.46 GB) (Free:7.42 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 77 GB) (Disk ID: CD05CD05) Partition 1: (Active) - (Size=34 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=42 GB) - (Type=05) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 573549F5) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ |
18.07.2013, 22:59 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner auf Windows XP Rechner Hallo,
__________________Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Shell] explorer.exe,C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\cache.dat <==== ATTENTION C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\cache.ini C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\cache.dat
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
18.07.2013, 23:32 | #3 |
| GVU Trojaner auf Windows XP Rechner hat er alles gemacht.
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013 02 Ran by Administrator at 2013-07-19 00:29:54 Run:1 Running from H:\_ANTIVIR Boot Mode: Safe Mode (minimal) ============================================== HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully. C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\cache.ini => Moved successfully. C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\cache.dat => Moved successfully. ==== End of Fixlog ==== |
19.07.2013, 00:02 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner auf Windows XP Rechner Startet Windows wieder normal?
__________________ Logfiles bitte immer in CODE-Tags posten |
19.07.2013, 00:09 | #5 |
| GVU Trojaner auf Windows XP Rechner ja startet alles normal. super danke. hier jetzt die logs von defogger und OTL Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:40 on 19/07/2013 (Administrator) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKLM:DAEMON Tools -> Removed Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Code:
ATTFilter OTL logfile created on: 19.07.2013 00:46:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\_ANTIVIR Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,53 Mb Total Physical Memory | 202,48 Mb Available Physical Memory | 26,38% Memory free 1,46 Gb Paging File | 0,97 Gb Available in Paging File | 66,26% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34,18 Gb Total Space | 2,51 Gb Free Space | 7,34% Space Free | Partition Type: NTFS Drive D: | 42,50 Gb Total Space | 29,56 Gb Free Space | 69,55% Space Free | Partition Type: NTFS Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 7,46 Gb Total Space | 7,42 Gb Free Space | 99,40% Space Free | Partition Type: FAT32 Computer Name: TIM | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.18 22:49:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\_ANTIVIR\OTL.exe PRC - [2013.06.26 16:42:54 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.03.12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.03.24 17:11:18 | 000,107,800 | ---- | M] (Octoshape ApS) -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2009.05.08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.05.08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe PRC - [2009.04.30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.02.23 17:32:56 | 000,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Programme\Samsung\Samsung Media Studio 5\SMSTray.exe PRC - [2007.01.30 21:36:30 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Programme\MarkAny\ContentSafer\MaAgent.exe PRC - [2006.06.15 13:36:18 | 000,229,376 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2006.06.05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe PRC - [2006.03.20 21:43:16 | 000,331,776 | ---- | M] () -- C:\Programme\AGEIA Technologies\TrayIcon.exe PRC - [2006.01.04 13:50:28 | 001,009,835 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe PRC - [2006.01.04 13:50:26 | 000,172,032 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2006.01.04 13:50:26 | 000,118,784 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2005.06.04 18:14:23 | 000,301,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe PRC - [2001.11.15 13:44:54 | 000,196,608 | ---- | M] () -- C:\Programme\Trust\Ami Mouse 250S Cordless\Amoumain.exe ========== Modules (No Company Name) ========== MOD - [2013.07.16 21:56:22 | 002,093,568 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13071601\algo.dll MOD - [2013.05.10 09:57:36 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2009.05.08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.05.08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe MOD - [2006.03.20 21:43:16 | 000,331,776 | ---- | M] () -- C:\Programme\AGEIA Technologies\TrayIcon.exe MOD - [2005.10.07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2005.06.04 18:15:11 | 000,326,352 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2006\MSENCXML.DLL MOD - [2005.06.04 18:15:11 | 000,248,528 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2006\ERSREGPR.DLL MOD - [2005.06.04 18:15:11 | 000,203,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2006\MSENCDAT.DLL MOD - [2005.06.04 18:15:10 | 000,178,896 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2006\ENCCONT.DLL MOD - [2005.06.04 18:14:23 | 000,051,920 | ---- | M] () -- C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICTITS.EBK MOD - [2001.11.15 13:44:54 | 000,196,608 | ---- | M] () -- C:\Programme\Trust\Ami Mouse 250S Cordless\Amoumain.exe ========== Services (SafeList) ========== SRV - [2013.07.03 10:35:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.26 16:48:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.26 16:42:54 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2009.04.30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2006.06.05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.01.04 13:50:26 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.06.28 09:15:21 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.06.28 09:15:21 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.06.28 09:15:21 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013.05.09 10:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.05.01 01:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2009.05.01 01:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2009.05.01 01:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2009.05.01 01:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009.04.30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.02.15 15:12:22 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2006.05.29 09:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.05.29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.05.29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.05.29 09:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [2006.04.29 21:16:02 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2006.04.29 21:16:01 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2006.04.29 21:15:58 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2006.04.19 17:40:05 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi) DRV - [2006.02.23 11:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2005.05.31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005.05.31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005.04.30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2005.04.30 14:50:10 | 000,028,271 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005.04.30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005.03.25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2001.10.19 14:57:42 | 000,009,056 | ---- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt) DRV - [2001.08.23 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001.08.23 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\SearchScopes,DefaultScope = {D80542C7-0201-43DE-AE99-93F06A03ABE3} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4767c182-3544-45ee-805e-4863d4e9007e&apn_sauid=05610234-2320-43D7-9C12-759B05FFA953 IE - HKCU\..\SearchScopes\{D80542C7-0201-43DE-AE99-93F06A03ABE3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADFA_deDE440 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2013.06.04 10:12:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Programme\Mozilla1.7.13\Components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Programme\Mozilla1.7.13\Plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2002.01.01 00:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Mozilla\Extensions [2013.05.13 09:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Mozilla\Firefox\Profiles\mnui3xkz.default-1364399159218\extensions [2013.05.13 09:11:45 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Mozilla\Firefox\Profiles\mnui3xkz.default-1364399159218\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.03 10:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.07.03 10:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.07.03 10:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.03 10:35:05 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.06.07 17:28:55 | 000,442,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15215 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Reg Error: Value error.) - {27D79A23-47BB-40A7-A860-0371C3CD082B} - Reg Error: Value error. File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Hilfsobjekt für Encarta Web-Begleiter) - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O3 - HKLM\..\Toolbar: (Encarta Web-Begleiter) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Programme\AGEIA Technologies\TrayIcon.exe () O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [MAAgent] C:\Programme\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SMSTray] C:\Programme\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WheelMouse] Amoumain.exe File not found O4 - HKCU..