| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: FF öfnet Tabs und Google verlinkt auf attackierende SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.11.2010, 22:41
| #1 |
 |  FF öfnet Tabs und Google verlinkt auf attackierende Seiten Hallo, ich hab schon mehrere User hier entdeckt die auch dieses Phänomen haben. Ich surfe als Benutzer mit eingeschränkten Rechten auf XP Pro. AntiVir meldet machnmal Verdächtiges im Profilordner von FF, wenn ich mal als Admin sufe. Code:
ATTFilter Typ: Datei
Quelle: P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\otsff5j9.default\Cache\60AA4C5Dd01
Status: Infiziert
Quarantäne-Objekt: 4f76f459.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.04.98
Virendefinitionsdatei: 7.10.14.11
Meldung: Enthält Erkennungsmuster des Exploits EXP/MS05-013
Datum/Uhrzeit: 22.11.2010, 12:33
Als ich das bemerkt habe, habe ich mal den Link kopiert der geöffnet wird, bevor die vermeintliche Originale Seite göffnet wird: Code:
ATTFilter hxxp://cfci.com/?xurl=hxxp://a0g7ya1i0.com/qkF1AWZE6o5jToU955d3696675c61190972fce79dccc0a8535A&xref=hxxp://cfci.com/search.php
MalewareByte findet im kompletten Suchlauf auch nichts. Vielleicht kann ja jemand mit diesen Infos etwas anfangen. Gruß |
|
28.11.2010, 10:32
| #2 |
| |  FF öfnet Tabs und Google verlinkt auf attackierende Seiten eben hat sich wieder ein Tab mit folgenden Link geöffnet:
__________________Code:
ATTFilter h**p://go.tracking202.com/?url=http%3A%2F%2Fwww.pjtra.com%2Ft%2FSj9GSkJKP0ZIS0tDP0dDRURL%3Fsid%3DMNVHA302873154
Code:
ATTFilter h**p://go.tracking202.com/go.php?url=http%3A%2F%2Fwww.pjtra.com%2Ft%2FSj9GSkJKP0ZIS0tDP0dDRURL%3Fsid%3DMNVHA302873154
Code:
ATTFilter h**p://www.beachbody.com/product/fitness_programs/best_sellers/slim_in_6.do?tnt=SI6_CTA_C1&code=BBHOME_CONTROL_SI6
 |
|
28.11.2010, 11:40
| #3 |
| /// Malware-holic   | FF öfnet Tabs und Google verlinkt auf attackierende Seiten ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
28.11.2010, 13:26
| #4 |
| | FF öfnet Tabs und Google verlinkt auf attackierende Seiten Hallo, Avira hat eben noch folgendes geblockt Code:
ATTFilter Typ: Datei
Quelle: P:\Profile\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\58SFAFJT\show[1].php
Status: Infiziert
Quarantäne-Objekt: 4fb5e4f3.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.04.114
Virendefinitionsdatei: 7.10.14.126
Meldung: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen
Datum/Uhrzeit: 28.11.2010, 13:03
Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 28.11.2010 13:07:37 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
958,00 Mb Total Physical Memory | 413,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): X:\pagefile.sys 500 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 15,00 Gb Total Space | 5,40 Gb Free Space | 36,00% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 10,45 Gb Free Space | 69,65% Space Free | Partition Type: NTFS
Drive E: | 4,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive P: | 50,00 Gb Total Space | 15,19 Gb Free Space | 30,38% Space Free | Partition Type: NTFS
Drive X: | 5,23 Gb Total Space | 4,58 Gb Free Space | 87,61% Space Free | Partition Type: NTFS
Computer Name: ACER3000 | User Name: Rene | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1879216082-1162323016-502169195-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Java\jre6\bin\javaw.exe" = D:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\WinPcap\rpcapd.exe" = C:\Programme\WinPcap\rpcapd.exe:*:Disabled:Remote Packet Capture Daemon -- File not found
"D:\Programme\uTorrent\uTorrent.exe" = D:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Programme\Google\Google Earth\plugin\geplugin.exe" = D:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"P:\Profile\Administrator\Lokale Einstellungen\Temp\OnlineUpdate8\SetupXu.exe" = P:\Profile\Administrator\Lokale Einstellungen\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECA0079-088F-4E69-B66A-65D5E687B092}" = KOBIL Chipkartenterminal Treiber V2.2s Build: 20090625.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B9289B87-B17E-4C45-81F3-A82EAF83F24B}" = Microcat For Ford (Europe)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Password Unmask 2.0" = Password Unmask 2.0
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"RunAsAdmin" = RunAsAdmin
"SB_ClipboardPath" = ClipboardPath
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tag&Rename_is1" = Tag&Rename 3.5.7
"TeamViewer 5" = TeamViewer 5
"Tweak UI 2.10" = Tweak UI
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"uTorrent" = µTorrent
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
|
|
28.11.2010, 13:31
| #5 |
| | FF öfnet Tabs und Google verlinkt auf attackierende Seiten oh mann... meine OTL.txt ist zu groß daher auf einen extra Server: hxxp://rene.wollsau.de/schaun/OTL.Txt |
|
28.11.2010, 15:44
| #6 |
| /// Malware-holic | FF öfnet Tabs und Google verlinkt auf attackierende Seiten bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> FF öfnet Tabs und Google verlinkt auf attackierende Seiten |
|
28.11.2010, 23:45
| #7 |
| | FF öfnet Tabs und Google verlinkt auf attackierende Seiten hier mein Rückmeldung: ich hab mich sicherheitshalber für den Test als Admin angemeldet. Scan durchgeführt und es wurden "Aktivitäten im Rootkit" und "Masterboot infiziert" gemeldet. Dadurch wurde ein Neustart durchgeführt, auch als Admin. Nachdem die Bereinigung fertig war, wurde anscheinend noch ein Neustart durchgeführt, aber durch meine "Logon as" diesmal als eingeschränkter User -> "limitedblankpassword" write with Date "1" failed Daraufhin meine Logon auf Admin geändert und Combofix erneut gestartet: Hier die LOG: Code:
ATTFilter ComboFix 10-11-28.01 - Administrator 28.11.2010 23:27:45.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.958.489 [GMT 1:00]
ausgeführt von:: p:\profile\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-28 bis 2010-11-28 ))))))))))))))))))))))))))))))
.
2010-11-27 14:58 . 2010-11-27 14:58 -------- d-----w- d:\programme\VirtualDJ
2010-11-24 21:20 . 2010-11-27 15:00 -------- d-----w- d:\programme\uploaded Tool 2009
2010-11-23 14:32 . 2010-11-23 14:58 -------- d-----w- d:\programme\TagRename
2010-11-23 14:17 . 2010-11-23 14:17 -------- d-----w- d:\programme\Citavi 3
2010-11-23 10:39 . 2010-03-18 21:27 24440 ----a-w- c:\windows\system32\udcpm.dll
2010-11-23 10:38 . 2010-11-23 10:39 -------- d-----w- d:\programme\Universal Document Converter
2010-11-22 18:31 . 2010-11-22 18:31 -------- d-----w- c:\windows\Performance
2010-11-22 18:28 . 2010-11-22 18:28 -------- d-----w- d:\programme\Windows Media Connect 2
2010-11-22 18:18 . 2010-11-22 18:23 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-11-22 18:18 . 2010-11-22 18:18 -------- d-----w- c:\windows\system32\LogFiles
2010-11-22 11:02 . 2010-11-22 11:02 -------- d-----w- d:\programme\Nero
2010-11-21 17:21 . 2008-06-24 11:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-11-21 16:40 . 2010-11-22 11:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Nero
2010-11-21 15:42 . 2006-11-01 17:31 1669120 ----a-w- d:\programme\Windows Media Player\wmsetsdk.exe
2010-11-21 15:42 . 2004-08-11 00:45 47616 ----a-w- d:\programme\Windows Media Player\msoobci.dll
2010-11-20 18:23 . 2010-11-20 18:23 -------- d-----w- d:\programme\Alcohol Soft
2010-11-18 23:13 . 2005-07-28 07:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-11-18 23:13 . 2010-11-18 23:13 6656 ----a-w- c:\windows\system32\haspvdd.dll
2010-11-18 23:13 . 2010-11-18 23:13 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2010-11-18 23:13 . 2010-11-18 23:13 383 ----a-w- c:\windows\system32\haspdos.sys
2010-11-18 23:13 . 2010-04-10 08:37 21760 ----a-w- c:\windows\system32\Mg16.dll
2010-11-18 23:13 . 1998-03-03 10:45 30208 ----a-w- c:\windows\system32\Mg32.dll
2010-11-18 23:13 . 1998-03-03 12:55 40480 ----a-w- c:\windows\system32\drivers\mgnt.sys
2010-11-18 23:13 . 2006-01-19 16:10 132704 ------w- c:\windows\system32\textexpt.dll
2010-11-18 23:13 . 2006-01-19 16:10 210528 ------w- c:\windows\system32\rtfexpt.dll
2010-11-18 23:13 . 2006-01-19 16:10 374368 ------w- c:\windows\system32\pdfexpt.dll
2010-11-18 23:13 . 2000-12-06 00:00 209608 ------w- c:\windows\system32\tabctl32.ocx
2010-11-18 23:13 . 1997-08-29 12:39 195104 ------w- c:\windows\system32\mem32x20.ocx
2010-11-18 23:11 . 2004-07-15 23:19 266240 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-11-18 23:11 . 2004-07-15 23:18 172032 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-11-18 23:11 . 2005-03-22 16:50 733184 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-11-18 23:11 . 2004-07-15 23:20 69715 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-11-18 23:11 . 2004-07-15 23:18 5632 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-11-18 23:11 . 2010-11-18 23:11 180356 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-11-18 23:11 . 2010-11-18 23:11 303236 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-11-18 22:11 . 2010-05-31 22:20 -------- d-----w- d:\programme\MICROCAT
2010-11-18 21:10 . 2010-11-18 21:13 -------- d-----w- d:\programme\SUPER
2010-11-18 19:39 . 2010-11-18 19:40 -------- d-----w- p:\profile\Gast
2010-11-17 21:17 . 2010-11-17 21:17 -------- d-----w- c:\programme\Gemeinsame Dateien\Vbox
2010-11-17 21:16 . 2010-11-17 21:16 -------- d-----w- d:\programme\Macromedia
2010-11-17 20:42 . 2010-11-18 21:12 -------- d-----w- d:\programme\phase5
2010-11-12 07:58 . 2010-11-12 07:58 -------- d-----w- d:\programme\MousOmeter
2010-11-11 21:34 . 2010-11-11 21:34 -------- d-----w- d:\programme\bin
2010-11-11 21:25 . 2010-11-11 21:25 -------- d-----w- d:\programme\Iolo
2010-11-09 17:39 . 2010-11-09 18:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-09 17:39 . 2009-01-28 19:04 23168 ----a-w- c:\windows\system32\drivers\KOBCCEX.sys
2010-11-09 17:39 . 2009-01-28 19:04 83840 ----a-w- c:\windows\system32\drivers\KOBCCID.sys
2010-11-09 17:39 . 2009-04-02 15:10 430080 ----a-w- c:\windows\system32\CT32.dll
2010-11-09 17:39 . 2008-07-17 16:00 1712128 ----a-w- c:\windows\system32\CTAPI_Control.cpl
2010-11-09 17:39 . 2009-04-02 15:15 466944 ----a-w- c:\windows\system32\CTAPIUtilities.dll
2010-11-09 17:39 . 2010-11-09 19:16 -------- d-----w- d:\programme\KOBIL Systems
2010-11-08 21:40 . 2010-11-08 21:40 -------- d-----w- d:\programme\PWUnmask
2010-11-08 21:05 . 2010-11-08 21:05 -------- d-----w- d:\programme\Desktop Icon Manager
2010-11-08 17:02 . 2010-11-08 17:02 -------- d-----w- d:\programme\Lavalys
2010-11-07 16:51 . 2010-11-07 16:51 134016 ----a-w- c:\windows\ColorPic Uninstaller.exe
2010-11-07 16:51 . 2010-11-07 17:11 -------- d-----w- d:\programme\ColorPic 4.1
2010-11-06 13:52 . 2010-11-27 11:37 -------- d-sh--w- p:\profile\LocalService
2010-11-06 13:52 . 2010-11-26 07:51 -------- d-sh--w- p:\profile\NetworkService
2010-11-06 12:21 . 2010-11-06 12:22 -------- d-----w- p:\profile\All Users
2010-11-06 12:08 . 2010-11-27 17:09 -------- d-----w- p:\profile\Rene.ACER3000
2010-11-06 12:08 . 2010-11-28 22:21 -------- d--h--w- p:\profile\Default User
2010-11-06 12:05 . 2010-11-27 17:19 -------- d-----w- p:\profile\Janina
2010-11-06 12:00 . 2010-11-06 12:02 -------- d-----w- p:\profile\Admin
2010-11-06 10:48 . 2010-11-06 10:48 -------- d-----r- C:\MSOCache
2010-11-06 08:03 . 2010-11-06 08:03 -------- d-----w- d:\programme\WildPackets
2010-11-06 07:58 . 2010-11-06 07:58 -------- d-----w- d:\programme\VirusTotalUploader2
2010-11-06 07:22 . 2010-11-06 07:22 -------- d-----w- d:\programme\uTorrent
2010-11-05 20:52 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-11-05 20:42 . 2006-04-09 01:00 82744 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-11-05 20:42 . 2006-04-09 01:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-11-05 20:42 . 2006-04-09 01:00 10240 ----a-w- c:\windows\system32\PCCLPDE.DLL
2010-11-05 20:42 . 2006-04-09 01:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-11-05 20:42 . 2006-04-09 01:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-11-05 20:42 . 2006-04-09 01:00 10752 ----a-w- c:\windows\system32\hh.exe
2010-11-05 20:42 . 2010-11-05 20:43 -------- d-----w- d:\programme\RunAsAdmin
2010-11-05 20:42 . 2006-04-09 01:00 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2010-11-05 20:42 . 2006-04-09 01:00 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-11-05 20:41 . 2000-10-06 23:13 106544 ----a-w- c:\windows\system32\TWEAKUI.CPL
2010-11-05 20:28 . 2010-11-05 20:28 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-05 20:28 . 2010-11-05 20:28 -------- d-----w- d:\programme\MSBuild
2010-11-05 20:28 . 2010-11-05 20:28 -------- d-----w- d:\programme\Reference Assemblies
2010-11-05 20:27 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-05 20:26 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-05 20:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-05 20:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-05 20:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-05 20:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-05 20:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-05 20:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-05 20:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-05 19:28 . 2010-11-05 19:29 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared
2010-11-05 19:27 . 2010-11-05 19:30 -------- d-----w- d:\programme\DivX
2010-11-05 19:19 . 2010-11-05 19:20 -------- d-----w- d:\programme\Recuva
2010-11-05 18:07 . 2010-11-05 18:07 -------- d--h--w- c:\windows\PIF
2010-11-05 18:03 . 2010-11-22 19:10 -------- d-----w- d:\programme\Windows Desktop Search
2010-11-05 18:03 . 2010-11-05 18:03 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-05 18:01 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-11-05 18:01 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-11-05 18:01 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-11-05 08:14 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-05 07:32 . 2010-11-09 17:11 -------- d-----w- d:\programme\Buhl
2010-11-04 23:42 . 2010-11-04 23:42 -------- d-----w- d:\programme\GIMP-2.0
2010-11-04 23:09 . 2010-11-04 23:09 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe AIR
2010-11-04 22:54 . 2010-11-07 10:12 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-11-04 17:22 . 2010-11-04 17:22 -------- d-----w- d:\programme\Foxit Software
2010-11-04 15:43 . 2010-11-18 20:42 -------- d-----w- d:\programme\Google
2010-11-04 15:42 . 2010-11-04 15:42 -------- d-----w- d:\programme\VideoLAN
2010-11-04 15:40 . 2010-11-04 15:40 -------- d-----w- d:\programme\IrfanView
2010-11-04 15:38 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-11-04 15:38 . 2010-11-04 15:38 -------- d-----w- d:\programme\CDBurnerXP
2010-11-04 15:32 . 2008-11-04 02:30 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-11-04 15:32 . 2006-10-26 18:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-11-04 15:31 . 2006-09-15 16:25 77824 ----a-w- c:\windows\system32\WMTRAY.DLL
2010-11-04 15:30 . 2010-11-04 16:39 -------- d-----w- d:\programme\Microsoft Works
2010-11-04 15:25 . 2010-11-04 15:30 -------- d-----w- c:\windows\SHELLNEW
2010-11-04 15:11 . 2010-11-04 15:11 -------- d-----w- d:\programme\Microsoft.NET
2010-11-04 14:19 . 2010-11-04 14:19 -------- d-----w- d:\programme\MSXML 4.0
2010-11-04 14:17 . 2010-09-18 06:52 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-04 14:17 . 2010-09-18 06:52 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-04 14:16 . 2010-08-23 16:11 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-04 14:10 . 2010-11-04 14:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-04 14:10 . 2010-11-04 14:10 -------- d-----w- d:\programme\DAEMON Tools Lite
2010-11-04 06:02 . 2010-11-04 06:02 -------- d-----w- d:\programme\TeamViewer
2010-11-04 05:23 . 2010-11-13 08:25 -------- d-----w- c:\windows\system32\NtmsData
2010-11-03 23:41 . 2010-11-03 23:41 -------- d-----w- d:\programme\Trend Micro
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 17:40 . 2005-03-09 11:28 6144 ------w- c:\windows\system32\drivers\NTIDrvr.sys
2010-11-03 17:31 . 2004-06-25 01:15 529 ----a-w- c:\windows\CLEANUP.CMD
2010-11-03 17:31 . 2004-06-25 01:13 634 ----a-w- c:\windows\HOTFIX.BAT