\Run: [E06DXLRD_5083312] C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator.TIM\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator.TIM\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Programme\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.19 14:15:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1d39ad70-fe47-11d5-a4a5-b1f63bcebbbb}\Shell - "" = AutoRun O33 - MountPoints2\{1d39ad70-fe47-11d5-a4a5-b1f63bcebbbb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1d39ad70-fe47-11d5-a4a5-b1f63bcebbbb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (stera) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.03 10:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.19 00:44:58 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.07.19 00:43:22 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.07.19 00:42:47 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.07.19 00:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.07.19 00:42:29 | 804,884,480 | -HS- | M] () -- C:\hiberfil.sys [2013.07.19 00:40:48 | 000,000,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.TIM\defogger_reenable [2013.07.19 00:35:07 | 000,451,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.07.19 00:35:06 | 000,471,168 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.07.19 00:35:06 | 000,089,152 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.07.19 00:35:06 | 000,073,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.07.19 00:26:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.07.17 13:30:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.07.17 13:02:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.07.17 12:25:14 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2013.07.16 14:08:59 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.07.15 13:09:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.07.15 09:14:38 | 002,652,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060290.JPG [2013.07.15 09:14:04 | 001,725,228 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060289.JPG [2013.07.15 09:13:42 | 001,943,837 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060288.JPG [2013.07.15 09:13:20 | 001,709,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060287.JPG [2013.06.28 09:15:21 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013.06.28 09:15:21 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013.06.28 09:15:21 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013.06.28 09:15:21 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum [2013.06.28 09:15:21 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum [2013.06.28 09:15:21 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2013.06.22 08:14:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.19 00:40:31 | 000,000,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\defogger_reenable [2013.07.19 00:32:57 | 804,884,480 | -HS- | C] () -- C:\hiberfil.sys [2013.07.15 08:59:59 | 002,652,472 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060290.JPG [2013.07.15 08:59:53 | 001,725,228 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060289.JPG [2013.07.15 08:59:49 | 001,943,837 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060288.JPG [2013.07.15 08:59:46 | 001,709,682 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\P1060287.JPG [2013.06.28 09:15:27 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum [2013.06.26 20:43:02 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum [2013.06.26 20:42:56 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum [2013.04.08 15:53:00 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013.04.08 15:53:00 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2011.11.01 16:14:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.11.01 16:14:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.10.28 20:58:29 | 002,589,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Zeugnisse.zip [2011.10.28 20:54:48 | 000,087,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Lebenslauf.zip [2011.10.26 14:40:10 | 000,000,106 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.09.30 13:26:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2011.07.25 19:47:25 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011.07.22 11:52:41 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2011.07.22 11:52:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2006.12.25 18:01:28 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2002.01.01 01:27:59 | 000,000,150 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2002.01.01 01:12:02 | 000,041,472 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.TIM\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.04.19 15:47:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2002.01.01 18:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\DataCast [2013.05.08 18:19:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Dropbox [2011.10.28 19:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\IObit [2011.07.25 19:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Leadertech [2002.01.01 01:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Nokia [2012.09.06 21:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape [2002.01.01 00:47:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\OpenOffice.org [2002.01.01 01:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\PC Suite [2006.04.29 21:18:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012.10.24 13:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2006.09.03 18:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2007.03.07 15:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2007.03.07 15:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2007.09.28 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm [2012.01.31 20:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SF [2011.10.28 19:23:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{9B7C9CD3-9740-4524-855E-ACE12DDD6F6D} ========== Purity Check ========== < End of report > |
19.07.2013, 01:01 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner auf Windows XP Rechner Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> GVU Trojaner auf Windows XP Rechner |
19.07.2013, 09:29 | #7 | |
| GVU Trojaner auf Windows XP RechnerZitat:
Im normalen Modus kam Bluescreen. Alternativ im Abgesicherten Modus auch Bluescreen. Ohne Devices kam bei mir auch Bluescreen. Habe dann MBAR upgedatet und durchlaufen lassen und der hat was gefunden und entfernt. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.18.06 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 7.0.5730.13 Administrator :: mm [administrator] 19.07.2013 03:20:56 mbar-log-2013-07-19 (03-20-56).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 284593 Time elapsed: 1 hour(s), 2 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8109FD3D-D891-4f80-8339-50A4913ACE6F} (Adware.Zango) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{90B5A95A-AFD5-4d11-B9BD-A69D53D22226} (Adware.Hotbar) -> Delete on reboot. Registry Values Detected: 1 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot. Registry Data Items Detected: 1 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Replace on reboot. Folders Detected: 2 c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Delete on reboot. c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Delete on reboot. Files Detected: 6 c:\Dokumente und Einstellungen\Administrator.mm\Eigene Dateien\Downloads\movie1080p.mkv(1).exe (Trojan.Ransom.Foreign) -> Delete on reboot. c:\Dokumente und Einstellungen\Administrator.mm\Eigene Dateien\Downloads\movie1080p.mkv.exe (Trojan.Ransom.Foreign) -> Delete on reboot. c:\Dokumente und Einstellungen\Administrator.mm\Lokale Einstellungen\Temp\m5C55oLN.exe.part (Trojan.Ransom.Foreign) -> Delete on reboot. c:\Dokumente und Einstellungen\Administrator.mm\Lokale Einstellungen\Temp\P3y+7pcQ.exe.part (Trojan.Ransom.Foreign) -> Delete on reboot. c:\Dokumente und Einstellungen\Administrator.mm\Lokale Einstellungen\Temp\cY+HWHm9.exe.part (Trojan.Ransom.Foreign) -> Delete on reboot. c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntiVirus) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) |
19.07.2013, 15:05 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner auf Windows XP Rechner Ich zitiere aus der MBAR-Anleitung: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.07.2013, 17:58 | #9 |
| GVU Trojaner auf Windows XP Rechner Hallo cosinus, ich habe MBAR nochmals durchgeführt, aber es wurde nichts gefunden. Ist der Rechner jetzt sauber? |
20.07.2013, 01:00 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner auf Windows XP Rechner So schnell noch nicht aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
20.07.2013, 12:08 | #11 |
| GVU Trojaner auf Windows XP Rechner aswMBR hat nichts gefunden. Hier die log Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-07-20 12:51:14 ----------------------------- 12:51:14.343 OS Version: Windows 5.1.2600 Service Pack 3 12:51:14.343 Number of processors: 1 586 0x801 12:51:14.343 ComputerName: TIM UserName: 12:51:15.921 Initialize success 12:51:17.828 AVAST engine defs: 13071900 12:51:28.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 12:51:28.765 Disk 0 Vendor: ExcelStor_Technology_J680 V32OA60A Size: 78533MB BusType: 3 12:51:28.906 Disk 0 MBR read successfully 12:51:28.906 Disk 0 MBR scan 12:51:29.625 Disk 0 Windows XP default MBR code 12:51:29.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63 12:51:30.562 Disk 0 Partition - 00 05 Extended 43519 MB offset 71682030 12:51:30.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 43519 MB offset 71682093 12:51:30.625 Disk 0 scanning sectors +160810650 12:51:31.265 Disk 0 scanning C:\WINDOWS\system32\drivers 12:51:55.750 Service scanning 12:52:23.234 Modules scanning 12:52:36.828 Disk 0 trace - called modules: 12:52:37.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS 12:52:37.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83bc9ab8] 12:52:37.359 3 CLASSPNP.SYS[f76fefd7] -> nt!IofCallDriver -> \Device\00000068[0x83b8b2a0] 12:52:37.359 5 ACPI.sys[f7664620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x83bce940] 12:52:37.671 AVAST engine scan C:\WINDOWS 12:52:50.906 AVAST engine scan C:\WINDOWS\system32 12:56:08.078 AVAST engine scan C:\WINDOWS\system32\drivers 12:56:32.109 AVAST engine scan C:\Dokumente und Einstellungen\Administrator.TIM 13:00:11.468 AVAST engine scan C:\Dokumente und Einstellungen\All Users 13:01:02.625 Scan finished successfully 13:01:27.625 Disk 0 MBR has been saved successfully to "G:\_ANTIVIR\MBR.dat" 13:01:27.640 The log file has been saved successfully to "G:\_ANTIVIR\aswMBR.txt" Code:
ATTFilter 13:01:40.0406 0564 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 13:01:40.0515 0564 ============================================================ 13:01:40.0515 0564 Current date / time: 2013/07/20 13:01:40.0515 13:01:40.0515 0564 SystemInfo: 13:01:40.0515 0564 13:01:40.0515 0564 OS Version: 5.1.2600 ServicePack: 3.0 13:01:40.0515 0564 Product type: Workstation 13:01:40.0515 0564 ComputerName: TIM 13:01:40.0515 0564 UserName: Administrator 13:01:40.0515 0564 Windows directory: C:\WINDOWS 13:01:40.0515 0564 System windows directory: C:\WINDOWS 13:01:40.0515 0564 Processor architecture: Intel x86 13:01:40.0515 0564 Number of processors: 1 13:01:40.0515 0564 Page size: 0x1000 13:01:40.0515 0564 Boot type: Normal boot 13:01:40.0515 0564 ============================================================ 13:01:41.0828 0564 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 13:01:41.0828 0564 Drive \Device\Harddisk1\DR3 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:01:41.0828 0564 ============================================================ 13:01:41.0828 0564 \Device\Harddisk0\DR0: 13:01:41.0828 0564 MBR partitions: 13:01:41.0828 0564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF 13:01:41.0843 0564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x54FFE6D 13:01:41.0843 0564 \Device\Harddisk1\DR3: 13:01:41.0843 0564 MBR partitions: 13:01:41.0843 0564 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0xEF7FC0 13:01:41.0843 0564 ============================================================ 13:01:41.0875 0564 C: <-> \Device\Harddisk0\DR0\Partition1 13:01:41.0937 0564 D: <-> \Device\Harddisk0\DR0\Partition2 13:01:41.0937 0564 ============================================================ 13:01:41.0937 0564 Initialize success 13:01:41.0937 0564 ============================================================ 13:01:59.0500 0472 ============================================================ 13:01:59.0500 0472 Scan started 13:01:59.0500 0472 Mode: Manual; SigCheck; TDLFS; 13:01:59.0500 0472 ============================================================ 13:01:59.0859 0472 ================ Scan system memory ======================== 13:01:59.0859 0472 System memory - ok 13:01:59.0859 0472 ================ Scan services ============================= 13:01:59.0937 0472 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Programme\SUPERAntiSpyware\SASCORE.EXE 13:02:00.0390 0472 !SASCORE ( UnsignedFile.Multi.Generic ) - warning 13:02:00.0390 0472 !SASCORE - detected UnsignedFile.Multi.Generic (1) 13:02:00.0546 0472 Abiosdsk - ok 13:02:00.0562 0472 abp480n5 - ok 13:02:00.0640 0472 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:02:00.0875 0472 ACPI - ok 13:02:00.0921 0472 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 13:02:01.0156 0472 ACPIEC - ok 13:02:01.0203 0472 [ 1B77CAC441B53553DB0122468926AD73 ] AcrSch2Svc C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe 13:02:01.0234 0472 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - warning 13:02:01.0234 0472 AcrSch2Svc - detected UnsignedFile.Multi.Generic (1) 13:02:01.0328 0472 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:02:01.0359 0472 AdobeFlashPlayerUpdateSvc - ok 13:02:01.0375 0472 adpu160m - ok 13:02:01.0406 0472 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys 13:02:01.0468 0472 aeaudio - ok 13:02:01.0500 0472 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 13:02:01.0718 0472 aec - ok 13:02:01.0781 0472 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 13:02:01.0828 0472 AFD - ok 13:02:01.0843 0472 Aha154x - ok 13:02:01.0875 0472 aic78u2 - ok 13:02:01.0890 0472 aic78xx - ok 13:02:01.0937 0472 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 13:02:02.0187 0472 Alerter - ok 13:02:02.0218 0472 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 13:02:02.0453 0472 ALG - ok 13:02:02.0468 0472 AliIde - ok 13:02:02.0515 0472 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys 13:02:02.0734 0472 AmdK7 - ok 13:02:02.0781 0472 [ 537C6C32EA891FED3FF7EB1E05A4FF03 ] Amps2prt C:\WINDOWS\system32\DRIVERS\Amps2prt.sys 13:02:02.0796 0472 Amps2prt ( UnsignedFile.Multi.Generic ) - warning 13:02:02.0796 0472 Amps2prt - detected UnsignedFile.Multi.Generic (1) 13:02:02.0812 0472 amsint - ok 13:02:02.0859 0472 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 13:02:03.0093 0472 AppMgmt - ok 13:02:03.0109 0472 asc - ok 13:02:03.0125 0472 asc3350p - ok 13:02:03.0140 0472 asc3550 - ok 13:02:03.0265 0472 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 13:02:03.0312 0472 aspnet_state - ok 13:02:03.0343 0472 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys 13:02:03.0390 0472 aswFsBlk - ok 13:02:03.0437 0472 [ 3FCA5C1A8F33CF9857220CC3A3076A3E ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys 13:02:03.0453 0472 aswKbd - ok 13:02:03.0500 0472 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys 13:02:03.0531 0472 aswMonFlt - ok 13:02:03.0562 0472 [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys 13:02:03.0593 0472 AswRdr - ok 13:02:03.0625 0472 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys 13:02:03.0656 0472 aswRvrt - ok 13:02:03.0718 0472 [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys 13:02:03.0781 0472 aswSnx - ok 13:02:03.0859 0472 [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys 13:02:03.0906 0472 aswSP - ok 13:02:03.0968 0472 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys 13:02:03.0984 0472 aswTdi - ok 13:02:04.0031 0472 [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys 13:02:04.0093 0472 aswVmm - ok 13:02:04.0109 0472 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:02:04.0328 0472 AsyncMac - ok 13:02:04.0359 0472 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 13:02:04.0609 0472 atapi - ok 13:02:04.0640 0472 Atdisk - ok 13:02:04.0671 0472 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:02:04.0890 0472 Atmarpc - ok 13:02:04.0937 0472 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 13:02:05.0171 0472 AudioSrv - ok 13:02:05.0218 0472 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 13:02:05.0546 0472 audstub - ok 13:02:05.0593 0472 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe 13:02:05.0609 0472 avast! Antivirus - ok 13:02:05.0656 0472 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 13:02:05.0921 0472 Beep - ok 13:02:05.0984 0472 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 13:02:06.0218 0472 BITS - ok 13:02:06.0250 0472 [ 04E84C8049EE93614A2FF6D676D1E247 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys 13:02:06.0265 0472 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning 13:02:06.0265 0472 BlueletAudio - detected UnsignedFile.Multi.Generic (1) 13:02:06.0312 0472 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 13:02:06.0359 0472 Browser - ok 13:02:06.0421 0472 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys 13:02:06.0437 0472 BT ( UnsignedFile.Multi.Generic ) - warning 13:02:06.0437 0472 BT - detected UnsignedFile.Multi.Generic (1) 13:02:06.0484 0472 [ 7304ACC25455746912DE37D7DED387ED ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys 13:02:06.0500 0472 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning 13:02:06.0500 0472 Btcsrusb - detected UnsignedFile.Multi.Generic (1) 13:02:06.0531 0472 [ 161969D2DD1D39CD2F1EDBC60C61FA99 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys 13:02:06.0546 0472 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning 13:02:06.0546 0472 BTHidEnum - detected UnsignedFile.Multi.Generic (1) 13:02:06.0593 0472 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys 13:02:06.0593 0472 Suspicious file (Forged): C:\WINDOWS\system32\Drivers\BTHidMgr.sys. Real md5: A9164C2A39BD917B9F42AE087560AC3D, Fake md5: 3A0E832FA37B0E96CFCCEB25CE716CFE 13:02:06.0593 0472 BTHidMgr ( ForgedFile.Multi.Generic ) - warning 13:02:06.0609 0472 BTHidMgr - detected ForgedFile.Multi.Generic (1) 13:02:06.0640 0472 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 13:02:06.0921 0472 cbidf2k - ok 13:02:06.0984 0472 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 13:02:07.0234 0472 CCDECODE - ok 13:02:07.0250 0472 cd20xrnt - ok 13:02:07.0281 0472 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 13:02:07.0609 0472 Cdaudio - ok 13:02:07.0640 0472 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 13:02:07.0843 0472 Cdfs - ok 13:02:07.0875 0472 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:02:08.0140 0472 Cdrom - ok 13:02:08.0156 0472 Changer - ok 13:02:08.0234 0472 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 13:02:08.0453 0472 CiSvc - ok 13:02:08.0531 0472 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 13:02:08.0750 0472 ClipSrv - ok 13:02:08.0828 0472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:02:09.0218 0472 clr_optimization_v4.0.30319_32 - ok 13:02:09.0234 0472 CmdIde - ok 13:02:09.0250 0472 COMSysApp - ok 13:02:09.0281 0472 Cpqarray - ok 13:02:09.0328 0472 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 13:02:09.0531 0472 CryptSvc - ok 13:02:09.0546 0472 dac2w2k - ok 13:02:09.0578 0472 dac960nt - ok 13:02:09.0750 0472 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 13:02:09.0953 0472 DcomLaunch - ok 13:02:10.0218 0472 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 13:02:10.0484 0472 Dhcp - ok 13:02:10.0593 0472 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 13:02:10.0812 0472 Disk - ok 13:02:10.0828 0472 dmadmin - ok 13:02:11.0312 0472 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 13:02:12.0296 0472 dmboot - ok 13:02:12.0390 0472 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 13:02:12.0718 0472 dmio - ok 13:02:12.0796 0472 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 13:02:13.0156 0472 dmload - ok 13:02:13.0250 0472 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 13:02:13.0468 0472 dmserver - ok 13:02:13.0500 0472 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 13:02:13.0750 0472 DMusic - ok 13:02:13.0843 0472 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 13:02:14.0171 0472 Dnscache - ok 13:02:14.0359 0472 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 13:02:14.0578 0472 Dot3svc - ok 13:02:14.0593 0472 dpti2o - ok 13:02:14.0734 0472 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 13:02:15.0015 0472 drmkaud - ok 13:02:15.0062 0472 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 13:02:15.0281 0472 EapHost - ok 13:02:15.0343 0472 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 13:02:15.0562 0472 ERSvc - ok 13:02:15.0656 0472 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 13:02:15.0781 0472 Eventlog - ok 13:02:15.0859 0472 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 13:02:15.0921 0472 EventSystem - ok 13:02:15.0953 0472 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 13:02:16.0156 0472 Fastfat - ok 13:02:16.0187 0472 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 13:02:16.0250 0472 FastUserSwitchingCompatibility - ok 13:02:16.0296 0472 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 13:02:16.0500 0472 Fdc - ok 13:02:16.0546 0472 [ D8B0F7A609ACE22B8ACFE0605F1DAB67 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5b.sys 13:02:16.0578 0472 FETNDIS ( UnsignedFile.Multi.Generic ) - warning 13:02:16.0578 0472 FETNDIS - detected UnsignedFile.Multi.Generic (1) 13:02:16.0625 0472 [ A75DDC492D2D1D6558AD8003A4ADB73A ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 13:02:16.0640 0472 FilterService - ok 13:02:16.0671 0472 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 13:02:16.0890 0472 Fips - ok 13:02:16.0921 0472 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:02:17.0125 0472 Flpydisk - ok 13:02:17.0156 0472 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 13:02:17.0359 0472 FltMgr - ok 13:02:17.0390 0472 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:02:17.0671 0472 Fs_Rec - ok 13:02:17.0703 0472 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:02:17.0984 0472 Ftdisk - ok 13:02:18.0000 0472 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys 13:02:18.0203 0472 gameenum - ok 13:02:18.0250 0472 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:02:18.0453 0472 Gpc - ok 13:02:18.0515 0472 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe 13:02:18.0546 0472 