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-18 11:22 . 2004-08-04 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2004-08-04 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2004-08-04 04:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2004-08-04 04:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:47 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:50 . 2004-08-04 04:00 285824 ------w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2004-08-04 04:00 1852928 ------w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 88363]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Tweak UI 1.33 deutsch"="TWEAKUI.CPL" [2000-10-06 106544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
p:\profile\Rene.ACER3000\Startmen\Programme\Autostart\
Mousometer.lnk - d:\programme\MousOmeter\mousometer.exe [2010-11-2 140288]
p:\profile\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2010-11-4 813584]
Mousometer.lnk - d:\programme\MousOmeter\mousometer.exe [2010-11-2 140288]
Windows Search.lnk - d:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\P:^Profile^All Users^Startmenü^Programme^Autostart^Utility Tray.lnk]
path=p:\profile\All Users\Startmenü\Programme\Autostart\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:30 132392 ----a-w- c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\programme\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- d:\programme\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-11-16 15:54 385024 ----a-w- c:\acer\Empowering Technology\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
d:\programme\Nero\Nero8\InCD\InCD.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-10-12 14:16 315392 ----a-w- c:\programme\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
d:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 07:25 570664 ----a-w- c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
d:\programme\Nero\Nero8\InCD\NBHGui.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-02-23 17:13 77824 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-10-07 22:43 688218 ----a-w- c:\programme\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-10-07 22:44 98394 ----a-w- c:\programme\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
Inhalt des "geplante Tasks" Ordners
2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programme\Google\Update\GoogleUpdate.exe [2010-11-18 20:41]
2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programme\Google\Update\GoogleUpdate.exe [2010-11-18 20:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - plugin: d:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: HTTPS-Everywhere: https-everywhere@eff.org - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\https-everywhere@eff.org
FF - Extension: Force-TLS: forcetls@sid.stamm - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\forcetls@sid.stamm
FF - Extension: Firesheep: firesheep@codebutler.com - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Greasefire: greasefire@skrul.com - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\greasefire@skrul.com
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\toggleprivatebrowsing@supernova00.biz
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Extension: Firebug: firebug@software.joehewitt.com - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\firebug@software.joehewitt.com
FF - Extension: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\elemhidehelper@adblockplus.org
FF - Extension: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Extension: Java Quick Starter: jqs@sun.com - d:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
---- FIREFOX Richtlinien ----
// This one makes a huge difference. Last value in milliseconds (default is 250)
FF - user.js: nglayout.initialpaint.delay - 0
// Change to normal Google search:
FF - user.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-28 23:34
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Memory Cache 4.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\AGRSM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]
"ImagePath"="system32\drivers\ALCXWDM.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\anbmService]
"ImagePath"="c:\acer\eManager\anbmServ.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AntiVirSchedulerService]
"ImagePath"="\"d:\avira\AntiVir Desktop\sched.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AntiVirService]
"ImagePath"="\"d:\avira\AntiVir Desktop\avguard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_4.0.30319]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avgio]
"ImagePath"="\??\d:\avira\AntiVir Desktop\avgio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avgntflt]
"ImagePath"="system32\DRIVERS\avgntflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl5.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\p:\profile\ADMINI~1\LOKALE~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DKbFltr]
"ImagePath"="System32\Drivers\DKbFltr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]
"ImagePath"="system32\DRIVERS\gagp30kx.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"d:\programme\Google\Update\GoogleUpdate.exe\" /svc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"d:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Hardlock]
"ImagePath"="\??\c:\windows\system32\drivers\hardlock.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Haspnt]
"ImagePath"="\??\c:\windows\system32\drivers\Haspnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\int15.sys]
"ImagePath"="\??\c:\acer\Empowering Technology\eRecovery\int15.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"d:\programme\Java\jre6\bin\jqs.exe\" -service -config \"d:\programme\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KOBCCEX]
"ImagePath"="system32\drivers\KOBCCEX.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KOBCCID]
"ImagePath"="system32\drivers\KOBCCID.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kobknusb]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LBeepKE]
"ImagePath"="System32\Drivers\LBeepKE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceS]
"ImagePath"="c:\windows\system32\LEXBCES.EXE"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LHidFilt]
"ImagePath"="system32\DRIVERS\LHidFilt.Sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LMouFilt]
"ImagePath"="system32\DRIVERS\LMouFilt.Sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MicroGuard]
"ImagePath"="\??\c:\windows\system32\drivers\mgnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSSCNTRS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMSAccess]
"ImagePath"="d:\programme\CDBurnerXP\NMSAccessU.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMSAccessU]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTIDrvr]
"ImagePath"="system32\DRIVERS\NTIDrvr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osaio]
"ImagePath"="\SystemRoot\system32\drivers\osaio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osanbm]
"ImagePath"="\SystemRoot\system32\drivers\osanbm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="system32\drivers\pfc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PQNTDrv]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 4.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 4.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 4.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]
"ImagePath"="system32\DRIVERS\sisgrp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISAGP]
"ImagePath"="system32\DRIVERS\SISAGPX.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]
"ImagePath"="system32\DRIVERS\srvkp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]
"ImagePath"="system32\DRIVERS\sisnicxp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 4.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarWindServiceAE]
"ImagePath"="d:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwitchBoard]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{2ED0E438-07F2-4A0A-89D6-6C76572B957E}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TeamViewer5]
"ImagePath"="d:\programme\TeamViewer\Version5\TeamViewer_Service.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UBHelper]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UGatherer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UGTHRSVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\DRIVERS\Wdf01000.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"d:\programme\Windows Media Player\WMPNetwk.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSearchIdxPi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{00E8D545-A957-48B8-BFD1-B689FECE77C6}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6492891F-2C61-471B-A761-93ACE126F16F}]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1879216082-1162323016-502169195-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,7e,a9,dc,f9,4f,ce,49,b4,3f,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,7e,a9,dc,f9,4f,ce,49,b4,3f,aa,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(2268)
d:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-11-28 23:36:34
ComboFix-quarantined-files.txt 2010-11-28 22:36
ComboFix2.txt 2010-11-28 22:21
Vor Suchlauf: 6.045.862.400 Bytes frei
Nach Suchlauf: 6.033.982.976 Bytes frei
- - End Of File - - 7297780A1F55A115067260DFA04EA247
|
|
29.11.2010, 12:29
| #8 |
| /// Malware-holic | FF öfnet Tabs und Google verlinkt auf attackierende Seiten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.11.2010, 18:27
| #9 |
| | FF öfnet Tabs und Google verlinkt auf attackierende Seiten sind denn schon tendenzen ersichtbar? Hinweis C:\ Windows D:\ Programme P:\ Profildaten Scan wurde nur auf C:\ durchgeführt Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-29 18:22:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9100822A rev.3.01
Running: omksu7ly.exe; Driver: P:\Profile\ADMINI~1\LOKALE~1\Temp\uxlirpob.sys
---- System - GMER 1.0.15 ----
SSDT F7B81026 ZwCreateKey
SSDT F7B8101C ZwCreateThread
SSDT F7B8102B ZwDeleteKey
SSDT F7B81035 ZwDeleteValueKey
SSDT spkh.sys ZwEnumerateKey [0xF73AFDA4]
SSDT spkh.sys ZwEnumerateValueKey [0xF73B0132]
SSDT F7B8103A ZwLoadKey
SSDT spkh.sys ZwOpenKey [0xF73970C0]
SSDT F7B81008 ZwOpenProcess
SSDT F7B8100D ZwOpenThread
SSDT spkh.sys ZwQueryKey [0xF73B020A]
SSDT spkh.sys ZwQueryValueKey [0xF73B008A]
SSDT F7B81044 ZwReplaceKey
SSDT F7B8103F ZwRestoreKey
SSDT F7B81030 ZwSetValueKey
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F1A9816D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F1A97FC2
INT 0x62 ? 859DABF8
INT 0x82 ? 859DABF8
INT 0x84 ? 8581CBF8
INT 0x94 ? 8581CBF8
INT 0xB1 ? 859DCBF8
INT 0xB4 ? 8581CBF8
Code \??\P:\Profile\ADMINI~1\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? spkh.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F6D0B8AC 5 Bytes JMP 8581C1D8
.text aotnabtd.SYS F6C5F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aotnabtd.SYS F6C5F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aotnabtd.SYS F6C5F3C4 3 Bytes [00, 80, 02]
.text aotnabtd.SYS F6C5F3C9 1 Byte [30]
.text aotnabtd.SYS F6C5F3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xF17D2400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF1874420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF1874420]
.protectÿÿÿÿhardlockunknown last code section [0xF1874200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xF1874200, 0x5049, 0xE0000020]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? P:\Profile\ADMINI~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2408] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7398042] spkh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739813E] spkh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73980C0] spkh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7398800] spkh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73986D6] spkh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A7B90] spkh.sys
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aotnabtd.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 859D91F8
Device \FileSystem\Fastfat \FatCdrom 854551F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbohci \Device\USBPDO-0 85835500
Device \Driver\usbohci \Device\USBPDO-1 85835500
Device \Driver\usbehci \Device\USBPDO-2 8583B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{00E8D545-A957-48B8-BFD1-B689FECE77C6} 855B0500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8596F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8596F1F8
Device \Driver\Cdrom \Device\CdRom0 8583D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8596F1F8
Device \Driver\Cdrom \Device\CdRom1 8583D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8596F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8596F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8596F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 855B0500
Device \Driver\PCI_PNP0570 \Device\0000004b spkh.sys
Device \Driver\NetBT \Device\NetbiosSmb 855B0500
Device \Driver\usbohci \Device\USBFDO-0 85835500
Device \Driver\usbohci \Device\USBFDO-1 85835500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855871F8
Device \Driver\usbehci \Device\USBFDO-2 8583B500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 855871F8
Device \Driver\Ftdisk \Device\FtControl 8596F1F8
Device \Driver\sptd \Device\3201611820 spkh.sys
Device \Driver\aotnabtd \Device\Scsi\aotnabtd1Port2Path0Target0Lun0 857F31F8
Device \Driver\aotnabtd \Device\Scsi\aotnabtd1 857F31F8
Device \FileSystem\Fastfat \Fat 854551F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 85530500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0x93 0x08 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB1 0x4F 0x29 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xE5 0xEA 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0xF4 0x5F 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0x93 0x08 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB1 0x4F 0x29 0x31 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xE5 0xEA 0x8D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0xF4 0x5F 0xC4 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
---- EOF - GMER 1.0.15 ----
|
|
29.11.2010, 19:44
| #10 |
| /// Malware-holic | FF öfnet Tabs und Google verlinkt auf attackierende Seiten nein, leider. kannst du mir noch mal ne neue otl.txt posten?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.11.2010, 21:18
| #11 |
| | FF öfnet Tabs und Google verlinkt auf attackierende Seiten na klar OTL Code:
ATTFilter OTL logfile created on: 29.11.2010 20:12:38 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = D:\Download Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,00 Mb Total Physical Memory | 555,00 Mb Available Physical Memory | 58,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): X:\pagefile.sys 1500 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 15,00 Gb Total Space | 5,64 Gb Free Space | 37,63% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 10,54 Gb Free Space | 70,27% Space Free | Partition Type: NTFS Drive P: | 50,00 Gb Total Space | 16,26 Gb Free Space | 32,52% Space Free | Partition Type: NTFS Drive X: | 5,23 Gb Total Space | 3,61 Gb Free Space | 68,94% Space Free | Partition Type: NTFS Computer Name: ACER3000 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.28 13:05:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe PRC - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.08.02 16:09:40 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.02 16:09:34 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.02 16:09:34 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.14 22:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.04 06:24:25 | 000,140,288 | ---- | M] () -- D:\Programme\MousOmeter\mousometer.exe PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- D:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.12.12 08:31:10 | 000,537,896 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe PRC - [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.11.16 16:54:56 | 000,385,024 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe PRC - [2005.03.04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe PRC - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe ========== Modules (SafeList) ========== MOD - [2010.11.28 13:05:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009.07.20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- D:\Programme\Logitech\SetPoint\lgscroll.dll MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.08.02 16:09:40 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.02 16:09:34 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2008.12.12 08:31:10 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- P:\Profile\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2010.11.27 12:37:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.19 00:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2010.11.04 15:10:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.03 18:40:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2010.08.02 16:09:48 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.06.17 15:27:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:54 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2009.01.28 20:04:42 | 000,023,168 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCEX.sys -- (KOBCCEX) DRV - [2009.01.28 20:04:18 | 000,083,840 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCID.sys -- (KOBCCID) DRV - [2005.07.28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2005.03.04 16:37:26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio) DRV - [2005.03.02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2005.02.25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2005.02.24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys) DRV - [2004.12.21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004.12.08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) DRV - [2004.11.05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP) DRV - [2004.10.07 23:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2004.10.07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.05.05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003.07.18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [1998.03.03 13:55:58 | 000,040,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mgnt.sys -- (MicroGuard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1879216082-1162323016-502169195-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: d:\Programme\Mozilla Firefox\components [2010.11.03 19:13:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins [2010.11.18 23:25:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.11.03 22:30:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.11.18 23:25:14 | 000,000,000 | ---D | M] [2010.11.06 13:39:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.11.22 06:43:04 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\otsff5j9.default\extensions [2010.11.06 13:39:45 | 000,000,000 | ---D | M] (Adblock Plus) -- P:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\otsff5j9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.29 15:27:54 | 000,000,000 | ---D | M] -- D:\Programme\Mozilla Firefox\extensions [2010.11.03 22:05:51 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.03 22:05:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.11.04 18:22:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- D:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.10.27 06:44:14 | 000,001,392 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:14 | 000,002,344 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:14 | 000,006,805 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:14 | 000,001,178 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:14 | 000,001,105 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.28 23:16:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Tweak UI 1.33 deutsch] C:\WINDOWS\System32\TWEAKUI.CPL (Brummelchen@gmx.at) O4 - Startup: P:\Profile\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: P:\Profile\All Users\Startmenü\Programme\Autostart\Mousometer.lnk = D:\Programme\MousOmeter\mousometer.exe () O4 - Startup: P:\Profile\Rene.ACER3000\Startmenü\Programme\Autostart\Mousometer.lnk = D:\Programme\MousOmeter\mousometer.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data] O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288886940468 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.03.09 12:28:00 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "idsvc" MsConfig - StartUpFolder: P:^Profile^All Users^Startmenü^Programme^Autostart^Utility Tray.