gupdate - ok 13:02:18.0562 0472 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe 13:02:18.0578 0472 gupdatem - ok 13:02:18.0656 0472 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe 13:02:18.0687 0472 gusvc - ok 13:02:18.0734 0472 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 13:02:18.0937 0472 helpsvc - ok 13:02:18.0984 0472 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 13:02:19.0187 0472 HidServ - ok 13:02:19.0218 0472 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:02:19.0421 0472 hidusb - ok 13:02:19.0468 0472 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 13:02:19.0671 0472 hkmsvc - ok 13:02:19.0687 0472 hpn - ok 13:02:19.0750 0472 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 13:02:19.0796 0472 HTTP - ok 13:02:19.0843 0472 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 13:02:20.0046 0472 HTTPFilter - ok 13:02:20.0062 0472 i2omgmt - ok 13:02:20.0093 0472 i2omp - ok 13:02:20.0140 0472 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:02:20.0390 0472 i8042prt - ok 13:02:20.0453 0472 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe 13:02:20.0468 0472 IDriverT ( UnsignedFile.Multi.Generic ) - warning 13:02:20.0468 0472 IDriverT - detected UnsignedFile.Multi.Generic (1) 13:02:20.0515 0472 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 13:02:20.0703 0472 Imapi - ok 13:02:20.0750 0472 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 13:02:20.0953 0472 ImapiService - ok 13:02:20.0968 0472 ini910u - ok 13:02:21.0000 0472 IntelIde - ok 13:02:21.0046 0472 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 13:02:21.0250 0472 Ip6Fw - ok 13:02:21.0296 0472 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:02:21.0562 0472 IpFilterDriver - ok 13:02:21.0593 0472 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:02:21.0781 0472 IpInIp - ok 13:02:21.0812 0472 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:02:22.0046 0472 IpNat - ok 13:02:22.0062 0472 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:02:22.0250 0472 IPSec - ok 13:02:22.0281 0472 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 13:02:22.0484 0472 IRENUM - ok 13:02:22.0531 0472 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:02:22.0734 0472 isapnp - ok 13:02:22.0843 0472 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 13:02:22.0875 0472 JavaQuickStarterService - ok 13:02:22.0890 0472 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:02:23.0093 0472 Kbdclass - ok 13:02:23.0140 0472 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:02:23.0343 0472 kbdhid - ok 13:02:23.0375 0472 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 13:02:23.0562 0472 kmixer - ok 13:02:23.0609 0472 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 13:02:23.0671 0472 KSecDD - ok 13:02:23.0718 0472 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 13:02:23.0765 0472 lanmanserver - ok 13:02:23.0812 0472 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 13:02:23.0859 0472 lanmanworkstation - ok 13:02:23.0890 0472 lbrtfdc - ok 13:02:23.0968 0472 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 13:02:24.0156 0472 LmHosts - ok 13:02:24.0203 0472 [ 01F0E010ACB61472163E9D02D3FF531A ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 13:02:24.0234 0472 lvpopflt - ok 13:02:24.0281 0472 [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 13:02:24.0296 0472 LVPr2Mon - ok 13:02:24.0359 0472 [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe 13:02:24.0390 0472 LVPrcSrv - ok 13:02:24.0437 0472 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys 13:02:24.0468 0472 LVRS - ok 13:02:24.0750 0472 [ 291F69B3DDA0F033D2490C5BA5179F7C ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys 13:02:25.0203 0472 LVUVC - ok 13:02:25.0281 0472 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe 13:02:25.0312 0472 McComponentHostService - ok 13:02:25.0359 0472 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 13:02:25.0609 0472 Messenger - ok 13:02:25.0640 0472 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 13:02:25.0921 0472 mnmdd - ok 13:02:25.0968 0472 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 13:02:26.0140 0472 mnmsrvc - ok 13:02:26.0187 0472 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 13:02:26.0375 0472 Modem - ok 13:02:26.0406 0472 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:02:26.0609 0472 Mouclass - ok 13:02:26.0640 0472 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:02:26.0906 0472 mouhid - ok 13:02:26.0937 0472 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 13:02:27.0125 0472 MountMgr - ok 13:02:27.0187 0472 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 13:02:27.0218 0472 MozillaMaintenance - ok 13:02:27.0250 0472 mraid35x - ok 13:02:27.0281 0472 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:02:27.0468 0472 MRxDAV - ok 13:02:27.0546 0472 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:02:27.0609 0472 MRxSmb - ok 13:02:27.0640 0472 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 13:02:27.0843 0472 MSDTC - ok 13:02:27.0890 0472 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 13:02:28.0078 0472 Msfs - ok 13:02:28.0109 0472 MSIServer - ok 13:02:28.0140 0472 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:02:28.0328 0472 MSKSSRV - ok 13:02:28.0359 0472 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:02:28.0546 0472 MSPCLOCK - ok 13:02:28.0578 0472 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 13:02:28.0781 0472 MSPQM - ok 13:02:28.0812 0472 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:02:28.0968 0472 mssmbios - ok 13:02:29.0000 0472 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 13:02:29.0187 0472 MSTEE - ok 13:02:29.0265 0472 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys 13:02:29.0531 0472 ms_mpu401 - ok 13:02:29.0562 0472 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 13:02:29.0593 0472 Mup - ok 13:02:29.0640 0472 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:02:29.0828 0472 NABTSFEC - ok 13:02:29.0875 0472 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 13:02:30.0125 0472 napagent - ok 13:02:30.0171 0472 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 13:02:30.0359 0472 NDIS - ok 13:02:30.0390 0472 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:02:30.0593 0472 NdisIP - ok 13:02:30.0640 0472 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:02:30.0671 0472 NdisTapi - ok 13:02:30.0718 0472 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:02:30.0984 0472 Ndisuio - ok 13:02:31.0031 0472 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:02:31.0250 0472 NdisWan - ok 13:02:31.0281 0472 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 13:02:31.0328 0472 NDProxy - ok 13:02:31.0375 0472 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 13:02:31.0578 0472 NetBIOS - ok 13:02:31.0625 0472 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 13:02:31.0828 0472 NetBT - ok 13:02:31.0859 0472 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 13:02:32.0062 0472 NetDDE - ok 13:02:32.0078 0472 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 13:02:32.0265 0472 NetDDEdsdm - ok 13:02:32.0312 0472 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 13:02:32.0484 0472 Netlogon - ok 13:02:32.0515 0472 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 13:02:32.0750 0472 Netman - ok 13:02:32.0781 0472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:02:32.0828 0472 NetTcpPortSharing - ok 13:02:32.0859 0472 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 13:02:32.0968 0472 Nla - ok 13:02:33.0000 0472 [ 5ABB6B2461C4EB0AFDF1BF7F03963D59 ] Nokia USB Generic C:\WINDOWS\system32\drivers\nmwcdc.sys 13:02:33.0093 0472 Nokia USB Generic - ok 13:02:33.0140 0472 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Modem C:\WINDOWS\system32\drivers\nmwcdcm.sys 13:02:33.0187 0472 Nokia USB Modem - ok 13:02:33.0234 0472 [ F5B1200C75B160C81E7E48CC0489AA5E ] Nokia USB Phone Parent C:\WINDOWS\system32\drivers\nmwcd.sys 13:02:33.0265 0472 Nokia USB Phone Parent - ok 13:02:33.0296 0472 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Port C:\WINDOWS\system32\drivers\nmwcdcj.sys 13:02:33.0328 0472 Nokia USB Port - ok 13:02:33.0375 0472 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 13:02:33.0578 0472 Npfs - ok 13:02:33.0640 0472 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 13:02:33.0859 0472 Ntfs - ok 13:02:33.0890 0472 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 13:02:34.0062 0472 NtLmSsp - ok 13:02:34.0125 0472 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 13:02:34.0375 0472 NtmsSvc - ok 13:02:34.0406 0472 [ 4D3EB5A8021AF05C7FE5F313443A533B ] NTSIM C:\WINDOWS\system32\ntsim.sys 13:02:34.0437 0472 NTSIM ( UnsignedFile.Multi.Generic ) - warning 13:02:34.0437 0472 NTSIM - detected UnsignedFile.Multi.Generic (1) 13:02:34.0468 0472 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 13:02:34.0718 0472 Null - ok 13:02:34.0890 0472 [ 29B9163A6D9C486DCAEFED190130ACB0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 13:02:35.0140 0472 nv ( UnsignedFile.Multi.Generic ) - warning 13:02:35.0140 0472 nv - detected UnsignedFile.Multi.Generic (1) 13:02:35.0203 0472 [ AA78C4677E06CFD4FE048718EE7F6332 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 13:02:35.0234 0472 NVSvc ( UnsignedFile.Multi.Generic ) - warning 13:02:35.0234 0472 NVSvc - detected UnsignedFile.Multi.Generic (1) 13:02:35.0281 0472 [ C34A6A72DEC2C317D67355DC18F87090 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll 13:02:35.0468 0472 NWCWorkstation - ok 13:02:35.0500 0472 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:02:35.0796 0472 NwlnkFlt - ok 13:02:35.0828 0472 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:02:36.0125 0472 NwlnkFwd - ok 13:02:36.0156 0472 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 13:02:36.0390 0472 NwlnkIpx - ok 13:02:36.0421 0472 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 13:02:36.0703 0472 NwlnkNb - ok 13:02:36.0734 0472 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 13:02:37.0015 0472 NwlnkSpx - ok 13:02:37.0062 0472 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys 13:02:37.0250 0472 NWRDR - ok 13:02:37.0312 0472 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 13:02:37.0343 0472 ose - ok 13:02:37.0390 0472 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 13:02:37.0593 0472 Parport - ok 13:02:37.0656 0472 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 13:02:37.0828 0472 PartMgr - ok 13:02:37.0875 0472 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 13:02:38.0156 0472 ParVdm - ok 13:02:38.0187 0472 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 13:02:38.0359 0472 PCI - ok 13:02:38.0390 0472 PCIDump - ok 13:02:38.0406 0472 PCIIde - ok 13:02:38.0453 0472 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 13:02:38.0656 0472 Pcmcia - ok 13:02:38.0671 0472 PDCOMP - ok 13:02:38.0687 0472 PDFRAME - ok 13:02:38.0718 0472 PDRELI - ok 13:02:38.0734 0472 PDRFRAME - ok 13:02:38.0750 0472 perc2 - ok 13:02:38.0781 0472 perc2hib - ok 13:02:38.0843 0472 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 13:02:38.0937 0472 PlugPlay - ok 13:02:38.0968 0472 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 13:02:39.0140 0472 PolicyAgent - ok 13:02:39.0171 0472 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:02:39.0359 0472 PptpMiniport - ok 13:02:39.0375 0472 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 13:02:39.0562 0472 ProtectedStorage - ok 13:02:39.0593 0472 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 13:02:39.0781 0472 PSched - ok 13:02:39.0828 0472 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:02:40.0109 0472 Ptilink - ok 13:02:40.0156 0472 [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:02:40.0187 0472 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 13:02:40.0187 0472 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 13:02:40.0187 0472 ql1080 - ok 13:02:40.0218 0472 Ql10wnt - ok 13:02:40.0234 0472 ql12160 - ok 13:02:40.0265 0472 ql1240 - ok 13:02:40.0281 0472 ql1280 - ok 13:02:40.0328 0472 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:02:40.0578 0472 RasAcd - ok 13:02:40.0625 0472 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 13:02:40.0812 0472 RasAuto - ok 13:02:40.0843 0472 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:02:41.0031 0472 Rasl2tp - ok 13:02:41.0093 0472 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 13:02:41.0281 0472 RasMan - ok 13:02:41.0312 0472 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:02:41.0500 0472 RasPppoe - ok 13:02:41.0531 0472 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 13:02:41.0796 0472 Raspti - ok 13:02:41.0828 0472 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:02:42.0031 0472 Rdbss - ok 13:02:42.0046 0472 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:02:42.0421 0472 RDPCDD - ok 13:02:42.0484 0472 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:02:42.0687 0472 rdpdr - ok 13:02:42.0750 0472 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 13:02:42.0812 0472 RDPWD - ok 13:02:42.0859 0472 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 13:02:43.0046 0472 RDSessMgr - ok 13:02:43.0093 0472 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 13:02:43.0281 0472 redbook - ok 13:02:43.0312 0472 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 13:02:43.0500 0472 RemoteAccess - ok 13:02:43.0546 0472 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 13:02:43.0750 0472 RemoteRegistry - ok 13:02:43.0781 0472 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys 13:02:44.0062 0472 ROOTMODEM - ok 13:02:44.0093 0472 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 13:02:44.0281 0472 RpcLocator - ok 13:02:44.0328 0472 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 13:02:44.0437 0472 RpcSs - ok 13:02:44.0484 0472 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 13:02:44.0750 0472 RSVP - ok 13:02:44.0796 0472 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 13:02:44.0984 0472 rtl8139 - ok 13:02:45.0015 0472 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 13:02:45.0203 0472 SamSs - ok 13:02:45.0250 0472 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 13:02:45.0265 0472 SASDIFSV - ok 13:02:45.0281 0472 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 13:02:45.0312 0472 SASKUTIL - ok 13:02:45.0343 0472 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 13:02:45.0546 0472 SCardSvr - ok 13:02:45.0593 0472 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 13:02:45.0781 0472 Schedule - ok 13:02:45.0828 0472 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:02:46.0015 0472 Secdrv - ok 13:02:46.0031 0472 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 13:02:46.0234 0472 seclogon - ok 13:02:46.0265 0472 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 13:02:46.0468 0472 SENS - ok 13:02:46.0562 0472 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 13:02:46.0796 0472 serenum - ok 13:02:46.0843 0472 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 13:02:47.0031 0472 Serial - ok 13:02:47.0328 0472 [ 4C0A4FEFD62519552C0E5171F418C4BC ] ServiceLayer C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe 13:02:47.0515 0472 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 13:02:47.0515 0472 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 13:02:47.0578 0472 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 13:02:47.0765 0472 Sfloppy - ok 13:02:47.0890 0472 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 13:02:48.0453 0472 SharedAccess - ok 13:02:48.0546 0472 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 13:02:48.0578 0472 ShellHWDetection - ok 13:02:48.0593 0472 Simbad - ok 13:02:48.0906 0472 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 13:02:49.0031 0472 SkypeUpdate - ok 13:02:49.0078 0472 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:02:49.0312 0472 SLIP - ok 13:02:49.0718 0472 [ 1D381A07361E4D6A8BE95026B3EBA47A ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 13:02:50.0203 0472 smwdm - ok 13:02:50.0375 0472 [ 90257773F4B4065BD0C6CC2164FD52E5 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys 13:02:50.0437 0472 snapman ( UnsignedFile.Multi.Generic ) - warning 13:02:50.0437 0472 snapman - detected UnsignedFile.Multi.Generic (1) 13:02:50.0656 0472 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe 13:02:50.0687 0472 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning 13:02:50.0687 0472 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1) 13:02:50.0703 0472 Sparrow - ok 13:02:50.0765 0472 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 13:02:50.0968 0472 splitter - ok 13:02:51.0156 0472 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 13:02:51.0296 0472 Spooler - ok 13:02:51.0796 0472 [ 4E3C4FFCB2C95C2EC1FA04A6F4531533 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys 13:02:52.0515 0472 sptd - ok 13:02:52.0546 0472 [ A68800FC2497AD1BAEC0E04B6A2679E0 ] spupdsvc C:\WINDOWS\system32\spupdsvc.exe 13:02:52.0578 0472 spupdsvc - ok 13:02:52.0609 0472 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 13:02:52.0890 0472 sr - ok 13:02:52.0937 0472 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 13:02:53.0140 0472 srservice - ok 13:02:53.0187 0472 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 13:02:53.0359 0472 Srv - ok 13:02:53.0437 0472 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 13:02:53.0640 0472 SSDPSRV - ok 13:02:53.0734 0472 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 13:02:53.0968 0472 stisvc - ok 13:02:54.0000 0472 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:02:54.0187 0472 streamip - ok 13:02:54.0218 0472 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 13:02:54.0390 0472 swenum - ok 13:02:54.0437 0472 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 13:02:54.0609 0472 swmidi - ok 13:02:54.0625 0472 SwPrv - ok 13:02:54.0656 0472 symc810 - ok 13:02:54.0687 0472 symc8xx - ok 13:02:54.0718 0472 sym_hi - ok 13:02:54.0734 0472 sym_u3 - ok 13:02:54.0781 0472 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 13:02:54.0953 0472 sysaudio - ok 13:02:55.0015 0472 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 13:02:55.0203 0472 SysmonLog - ok 13:02:55.0250 0472 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 13:02:55.0453 0472 TapiSrv - ok 13:02:55.0500 0472 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:02:55.0625 0472 Tcpip - ok 13:02:55.0671 0472 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 13:02:55.0843 0472 TDPIPE - ok 13:02:55.0875 0472 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 13:02:56.0062 0472 TDTCP - ok 13:02:56.0093 0472 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 13:02:56.0281 0472 TermDD - ok 13:02:56.0343 0472 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 13:02:56.0546 0472 TermService - ok 13:02:56.0593 0472 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 13:02:56.0625 0472 Themes - ok 13:02:56.0656 0472 [ 7369F74DD9172C6527A8ACEB010E28F1 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 13:02:56.0687 0472 tifsfilter ( UnsignedFile.Multi.Generic ) - warning 13:02:56.0687 0472 tifsfilter - detected UnsignedFile.Multi.Generic (1) 13:02:56.0734 0472 [ 53FEC95B844C46489F6683DC0A606E01 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys 13:02:56.0781 0472 timounter ( UnsignedFile.Multi.Generic ) - warning 13:02:56.0781 0472 timounter - detected UnsignedFile.Multi.Generic (1) 13:02:56.0828 0472 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 13:02:57.0015 0472 TlntSvr - ok 13:02:57.0046 0472 TosIde - ok 13:02:57.0093 0472 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 13:02:57.0296 0472 TrkWks - ok 13:02:57.0328 0472 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 13:02:57.0531 0472 Udfs - ok 13:02:57.0546 0472 ultra - ok 13:02:57.0593 0472 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 13:02:57.0640 0472 UMWdf - ok 13:02:57.0687 0472 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 13:02:57.0906 0472 Update - ok 13:02:57.0984 0472 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 13:02:58.0187 0472 upnphost - ok 13:02:58.0203 0472 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 13:02:58.0453 0472 UPS - ok 13:02:58.0500 0472 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 13:02:58.0703 0472 usbaudio - ok 13:02:58.0734 0472 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:02:58.0906 0472 usbccgp - ok 13:02:58.0968 0472 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:02:59.0140 0472 usbehci - ok 13:02:59.0171 0472 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:02:59.0343 0472 usbhub - ok 13:02:59.0406 0472 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:02:59.0593 0472 usbprint - ok 13:02:59.0609 0472 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 13:02:59.0796 0472 usbscan - ok 13:02:59.0828 0472 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:03:00.0015 0472 USBSTOR - ok 13:03:00.0031 0472 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:03:00.0234 0472 usbuhci - ok 13:03:00.0250 0472 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 13:03:00.0453 0472 usbvideo - ok 13:03:00.0500 0472 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys 13:03:00.0546 0472 vaxscsi - ok 13:03:00.0593 0472 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys 13:03:00.0609 0472 VComm ( UnsignedFile.Multi.Generic ) - warning 13:03:00.0609 0472 VComm - detected UnsignedFile.Multi.Generic (1) 13:03:00.0640 0472 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys 13:03:00.0656 0472 VcommMgr ( UnsignedFile.Multi.Generic ) - warning 13:03:00.0656 0472 VcommMgr - detected UnsignedFile.Multi.Generic (1) 13:03:00.0687 0472 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 13:03:00.0875 0472 VgaSave - ok 13:03:00.0937 0472 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys 13:03:01.0000 0472 viaagp1 - ok 13:03:01.0015 0472 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 13:03:01.0234 0472 ViaIde - ok 13:03:01.0265 0472 [ C8EE49FA76EB7C41A9CDDFE58151A74E ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys 13:03:01.0296 0472 videX32 - ok 13:03:01.0328 0472 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 13:03:01.0515 0472 VolSnap - ok 13:03:01.0578 0472 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 13:03:01.0812 0472 VSS - ok 13:03:01.0859 0472 [ 16409C468CEEE99B6B129FCAA5C0F206 ] vulfnths C:\WINDOWS\System32\Drivers\vulfnth.sys 13:03:01.0875 0472 vulfnths ( UnsignedFile.Multi.Generic ) - warning 13:03:01.0875 0472 vulfnths - detected UnsignedFile.Multi.Generic (1) 13:03:01.0906 0472 [ 541447E05EDDD1164A5EA925778B209D ] vulfntrs C:\WINDOWS\System32\Drivers\vulfntr.sys 13:03:01.0921 0472 vulfntrs ( UnsignedFile.Multi.Generic ) - warning 13:03:01.0921 0472 vulfntrs - detected UnsignedFile.Multi.Generic (1) 13:03:01.0953 0472 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 13:03:02.0140 0472 W32Time - ok 13:03:02.0171 0472 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:03:02.0375 0472 Wanarp - ok 13:03:02.0390 0472 WDICA - ok 13:03:02.0421 0472 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 13:03:02.0609 0472 wdmaud - ok 13:03:02.0671 0472 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 13:03:02.0859 0472 WebClient - ok 13:03:02.0953 0472 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 13:03:03.0125 0472 winmgmt - ok 13:03:03.0218 0472 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 13:03:03.0265 0472 WmdmPmSN - ok 13:03:03.0343 0472 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 13:03:03.0453 0472 Wmi - ok 13:03:03.0515 0472 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 13:03:03.0765 0472 WmiApSrv - ok 13:03:03.0812 0472 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys 13:03:03.0843 0472 WpdUsb - ok 13:03:04.0171 0472 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:03:04.0468 0472 WPFFontCache_v0400 - ok 13:03:04.0500 0472 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 13:03:04.0781 0472 WS2IFSL - ok 13:03:04.0828 0472 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 13:03:05.0015 0472 wscsvc - ok 13:03:05.0046 0472 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 13:03:05.0234 0472 WSTCODEC - ok 13:03:05.0265 0472 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 13:03:05.0468 0472 wuauserv - ok 13:03:05.0515 0472 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:03:05.0734 0472 WudfPf - ok 13:03:05.0781 0472 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:03:05.0796 0472 WudfRd - ok 13:03:05.0828 0472 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 13:03:05.0875 0472 WudfSvc - ok 13:03:05.0921 0472 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 13:03:06.0156 0472 WZCSVC - ok 13:03:06.0218 0472 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 13:03:06.0421 0472 xmlprov - ok 13:03:06.0437 0472 ================ Scan global =============================== 13:03:06.0484 0472 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 13:03:06.0546 0472 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 13:03:06.0578 0472 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 13:03:06.0609 0472 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 13:03:06.0625 0472 [Global] - ok 13:03:06.0640 0472 ================ Scan MBR ================================== 13:03:06.0656 0472 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 13:03:06.0906 0472 \Device\Harddisk0\DR0 - ok 13:03:06.0921 0472 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3 13:03:07.0265 0472 \Device\Harddisk1\DR3 - ok 13:03:07.0281 0472 ================ Scan VBR ================================== 13:03:07.0281 0472 [ 2926DF7E39596A872F83D5011F2DF35D ] \Device\Harddisk0\DR0\Partition1 13:03:07.0281 0472 \Device\Harddisk0\DR0\Partition1 - ok 13:03:07.0312 0472 [ B48CDED0C2BBD23048183060E806A1B8 ] \Device\Harddisk0\DR0\Partition2 13:03:07.0312 0472 \Device\Harddisk0\DR0\Partition2 - ok 13:03:07.0328 0472 [ 08D53F11CB540DB654DB873C78385A0D ] \Device\Harddisk1\DR3\Partition1 13:03:07.0328 0472 \Device\Harddisk1\DR3\Partition1 - ok 13:03:07.0343 0472 ============================================================ 13:03:07.0343 0472 Scan finished 13:03:07.0343 0472 ============================================================ 13:03:07.0484 1272 Detected object count: 23 13:03:07.0484 1272 Actual detected object count: 23 13:03:50.0062 1272 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0062 1272 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0062 1272 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0062 1272 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0062 1272 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0062 1272 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0062 1272 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0062 1272 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0062 1272 BT ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0062 1272 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0078 1272 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0078 1272 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0078 1272 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0078 1272 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0078 1272 BTHidMgr ( ForgedFile.Multi.Generic ) - skipped by user 13:03:50.0078 1272 BTHidMgr ( ForgedFile.Multi.Generic ) - User select action: Skip 13:03:50.0078 1272 FETNDIS ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0078 1272 FETNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0078 1272 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0078 1272 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0093 1272 NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0093 1272 NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0093 1272 nv ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0093 1272 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0093 1272 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0093 1272 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0093 1272 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0093 1272 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0109 1272 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0109 1272 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0109 1272 snapman ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0109 1272 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0109 1272 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0109 1272 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0109 1272 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0109 1272 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0125 1272 timounter ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0125 1272 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0125 1272 VComm ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0125 1272 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0125 1272 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0125 1272 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0125 1272 vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0125 1272 vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:50.0140 1272 vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:50.0140 1272 vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip |
21.07.2013, 13:42 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner auf Windows XP Rechner JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit FRST bitte Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
22.07.2013, 10:11 | #13 |
| GVU Trojaner auf Windows XP Rechner sie scans hab ich gemacht. Hier die Logs: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.1.6 (07.17.2013:4) OS: Microsoft Windows XP x86 Ran by Administrator on 22.07.2013 at 10:27:03,70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\wmhelper.dll Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22.07.2013 at 10:32:33,31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.305 - Datei am 22/07/2013 um 10:35:40 erstellt # Aktualisiert am 11/07/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Administrator - TIM # Bootmodus : Normal # Ausgeführt unter : G:\_ANTIVIR\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\WINDOWS\pack.epk ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\LanConfig Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Schlüssel Gelöscht : HKLM\Software\TENCENT ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) ************************* AdwCleaner[S1].txt - [2146 octets] - [22/07/2013 10:35:40] ########## EOF - C:\AdwCleaner[S1].txt - [2206 octets] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02 Ran by Administrator (administrator) on 22-07-2013 10:57:57 Running from C:\Dokumente und Einstellungen\Administrator.TIM\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe () C:\Programme\Trust\Ami Mouse 250S Cordless\Amoumain.exe (Acronis) C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Nokia) C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE ((주)마크애니) C:\Programme\MarkAny\ContentSafer\MAAgent.exe (Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe (AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe (Geek Software GmbH) C:\Programme\PDF24\pdf24.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Google Inc.) C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (SUPERAntiSpyware.com) C:\Programme\SUPERAntiSpyware\SASCORE.EXE (Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Logitech Inc.) C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (Nokia.) C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\!SASWinLogon: C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [X] MountPoints2: F - F:\LaunchU3.exe -a MountPoints2: {1d39ad70-fe47-11d5-a4a5-b1f63bcebbbb} - F:\LaunchU3.exe -a HKU\Timbo\...\Run: [msnmsgr] - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background [x] Lsa: [Authentication Packages] msv1_0 relog_ap nwprovau un: [PDFPrint] - C:\Programme\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [E06DXLRD_5083312] - C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE [301776 2005-06-04] (Microsoft Corporation) HKCU\...\Run: [SpybotSD TeaTimer] - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [MSMSGS] - C:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [Octoshape Streaming Services] - C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS) HKCU\...\Run: [swg] - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-15] (Google Inc.) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) BootExecute: autocheck autochk * stera ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: No Name - {27D79A23-47BB-40A7-A860-0371C3CD082B} - No File BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Hilfsobjekt für Encarta Web-Begleiter - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File Toolbar: HKLM - Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ipp - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Mozilla\Firefox\Profiles\mnui3xkz.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Programme\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Programme\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com) R2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [172032 2006-01-04] (Acronis) R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-07-15] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-07-15] (Google Inc.) S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-18] (Google) S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) R2 LVPrcSrv; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [154136 2009-04-30] (Logitech Inc.) S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-03] (Mozilla Foundation) R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation) R3 ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies) R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2prt.sys [9056 2001-10-19] ((Standard Mouse Types)) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] () S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [20480 2005-05-31] (IVT Corporation) S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) S3 BTHidEnum; C:\Windows\System32\DRIVERS\vbtenum.sys [11860 2005-04-30] () R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] () S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5b.sys [35328 2003-01-27] (VIA Technologies, Inc. ) S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-05-01] (Logitech Inc.) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] () S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 Nokia USB Generic; C:\Windows\System32\drivers\nmwcdc.sys [8704 2006-05-29] (Nokia) S3 Nokia USB Modem; C:\Windows\System32\drivers\nmwcdcm.sys [13312 2006-05-29] (Nokia) S3 Nokia USB Phone Parent; C:\Windows\System32\drivers\nmwcd.sys [127488 2006-05-29] (Nokia) S3 Nokia USB Port; C:\Windows\System32\drivers\nmwcdcj.sys [13312 2006-05-29] (Nokia) S3 NTSIM; C:\WINDOWS\system32\ntsim.sys [6016 2002-09-12] (VIA Technologies, Inc. ) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-23] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-23] (Microsoft Corporation) R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation) R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R1 SASDIFSV; C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [639224 2007-02-15] (Duplex Secure Ltd.) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [30688 2006-04-29] (Acronis) S3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2006-04-19] (Alcohol Soft Co., Ltd.) S3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation) S3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation) R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.) R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) S3 vulfnths; C:\Windows\System32\Drivers\vulfnth.sys [6912 2003-01-02] (VIA Technologies, Inc.) R3 vulfntrs; C:\Windows\System32\Drivers\vulfntr.sys [10496 2003-01-02] (VIA Technologies, Inc.) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-22 10:45 - 2013-07-18 22:50 - 01218860 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\FRST.exe 2013-07-22 10:45 - 2013-07-18 22:50 - 01218860 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\FRST.exe 2013-07-22 10:35 - 2013-07-22 10:35 - 00002275 _____ C:\AdwCleaner[S1].txt 2013-07-22 10:27 - 2013-07-22 10:27 - 00000000 ____D C:\WINDOWS\ERUNT 2013-07-20 13:07 - 2013-07-20 13:07 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator.TIM\IETldCache 2013-07-20 13:07 - 2013-07-20 13:07 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator.TIM\IETldCache 2013-07-19 23:28 - 2013-07-19 23:29 - 00079195 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-19 23:27 - 2013-07-19 23:28 - 00083220 _____ C:\WINDOWS\KB2744842-IE8.log 2013-07-19 23:26 - 2013-07-19 23:27 - 00086884 _____ C:\WINDOWS\KB2618444-IE8.log 2013-07-19 23:25 - 2013-07-19 23:26 - 00077046 _____ C:\WINDOWS\KB2598845-IE8.log 2013-07-19 23:25 - 2013-07-19 23:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2467659$ 2013-07-19 23:24 - 2013-07-19 23:29 - 00000000 ____D C:\WINDOWS\ie8updates 2013-07-19 23:24 - 2013-07-19 23:25 - 00076402 _____ C:\WINDOWS\KB2467659.log 2013-07-19 23:23 - 2013-07-19 23:24 - 00099968 _____ C:\WINDOWS\KB982381-IE8.log 2013-07-19 23:22 - 2013-07-20 13:08 - 00007488 _____ C:\WINDOWS\spupdsvc.log 2013-07-19 23:17 - 2013-07-19 23:22 - 00000000 __HDC C:\WINDOWS\ie8 2013-07-19 23:16 - 2013-07-19 23:23 - 00089864 _____ C:\WINDOWS\ie8.log 2013-07-19 22:48 - 2013-06-07 23:48 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2013-07-19 22:47 - 2013-06-07 23:48 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2013-07-19 22:47 - 2013-06-07 23:48 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2013-07-19 22:47 - 2013-06-07 23:48 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2013-07-19 22:47 - 2011-08-16 12:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll 2013-07-19 22:46 - 2013-07-19 23:33 - 00209563 _____ C:\WINDOWS\ie8_main.log 2013-07-19 20:53 - 2013-07-19 20:54 - 00000000 ____D C:\Programme\z-defrag 2013-07-19 20:53 - 2013-07-19 20:53 - 00001520 _____ C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Z-defrag.lnk 2013-07-19 20:53 - 2013-07-19 20:53 - 00001520 _____ C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Z-defrag.lnk 2013-07-19 20:53 - 2013-07-19 20:53 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Startmenü\Programme\Z-defragRAM 2013-07-19 20:09 - 2013-07-19 20:15 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\U3 2013-07-19 20:09 - 2013-07-19 20:14 - 00000000 ____D C:\Programme\FreeCommander 2013-07-19 19:31 - 2013-07-19 19:31 - 00000762 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-19 19:31 - 2013-07-19 19:31 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware 2013-07-19 19:31 - 2013-07-19 19:31 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Malwarebytes 2013-07-19 19:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-07-19 19:24 - 2013-07-19 19:24 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-05.dmp 2013-07-19 19:08 - 2013-07-19 19:07 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-04.dmp 2013-07-19 03:13 - 2013-07-19 03:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-03.dmp 2013-07-19 02:51 - 2013-07-19 02:51 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Image Zone Express 2013-07-19 02:49 - 2013-07-19 02:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-02.dmp 2013-07-19 02:44 - 2013-07-19 02:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-01.dmp 2013-07-19 00:40 - 2013-07-19 00:40 - 00000152 _____ C:\Dokumente und Einstellungen\Administrator.TIM\defogger_reenable 2013-07-19 00:40 - 2013-07-19 00:40 - 00000152 _____ C:\Dokumente und Einstellungen\Administrator.TIM\defogger_reenable 2013-07-19 00:33 - 2013-07-19 00:33 - 00000466 _____ C:\WINDOWS\regopt.log 2013-07-15 13:12 - 2013-07-15 13:12 - 00128717 _____ C:\WINDOWS\KB2834886.log 2013-07-15 13:12 - 2013-07-15 13:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$ 2013-07-15 13:06 - 2013-07-15 13:07 - 00127890 _____ C:\WINDOWS\KB2845142.log 2013-07-15 12:27 - 2013-07-15 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834903_WM10L$ 2013-07-15 12:26 - 2013-07-15 12:27 - 00120910 _____ C:\WINDOWS\KB2834903.log 2013-07-15 08:54 - 2013-07-15 13:09 - 00136199 _____ C:\WINDOWS\KB2850851.log 2013-07-15 08:54 - 2013-07-15 13:08 - 00136009 _____ C:\WINDOWS\KB2845187.log 2013-07-15 08:53 - 2013-07-15 12:51 - 00228510 _____ C:\WINDOWS\KB2846071-IE7.log 2013-07-03 10:33 - 2013-07-03 14:39 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-07-03 08:33 - 2013-07-03 08:33 - 00098304 _____ C:\WINDOWS\Minidump\Mini070313-01.dmp 2013-06-28 09:15 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-06-26 20:43 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-06-26 20:42 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-06-26 16:43 - 2013-06-26 16:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-06-26 16:43 - 2013-06-26 16:42 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-06-26 16:43 - 2013-06-26 16:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-06-26 16:43 - 2013-06-26 16:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe ==================== One Month Modified Files and Folders ======= 2013-07-22 10:48 - 2006-04-19 14:14 - 01398320 _____ C:\WINDOWS\WindowsUpdate.log 2013-07-22 10:45 - 2002-01-01 01:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop 2013-07-22 10:45 - 2002-01-01 01:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop 2013-07-22 10:44 - 2012-10-24 13:28 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-07-22 10:43 - 2006-04-19 15:10 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-07-22 10:43 - 2006-04-19 15:10 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-07-22 10:42 - 2011-07-15 11:30 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-22 10:42 - 2006-04-19 14:39 - 00050257 _____ C:\WINDOWS\system32\nvapps.xml 2013-07-22 10:42 - 2006-04-19 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-07-22 10:41 - 2006-04-19 14:28 - 00032544 _____ C:\WINDOWS\SchedLgU.Txt 2013-07-22 10:41 - 2002-01-01 01:01 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator.TIM\ntuser.ini 2013-07-22 10:41 - 2002-01-01 01:01 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator.TIM\ntuser.ini 2013-07-22 10:41 - 2002-01-01 01:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM 2013-07-22 10:35 - 2013-07-22 10:35 - 00002275 _____ C:\AdwCleaner[S1].txt 2013-07-22 10:32 - 2011-07-15 11:30 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-22 10:27 - 2013-07-22 10:27 - 00000000 ____D C:\WINDOWS\ERUNT 2013-07-22 10:07 - 2001-08-23 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-07-20 13:08 - 2013-07-19 23:22 - 00007488 _____ C:\WINDOWS\spupdsvc.log 2013-07-20 13:07 - 2013-07-20 13:07 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator.TIM\IETldCache 2013-07-20 13:07 - 2013-07-20 13:07 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator.TIM\IETldCache 2013-07-20 13:07 - 2006-04-19 16:03 - 00000000 ____D C:\WINDOWS\Media 2013-07-20 13:07 - 2006-04-19 16:03 - 00000000 ____D C:\WINDOWS\Help 2013-07-20 13:07 - 2006-04-19 15:08 - 00000000 ___RD C:\Programme 2013-07-20 13:07 - 2002-01-01 01:22 - 00000000 ____D C:\WINDOWS\system32\de-de 2013-07-20 13:07 - 2002-01-01 01:01 - 00000789 _____ C:\Dokumente und Einstellungen\Administrator.TIM\Startmenü\Programme\Internet Explorer.lnk 2013-07-20 13:07 - 2002-01-01 01:01 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator.TIM\Eigene Dateien\Eigene Musik 2013-07-20 13:07 - 2002-01-01 01:01 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator.TIM\Eigene Dateien\Eigene Bilder 2013-07-20 13:07 - 2002-01-01 01:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Startmenü\Programme 2013-07-20 13:02 - 2012-04-11 11:28 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-07-20 12:25 - 2011-10-26 12:25 - 00000484 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2013-07-20 08:14 - 2006-12-25 17:59 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-07-19 23:33 - 2013-07-19 22:46 - 00209563 _____ C:\WINDOWS\ie8_main.log 2013-07-19 23:29 - 2013-07-19 23:28 - 00079195 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-19 23:29 - 2013-07-19 23:24 - 00000000 ____D C:\WINDOWS\ie8updates 2013-07-19 23:29 - 2011-12-14 11:15 - 00118021 _____ C:\WINDOWS\updspapi.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00590861 _____ C:\WINDOWS\iis6.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00544095 _____ C:\WINDOWS\FaxSetup.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00260128 _____ C:\WINDOWS\ocgen.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00248248 _____ C:\WINDOWS\tsoc.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00181530 _____ C:\WINDOWS\comsetup.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00167094 _____ C:\WINDOWS\msmqinst.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00109930 _____ C:\WINDOWS\ntdtcsetup.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00095304 _____ C:\WINDOWS\netfxocm.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00037400 _____ C:\WINDOWS\MedCtrOC.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00030096 _____ C:\WINDOWS\ocmsn.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00027368 _____ C:\WINDOWS\tabletoc.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00027192 _____ C:\WINDOWS\msgsocm.log 2013-07-19 23:29 - 2011-12-14 11:05 - 00001374 _____ C:\WINDOWS\imsins.log 2013-07-19 23:28 - 2013-07-19 23:27 - 00083220 _____ C:\WINDOWS\KB2744842-IE8.log 2013-07-19 23:28 - 2011-12-14 11:05 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-07-19 23:27 - 2013-07-19 23:26 - 00086884 _____ C:\WINDOWS\KB2618444-IE8.log 2013-07-19 23:27 - 2006-04-19 14:16 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2013-07-19 23:26 - 2013-07-19 23:25 - 00077046 _____ C:\WINDOWS\KB2598845-IE8.log 2013-07-19 23:25 - 2013-07-19 23:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2467659$ 2013-07-19 23:25 - 2013-07-19 23:24 - 00076402 _____ C:\WINDOWS\KB2467659.log 2013-07-19 23:24 - 2013-07-19 23:23 - 00099968 _____ C:\WINDOWS\KB982381-IE8.log 2013-07-19 23:23 - 2013-07-19 23:16 - 00089864 _____ C:\WINDOWS\ie8.log 2013-07-19 23:22 - 2013-07-19 23:17 - 00000000 __HDC C:\WINDOWS\ie8 2013-07-19 23:19 - 2002-01-01 01:03 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Briefe 2013-07-19 23:19 - 2002-01-01 01:03 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Briefe 2013-07-19 23:11 - 2011-11-14 15:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Neuer Ordner (2) 2013-07-19 23:11 - 2011-11-14 15:01 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Neuer Ordner (2) 2013-07-19 22:34 - 2011-11-30 10:53 - 00098192 _____ C:\WINDOWS\setupapi.log 2013-07-19 20:54 - 2013-07-19 20:53 - 00000000 ____D C:\Programme\z-defrag 2013-07-19 20:53 - 2013-07-19 20:53 - 00001520 _____ C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Z-defrag.lnk 2013-07-19 20:53 - 2013-07-19 20:53 - 00001520 _____ C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\Z-defrag.lnk 2013-07-19 20:53 - 2013-07-19 20:53 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Startmenü\Programme\Z-defragRAM 2013-07-19 20:15 - 2013-07-19 20:09 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\U3 2013-07-19 20:14 - 2013-07-19 20:09 - 00000000 ____D C:\Programme\FreeCommander 2013-07-19 19:55 - 2011-11-30 10:53 - 00000747 _____ C:\WINDOWS\setupact.log 2013-07-19 19:31 - 2013-07-19 19:31 - 00000762 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-19 19:31 - 2013-07-19 19:31 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware 2013-07-19 19:31 - 2013-07-19 19:31 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Malwarebytes 2013-07-19 19:31 - 2006-04-19 15:07 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Desktop 2013-07-19 19:24 - 2013-07-19 19:24 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-05.dmp 2013-07-19 19:24 - 2006-04-29 20:24 - 00000000 ____D C:\WINDOWS\Minidump 2013-07-19 19:07 - 2013-07-19 19:08 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-04.dmp 2013-07-19 03:13 - 2013-07-19 03:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-03.dmp 2013-07-19 02:51 - 2013-07-19 02:51 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator.TIM\Anwendungsdaten\Image Zone Express 2013-07-19 02:49 - 2013-07-19 02:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-02.dmp 2013-07-19 02:44 - 2013-07-19 02:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini071913-01.dmp 2013-07-19 00:40 - 2013-07-19 00:40 - 00000152 _____ C:\Dokumente und Einstellungen\Administrator.TIM\defogger_reenable 2013-07-19 00:40 - 2013-07-19 00:40 - 00000152 _____ C:\Dokumente und Einstellungen\Administrator.TIM\defogger_reenable 2013-07-19 00:34 - 2006-04-19 16:06 - 00262144 _____ C:\WINDOWS\system32\config\userdiff 2013-07-19 00:34 - 2006-04-19 15:08 - 01100762 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-19 00:33 - 2013-07-19 00:33 - 00000466 _____ C:\WINDOWS\regopt.log 2013-07-19 00:33 - 2006-04-19 16:06 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG 2013-07-18 22:50 - 2013-07-22 10:45 - 01218860 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\FRST.exe 2013-07-18 22:50 - 2013-07-22 10:45 - 01218860 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator.TIM\Desktop\FRST.exe 2013-07-16 14:53 - 2006-04-19 15:46 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-07-16 14:08 - 2011-11-21 14:38 - 00000000 ____D C:\Programme\Microsoft Silverlight 2013-07-16 14:08 - 2006-04-19 15:07 - 00182632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-15 13:12 - 2013-07-15 13:12 - 00128717 _____ C:\WINDOWS\KB2834886.log 2013-07-15 13:12 - 2013-07-15 13:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-15 13:09 - 2013-07-15 08:54 - 00136199 _____ C:\WINDOWS\KB2850851.log 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-15 13:08 - 2013-07-15 08:54 - 00136009 _____ C:\WINDOWS\KB2845187.log 2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845142_WM64$ 2013-07-15 13:07 - 2013-07-15 13:06 - 00127890 _____ C:\WINDOWS\KB2845142.log 2013-07-15 12:51 - 2013-07-15 08:53 - 00228510 _____ C:\WINDOWS\KB2846071-IE7.log 2013-07-15 12:50 - 2011-07-17 10:18 - 00000000 ____D C:\WINDOWS\ie7updates 2013-07-15 12:27 - 2013-07-15 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834903_WM10L$ 2013-07-15 12:27 - 2013-07-15 12:26 - 00120910 _____ C:\WINDOWS\KB2834903.log 2013-07-03 16:37 - 2012-09-10 13:05 - 00000000 ____D C:\Programme\Mozilla Maintenance Service 2013-07-03 14:39 - 2013-07-03 10:33 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-07-03 08:33 - 2013-07-03 08:33 - 00098304 _____ C:\WINDOWS\Minidump\Mini070313-01.dmp 2013-06-28 09:15 - 2013-06-28 09:15 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-06-28 09:15 - 2013-06-26 20:43 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-06-28 09:15 - 2013-06-26 20:42 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-06-28 09:15 - 2013-04-08 15:53 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-06-28 09:15 - 2012-10-24 13:28 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-06-28 09:15 - 2012-10-24 13:28 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-06-26 16:48 - 2012-04-11 11:28 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-06-26 16:48 - 2011-07-15 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-06-26 16:43 - 2013-06-26 16:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-06-26 16:42 - 2013-06-26 16:43 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-06-26 16:42 - 2013-06-26 16:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-06-26 16:42 - 2013-06-26 16:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-06-26 16:42 - 2012-09-15 10:08 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll 2013-06-26 16:42 - 2012-09-15 10:08 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-06-26 16:42 - 2002-01-01 00:40 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-06-24 00:37 - 2006-04-19 15:44 - 75733144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 00:57] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2004-08-04 00:58] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2004-08-04 00:58] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2004-08-04 00:58] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\Windows\System32\User32.dll [2004-08-04 00:57] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2004-08-04 00:58] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 00:44] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ Geändert von namor82 (22.07.2013 um 10:28 Uhr) |
22.07.2013, 23:07 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner auf Windows XP Rechner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
24.07.2013, 18:41 | #15 |
| GVU Trojaner auf Windows XP Rechner Die Programme sind ohne weitere Funde durchgelaufen. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.19.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Administrator :: TIM [Administrator] 24.07.2013 19:36:07 mbam-log-2013-07-24 (24-36-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 338191 Laufzeit: 1 Stunde(n), 56 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\FRST\Quarantine\cache.dat (Trojan.FakeAlert.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=617062b5b0f26a45976ff4869b3b9baa # engine=14463 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-19 08:53:25 # local_time=2013-07-19 10:53:25 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=774 16777213 85 91 397437 150977077 0 0 # scanned=148 # found=0 # cleaned=0 # scan_time=10 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=617062b5b0f26a45976ff4869b3b9baa # engine=14463 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-19 11:15:15 # local_time=2013-07-20 01:15:15 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=774 16777213 85 91 405947 150985587 0 0 # scanned=68029 # found=0 # cleaned=0 # scan_time=8429 |
Themen zu GVU Trojaner auf Windows XP Rechner |
ad-aware, administrator, adware.hotbar, adware.zango, antivirus, beseitigung, cache.dat, einstellungen, entfernen, explorer, farbar, farbar recovery scan tool, flash player, google, gvu-trojaner, hijack.controlpanelstyle, minidump, mp3, plug-in, prozess, pum.hijack.help, rogue.winantivirus, safer networking, security, software, trojan.ransom.foreign, trojaner, web companion, windows, windows xp, windows-xp |