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - D:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: eRecoveryService - hkey= - key= - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) MsConfig - StartUpReg: InCD - hkey= - key= - D:\Programme\Nero\Nero8\InCD\InCD.exe File not found MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - D:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: SecurDisc - hkey= - key= - D:\Programme\Nero\Nero8\InCD\NBHGui.exe File not found MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183528496136192) ========== Files/Folders - Created Within 30 Days ========== [2010.11.28 23:36:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.11.28 22:50:31 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.11.28 22:46:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.11.28 22:46:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.11.28 22:46:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.11.28 22:46:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.11.28 22:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.11.28 22:45:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.11.28 21:19:06 | 000,000,000 | RH-D | C] -- P:\Profile\Administrator\Recent [2010.11.28 10:45:32 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Anwendungsdaten\Sun [2010.11.27 15:58:32 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\VirtualDJ [2010.11.27 15:58:32 | 000,000,000 | ---D | C] -- D:\Programme\VirtualDJ [2010.11.26 08:52:36 | 000,000,000 | -HSD | C] -- P:\Profile\NetworkService\Anwendungsdaten\Microsoft [2010.11.26 08:51:21 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Anwendungsdaten\Macromedia [2010.11.26 08:51:17 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Anwendungsdaten\Adobe [2010.11.25 11:03:52 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Anwendungsdaten\Sun [2010.11.24 22:20:40 | 000,000,000 | ---D | C] -- D:\Programme\uploaded Tool 2009 [2010.11.23 19:19:38 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.11.23 15:32:33 | 000,000,000 | ---D | C] -- D:\Programme\TagRename [2010.11.23 15:17:14 | 000,000,000 | ---D | C] -- D:\Programme\Citavi 3 [2010.11.23 14:50:25 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Anwendungsdaten\Macromedia [2010.11.23 14:07:55 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Anwendungsdaten\Adobe [2010.11.23 13:41:13 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Swiss Academic Software [2010.11.23 11:40:09 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\UDC Profiles [2010.11.23 11:39:06 | 000,024,440 | ---- | C] (fCoder Group, Inc.) -- C:\WINDOWS\System32\udcpm.dll [2010.11.23 11:39:04 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\UDC Output Files [2010.11.23 11:38:47 | 000,000,000 | ---D | C] -- D:\Programme\Universal Document Converter [2010.11.22 19:58:17 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Windows Desktop Search [2010.11.22 19:31:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance [2010.11.22 19:31:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation [2010.11.22 19:29:35 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010.11.22 19:28:56 | 000,000,000 | ---D | C] -- D:\Programme\Windows Media Connect 2 [2010.11.22 19:18:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010.11.22 19:18:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010.11.22 12:02:09 | 000,000,000 | ---D | C] -- D:\Programme\Nero [2010.11.21 18:21:05 | 001,414,440 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager310E2D762.dll [2010.11.21 17:40:37 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Nero [2010.11.21 17:40:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nero [2010.11.21 17:06:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Nero [2010.11.21 16:53:17 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Ahead [2010.11.21 16:49:34 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Nero [2010.11.21 16:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages [2010.11.21 16:32:30 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll [2010.11.21 16:32:27 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll [2010.11.20 19:23:11 | 000,000,000 | ---D | C] -- D:\Programme\Alcohol Soft [2010.11.20 18:44:40 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Canneverbe Limited [2010.11.19 00:17:02 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2010.11.19 00:13:19 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys [2010.11.19 00:13:10 | 000,047,616 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys [2010.11.19 00:13:10 | 000,006,656 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll [2010.11.19 00:13:07 | 000,030,208 | ---- | C] (Micro Macro Technologies) -- C:\WINDOWS\System32\Mg32.dll [2010.11.19 00:13:00 | 000,374,368 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\pdfexpt.dll [2010.11.19 00:13:00 | 000,210,528 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\rtfexpt.dll [2010.11.19 00:13:00 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx [2010.11.19 00:13:00 | 000,195,104 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\mem32x20.ocx [2010.11.19 00:13:00 | 000,132,704 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\textexpt.dll [2010.11.19 00:12:59 | 000,554,592 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\htmlexpt.dll [2010.11.19 00:12:59 | 000,468,224 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\csimxctl.ocx [2010.11.19 00:12:59 | 000,357,984 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\exclexpt.dll [2010.11.19 00:12:59 | 000,144,456 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\csmtp32.ocx [2010.11.19 00:12:59 | 000,136,224 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\csmsg32.ocx [2010.11.19 00:12:58 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX [2010.11.19 00:12:57 | 001,015,808 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\ActRpt.dll [2010.11.19 00:12:57 | 000,595,488 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Edt32x20.ocx [2010.11.19 00:12:57 | 000,329,600 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\ARViewer.ocx [2010.11.19 00:12:56 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL [2010.11.19 00:12:56 | 000,268,288 | ---- | C] (D.I. Management Services Pty Limited ABN 78 083 210 584 <www.di-mgt.com.au> <www.cryptosys.net>) -- C:\WINDOWS\System32\diCryptoSys.dll [2010.11.19 00:12:56 | 000,095,920 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\CSICMP32.DLL [2010.11.19 00:12:56 | 000,053,248 | ---- | C] (EllTech Development, Inc.) -- C:\WINDOWS\System32\MHENCD32.DLL [2010.11.19 00:12:56 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL [2010.11.19 00:12:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll [2010.11.19 00:12:40 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL [2010.11.19 00:08:32 | 000,329,600 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\drivers\ARViewer.ocx [2010.11.18 23:11:52 | 000,000,000 | ---D | C] -- D:\Programme\MICROCAT [2010.11.18 22:11:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax [2010.11.18 22:11:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax [2010.11.18 22:11:25 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax [2010.11.18 22:11:25 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax [2010.11.18 22:11:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax [2010.11.18 22:11:24 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2010.11.18 22:11:24 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll [2010.11.18 22:11:24 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax [2010.11.18 22:11:24 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll [2010.11.18 22:11:23 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax [2010.11.18 22:11:23 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax [2010.11.18 22:11:23 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll [2010.11.18 22:11:23 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax [2010.11.18 22:10:55 | 000,000,000 | ---D | C] -- D:\Programme\SUPER [2010.11.18 21:41:45 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Temp [2010.11.18 21:41:44 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2010.11.17 22:17:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Vbox [2010.11.17 22:16:17 | 000,000,000 | ---D | C] -- D:\Programme\Macromedia [2010.11.17 21:42:51 | 000,000,000 | ---D | C] -- D:\Programme\phase5 [2010.11.13 20:05:17 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Canneverbe Limited [2010.11.12 11:06:12 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Malwarebytes [2010.11.12 08:58:25 | 000,000,000 | ---D | C] -- D:\Programme\MousOmeter [2010.11.11 22:34:02 | 000,000,000 | ---D | C] -- D:\Programme\bin [2010.11.11 22:25:08 | 000,000,000 | ---D | C] -- D:\Programme\Iolo [2010.11.11 22:23:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\My Macros [2010.11.11 22:21:28 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Application Data [2010.11.09 23:24:52 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\DivX [2010.11.09 18:39:27 | 000,083,840 | ---- | C] (KOBIL Systems GmbH) -- C:\WINDOWS\System32\drivers\KOBCCID.sys [2010.11.09 18:39:27 | 000,023,168 | ---- | C] (KOBIL Systems GmbH) -- C:\WINDOWS\System32\drivers\KOBCCEX.sys [2010.11.09 18:39:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010.11.09 18:39:15 | 000,430,080 | ---- | C] (KOBIL Systems GmbH) -- C:\WINDOWS\System32\CT32.dll [2010.11.09 18:39:14 | 001,712,128 | ---- | C] (KOBIL Systems) -- C:\WINDOWS\System32\CTAPI_Control.cpl [2010.11.09 18:39:13 | 000,466,944 | ---- | C] (KOBIL Systems) -- C:\WINDOWS\System32\CTAPIUtilities.dll [2010.11.09 18:39:05 | 000,000,000 | ---D | C] -- D:\Programme\KOBIL Systems [2010.11.09 18:15:45 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service [2010.11.08 22:40:09 | 000,000,000 | ---D | C] -- D:\Programme\PWUnmask [2010.11.08 22:05:06 | 000,000,000 | ---D | C] -- D:\Programme\Desktop Icon Manager [2010.11.08 18:02:38 | 000,000,000 | ---D | C] -- D:\Programme\Lavalys [2010.11.07 18:16:14 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.11.07 17:51:18 | 000,000,000 | ---D | C] -- D:\Programme\ColorPic 4.1 [2010.11.07 09:53:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2010.11.06 19:15:14 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Avira [2010.11.06 14:52:40 | 000,000,000 | --SD | C] -- P:\Profile\LocalService\Anwendungsdaten\Microsoft [2010.11.06 14:52:40 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.11.06 14:52:38 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.11.06 13:47:27 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\WINDOWS [2010.11.06 13:47:25 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Vorlagen [2010.11.06 13:47:21 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Startmenü [2010.11.06 13:47:20 | 000,000,000 | RH-D | C] -- P:\Profile\Administrator\SendTo [2010.11.06 13:47:20 | 000,000,000 | -HSD | C] -- P:\Profile\Administrator\PrivacIE [2010.11.06 13:47:20 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Netzwerkumgebung [2010.11.06 13:46:43 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.11.06 13:46:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Help [2010.11.06 13:46:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Google [2010.11.06 13:46:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service [2010.11.06 13:46:39 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft Help [2010.11.06 13:46:39 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.11.06 13:45:10 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.11.06 13:45:10 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.11.06 13:40:02 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Favoriten [2010.11.06 13:40:02 | 000,000,000 | -HSD | C] -- P:\Profile\Administrator\IETldCache [2010.11.06 13:40:02 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Lokale Einstellungen [2010.11.06 13:40:02 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Druckumgebung [2010.11.06 13:40:01 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Desktop [2010.11.06 13:39:59 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\Eigene Videos [2010.11.06 13:39:59 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\Eigene Musik [2010.11.06 13:39:59 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\Eigene Bilder [2010.11.06 13:39:59 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\Downloads [2010.11.06 13:39:55 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien [2010.11.06 13:39:55 | 000,000,000 | -HSD | C] -- P:\Profile\Administrator\Cookies [2010.11.06 13:39:55 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\WISO Mein Geld [2010.11.06 13:39:55 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Adobe [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Macromedia [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Logitech [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\LetsTrade [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Identities [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Help [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Foxit Software [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\DAEMON Tools Lite [2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service GmbH [2010.11.06 13:39:48 | 000,000,000 | --SD | C] -- P:\Profile\Administrator\Anwendungsdaten\Microsoft [2010.11.06 13:39:41 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla [2010.11.06 13:39:33 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\TeamViewer [2010.11.06 13:39:33 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Sun [2010.11.06 13:39:31 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\uTorrent [2010.11.06 13:39:30 | 000,000,000 | RH-D | C] -- P:\Profile\Administrator\Anwendungsdaten [2010.11.06 13:39:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\WinRAR [2010.11.06 13:39:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Windows Search [2010.11.06 13:39:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\WildPackets [2010.11.06 13:28:33 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Malwarebytes [2010.11.06 13:27:26 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Logitech [2010.11.06 13:27:26 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\LogiShrd [2010.11.06 13:27:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\DivX [2010.11.06 13:27:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.11.06 13:27:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.11.06 13:26:22 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Avira [2010.11.06 13:22:50 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Adobe [2010.11.06 13:22:03 | 000,000,000 | --SD | C] -- P:\Profile\All Users\Anwendungsdaten\Microsoft [2010.11.06 13:22:02 | 000,000,000 | RH-D | C] -- P:\Profile\All Users\Anwendungsdaten [2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Windows Genuine Advantage [2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Sun [2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Microsoft Help [2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Desktop [2010.11.06 13:22:01 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente\Eigene Bilder [2010.11.06 13:22:00 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente\Eigene Videos [2010.11.06 13:22:00 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente\Eigene Musik [2010.11.06 13:22:00 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente [2010.11.06 13:22:00 | 000,000,000 | -HSD | C] -- P:\Profile\All Users\DRM [2010.11.06 13:22:00 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Favoriten [2010.11.06 13:21:50 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Startmenü [2010.11.06 13:21:50 | 000,000,000 | -H-D | C] -- P:\Profile\All Users\Vorlagen [2010.11.06 11:48:08 | 000,000,000 | R--D | C] -- C:\MSOCache [2010.11.06 09:03:19 | 000,000,000 | ---D | C] -- D:\Programme\WildPackets [2010.11.06 08:58:49 | 000,000,000 | ---D | C] -- D:\Programme\VirusTotalUploader2 [2010.11.06 08:22:48 | 000,000,000 | ---D | C] -- D:\Programme\uTorrent [2010.11.05 21:52:53 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe [2010.11.05 21:42:43 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL [2010.11.05 21:42:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2010.11.05 21:42:43 | 000,082,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX [2010.11.05 21:42:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPDE.DLL [2010.11.05 21:42:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL [2010.11.05 21:42:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hh.exe [2010.11.05 21:42:39 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX [2010.11.05 21:42:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL [2010.11.05 21:42:39 | 000,000,000 | ---D | C] -- D:\Programme\RunAsAdmin [2010.11.05 21:41:47 | 000,106,544 | ---- | C] (Brummelchen@gmx.at) -- C:\WINDOWS\System32\TWEAKUI.CPL [2010.11.05 21:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2010.11.05 21:28:43 | 000,000,000 | ---D | C] -- D:\Programme\MSBuild [2010.11.05 21:28:31 | 000,000,000 | ---D | C] -- D:\Programme\Reference Assemblies [2010.11.05 21:26:56 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2010.11.05 21:26:56 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2010.11.05 21:26:56 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2010.11.05 21:26:56 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2010.11.05 21:26:55 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2010.11.05 21:26:55 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2010.11.05 21:20:45 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010.11.05 20:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared [2010.11.05 20:27:39 | 000,000,000 | ---D | C] -- D:\Programme\DivX [2010.11.05 20:19:59 | 000,000,000 | ---D | C] -- D:\Programme\Recuva [2010.11.05 19:07:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.11.05 19:03:44 | 000,000,000 | ---D | C] -- D:\Programme\Windows Desktop Search [2010.11.05 19:03:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy [2010.11.05 19:01:58 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll [2010.11.05 19:01:58 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll [2010.11.05 19:01:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll [2010.11.05 09:14:01 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2010.11.05 09:14:01 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2010.11.05 08:32:35 | 000,000,000 | ---D | C] -- D:\Programme\Buhl [2010.11.05 00:42:25 | 000,000,000 | ---D | C] -- D:\Programme\GIMP-2.0 [2010.11.05 00:09:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR [2010.11.05 00:09:49 | 000,000,000 | ---D | C] -- D:\Programme\Adobe [2010.11.04 23:54:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2010.11.04 18:22:54 | 000,000,000 | ---D | C] -- D:\Programme\Foxit Software [2010.11.04 16:43:41 | 000,000,000 | ---D | C] -- D:\Programme\Google [2010.11.04 16:42:03 | 000,000,000 | ---D | C] -- D:\Programme\VideoLAN [2010.11.04 16:40:15 | 000,000,000 | ---D | C] -- D:\Programme\IrfanView [2010.11.04 16:38:42 | 000,000,000 | ---D | C] -- D:\Programme\CDBurnerXP [2010.11.04 16:32:38 | 000,030,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll [2010.11.04 16:30:54 | 000,000,000 | ---D | C] -- D:\Programme\Microsoft Works [2010.11.04 16:30:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER [2010.11.04 16:25:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW [2010.11.04 16:24:57 | 000,000,000 | ---D | C] -- D:\Programme\Microsoft Office [2010.11.04 16:13:31 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010.11.04 16:11:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2010.11.04 16:11:32 | 000,000,000 | ---D | C] -- D:\Programme\Microsoft.NET [2010.11.04 16:11:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2010.11.04 15:19:26 | 000,000,000 | ---D | C] -- D:\Programme\MSXML 4.0 [2010.11.04 15:17:13 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.11.04 15:17:12 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.11.04 15:16:44 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.11.04 15:10:29 | 000,000,000 | ---D | C] -- D:\Programme\DAEMON Tools Lite [2010.11.04 15:01:24 | 000,286,720 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxblcomm.dll [2010.11.04 15:01:24 | 000,201,216 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXP2P32.DLL [2010.11.04 15:01:24 | 000,197,120 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEX2KUSB.DLL [2010.11.04 15:01:24 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCE.DLL [2010.11.04 15:01:24 | 000,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxblpwr.dll [2010.11.04 15:01:23 | 000,200,192 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXLMPM.DLL [2010.11.04 15:01:23 | 000,000,000 | ---D | C] -- D:\Programme\Lexmark Z700-P700 Series [2010.11.04 15:01:22 | 000,983,101 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LXBLGF.DLL [2010.11.04 15:01:22 | 000,458,752 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLJSWR.DLL [2010.11.04 15:01:22 | 000,339,968 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLUTIL.DLL [2010.11.04 15:01:22 | 000,155,648 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPING.EXE [2010.11.04 15:01:22 | 000,094,208 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLCUR.DLL [2010.11.04 15:01:22 | 000,069,632 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLCU.DLL [2010.11.04 15:01:21 | 000,544,768 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLLSNT.EXE [2010.11.04 15:01:21 | 000,286,720 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLPMNT.DLL [2010.11.04 15:01:21 | 000,217,088 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLLCNT.DLL [2010.11.04 15:01:21 | 000,126,976 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLCFG.EXE [2010.11.04 15:01:17 | 000,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin0407.exe [2010.11.04 07:02:24 | 000,000,000 | ---D | C] -- D:\Programme\TeamViewer [2010.11.04 06:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.11.04 00:41:52 | 000,000,000 | ---D | C] -- D:\Programme\Trend Micro [2010.11.04 00:37:47 | 000,000,000 | ---D | C] -- D:\Programme\CCleaner [2010.11.04 00:37:16 | 000,000,000 | ---D | C] -- D:\Programme\Defraggler [2010.11.04 00:18:15 | 000,010,384 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys [2010.11.04 00:16:51 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll [2010.11.04 00:16:51 | 000,145,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll [2010.11.04 00:16:51 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll [2010.11.04 00:16:51 | 000,084,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll [2010.11.04 00:16:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Logishrd [2010.11.04 00:16:00 | 000,000,000 | ---D | C] -- D:\Programme\Logitech [2010.11.04 00:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010.11.03 23:37:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.11.03 23:37:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.11.03 23:37:01 | 000,000,000 | ---D | C] -- D:\Programme\Malwarebytes' Anti-Malware [2010.11.03 23:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010.11.03 22:41:32 | 000,000,000 | ---D | C] -- D:\Programme\xerox [2010.11.03 22:41:31 | 000,000,000 | ---D | C] -- D:\Programme\outlook express [2010.11.03 22:41:30 | 000,000,000 | ---D | C] -- D:\Programme\netmeeting [2010.11.03 22:41:30 | 000,000,000 | ---D | C] -- D:\Programme\msn gaming zone [2010.11.03 22:41:30 | 000,000,000 | ---D | C] -- D:\Programme\microsoft frontpage [2010.11.03 22:41:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.11.03 22:29:35 | 000,000,000 | ---D | C] -- D:\Programme\Messenger [2010.11.03 22:29:00 | 000,000,000 | ---D | C] -- D:\Programme\msn [2010.11.03 22:28:59 | 000,000,000 | ---D | C] -- D:\Programme\windows nt [2010.11.03 22:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010.11.03 22:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2010.11.03 22:28:58 | 000,000,000 | ---D | C] -- D:\Programme\movie maker [2010.11.03 22:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010.11.03 22:25:51 | 000,000,000 | ---D | C] -- D:\Programme\windows media player [2010.11.03 22:24:38 | 000,000,000 | ---D | C] -- D:\Programme\MozBackup-1.4.10-DE [2010.11.03 22:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010.11.03 22:22:19 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Thunderbird [2010.11.03 22:20:01 | 000,000,000 | -H-D | C] -- D:\Programme\InstallShield Installation Information [2010.11.03 22:18:49 | 000,000,000 | ---D | C] -- D:\Programme\Symantec [2010.11.03 22:16:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.11.03 22:16:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [2010.11.03 22:06:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.11.03 22:05:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.11.03 22:05:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.03 22:05:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.03 22:05:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.03 22:05:50 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.11.03 22:05:35 | 000,000,000 | ---D | C] -- D:\Programme\Java [2010.11.03 22:04:38 | 000,000,000 | ---D | C] -- D:\Programme\JDownloader [2010.11.03 21:30:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010.11.03 21:06:35 | 000,000,000 | -H-D | C] -- D:\Programme\Uninstall Information [2010.11.03 21:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.11.03 21:01:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.11.03 21:01:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.11.03 21:01:23 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.11.03 21:01:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.11.03 21:01:22 | 011,080,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010.11.03 21:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010.11.03 21:01:00 | 000,000,000 | ---D | C] -- D:\Programme\Internet Explorer [2010.11.03 21:00:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.11.03 21:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010.11.03 20:52:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2010.11.03 20:41:10 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2010.11.03 20:41:09 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll [2010.11.03 20:41:06 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2010.11.03 20:41:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll [2010.11.03 20:41:05 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2010.11.03 20:41:05 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll [2010.11.03 20:41:04 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2010.11.03 20:41:01 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2010.11.03 20:41:00 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll [2010.11.03 20:41:00 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2010.11.03 20:41:00 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2010.11.03 20:40:59 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2010.11.03 20:40:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2010.11.03 20:40:58 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2010.11.03 20:40:58 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [2010.11.03 20:40:57 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2010.11.03 20:40:57 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2010.11.03 20:40:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2010.11.03 20:40:56 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2010.11.03 20:40:56 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2010.11.03 20:40:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2010.11.03 20:40:54 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2010.11.03 20:40:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2010.11.03 20:40:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2010.11.03 20:40:49 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2010.11.03 20:40:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2010.11.03 20:40:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2010.11.03 20:40:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2010.11.03 20:40:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2010.11.03 20:40:46 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2010.11.03 20:40:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2010.11.03 20:40:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2010.11.03 20:40:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2010.11.03 20:40:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2010.11.03 20:40:43 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2010.11.03 20:40:43 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2010.11.03 20:40:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2010.11.03 20:40:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe [2010.11.03 20:40:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2010.11.03 20:40:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2010.11.03 20:40:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2010.11.03 20:40:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2010.11.03 20:40:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2010.11.03 20:40:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2010.11.03 20:40:32 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys [2010.11.03 20:40:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2010.11.03 20:40:31 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2010.11.03 20:40:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe [2010.11.03 20:40:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe [2010.11.03 20:40:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2010.11.03 20:40:25 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll [2010.11.03 20:40:22 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2010.11.03 20:40:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.11.03 20:40:16 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll [2010.11.03 20:40:15 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll [2010.11.03 20:40:15 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys [2010.11.03 20:40:13 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll [2010.11.03 20:40:13 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll [2010.11.03 20:40:13 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe [2010.11.03 20:40:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2010.11.03 20:40:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe [2010.11.03 20:40:12 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll [2010.11.03 20:40:12 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll [2010.11.03 20:40:12 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll [2010.11.03 20:40:12 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe [2010.11.03 20:40:12 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe [2010.11.03 20:40:12 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll [2010.11.03 20:40:11 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll [2010.11.03 20:40:11 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax [2010.11.03 20:40:10 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll [2010.11.03 20:40:10 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys [2010.11.03 20:40:10 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys [2010.11.03 20:40:10 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll [2010.11.03 20:40:09 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll [2010.11.03 20:40:09 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll [2010.11.03 20:40:09 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax [2010.11.03 20:40:09 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2010.11.03 20:40:08 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm [2010.11.03 20:40:08 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm [2010.11.03 20:40:08 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm [2010.11.03 20:40:08 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll [2010.11.03 20:40:08 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll [2010.11.03 20:40:08 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll [2010.11.03 20:40:08 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll [2010.11.03 20:40:08 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll [2010.11.03 20:40:08 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll [2010.11.03 20:40:08 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll [2010.11.03 20:40:08 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll [2010.11.03 20:40:08 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll [2010.11.03 20:40:08 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll [2010.11.03 20:40:08 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll [2010.11.03 20:40:08 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll [2010.11.03 20:40:08 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll [2010.11.03 20:40:08 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll [2010.11.03 20:40:08 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll [2010.11.03 20:39:56 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2010.11.03 20:39:56 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2010.11.03 20:39:56 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2010.11.03 20:39:56 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2010.11.03 20:39:55 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2010.11.03 20:39:55 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2010.11.03 20:39:55 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2010.11.03 20:39:55 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2010.11.03 20:39:55 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2010.11.03 20:39:54 | 000,701,952 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys [2010.11.03 20:39:54 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2010.11.03 20:39:52 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys [2010.11.03 20:39:52 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2010.11.03 20:39:52 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2010.11.03 20:39:52 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2010.11.03 20:39:52 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2010.11.03 20:39:52 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2010.11.03 20:39:52 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2010.11.03 20:39:52 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2010.11.03 20:39:52 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2010.11.03 20:39:52 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2010.11.03 20:39:52 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2010.11.03 20:39:52 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2010.11.03 20:39:52 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2010.11.03 20:39:52 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2010.11.03 20:39:51 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2010.11.03 20:39:51 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2010.11.03 20:39:51 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2010.11.03 20:39:51 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2010.11.03 20:39:51 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2010.11.03 20:39:51 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2010.11.03 20:39:51 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2010.11.03 20:39:51 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2010.11.03 20:39:51 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2010.11.03 20:39:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2010.11.03 20:39:51 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2010.11.03 20:39:51 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2010.11.03 20:39:51 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2010.11.03 20:39:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2010.11.03 20:23:06 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010.11.03 20:22:04 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.11.03 20:21:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010.11.03 20:20:16 | 002,192,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.11.03 20:20:13 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.11.03 20:20:10 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.11.03 20:10:50 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010.11.03 20:10:36 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010.11.03 20:10:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.11.03 20:10:14 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010.11.03 20:10:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010.11.03 20:08:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.11.03 20:08:40 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\WINDOWS\IsUn0407.exe [2010.11.03 20:07:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010.11.03 19:49:47 | 000,000,000 | ---D | C] -- D:\Programme\WinRAR [2010.11.03 19:12:55 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Firefox [2010.11.03 19:11:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ [2010.11.03 19:10:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2010.11.03 19:10:55 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe [2010.11.03 19:10:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010.11.03 19:04:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010.11.03 18:58:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.11.03 18:58:29 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.03 18:58:29 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.03 18:58:29 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.11.03 18:58:29 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.11.03 18:41:56 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\WINDOWS\System32\Uninstall_eRecovery.exe [2010.11.03 18:41:32 | 000,147,456 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE [2010.11.03 18:41:32 | 000,049,152 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll [2010.11.03 18:41:32 | 000,016,896 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS [2010.11.03 18:36:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.11.03 18:32:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2010.11.03 18:31:04 | 000,163,840 | ---- | C] (Acer Inc.) -- C:\WINDOWS\AExec.exe [2010.06.08 15:48:10 | 032,969,920 | ---- | C] (fCoder Group, Inc. ) -- P:\Profile\Administrator\Anwendungsdaten\udc.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.29 20:10:04 | 000,001,323 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010.11.29 20:09:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.29 20:09:48 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.11.29 19:46:01 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.11.29 00:08:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.11.28 23:16:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile [2010.11.28 23:16:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.11.28 23:15:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.28 23:15:36 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys [2010.11.28 22:50:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010.11.28 22:16:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.11.28 21:08:09 | 003,981,348 | R--- | M] () -- P:\Profile\Administrator\Desktop\ComboFix.exe [2010.11.27 22:18:38 | 000,000,223 | ---- | M] () -- C:\WINDOWS\lexstat.ini [2010.11.27 18:11:51 | 003,658,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.11.27 12:37:16 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.23 18:27:46 | 000,002,225 | ---- | M] () -- P:\Profile\All Users\Desktop\Nero StartSmart.lnk [2010.11.22 19:57:54 | 000,001,632 | ---- | M] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Windows Search.lnk [2010.11.22 19:57:33 | 000,542,640 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.22 19:57:33 | 000,111,194 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.22 19:51:42 | 000,494,290 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.22 19:51:42 | 000,084,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.11.22 19:42:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010.11.22 19:41:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.11.22 19:41:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.11.22 19:24:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.11.22 19:18:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.11.22 18:50:27 | 000,007,168 | ---- | M] () -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.21 18:05:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini [2010.11.21 16:26:05 | 000,000,388 | ---- | M] () -- P:\Profile\Administrator\Desktop\Download.lnk [2010.11.19 00:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys [2010.11.19 00:13:10 | 000,006,656 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll [2010.11.19 00:13:10 | 000,002,994 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.11.19 00:13:10 | 000,000,383 | ---- | M] () -- C:\WINDOWS\System32\haspdos.sys [2010.11.19 00:10:44 | 000,079,136 | ---- | M] () -- P:\Profile\All Users\Dokumente\Ford Teile.jpg [2010.11.18 23:16:04 | 000,000,581 | ---- | M] () -- P:\Profile\Administrator\Desktop\Microcat.lnk [2010.11.18 06:53:47 | 000,000,766 | -H-- | M] () -- P:\Profile\All Users\Dokumente\os013378.bin [2010.11.12 08:59:39 | 000,000,599 | ---- | M] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Mousometer.lnk [2010.11.09 19:12:52 | 000,000,076 | ---- | M] () -- P:\Profile\Administrator\DoKobDir.bat [2010.11.09 19:03:53 | 000,000,309 | ---- | M] () -- C:\WINDOWS\hbcikrnl.ini [2010.11.09 18:13:25 | 000,000,663 | ---- | M] () -- P:\Profile\All Users\Desktop\WISO Mein Geld 2011.lnk [2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010.11.07 17:51:21 | 000,134,016 | ---- | M] () -- C:\WINDOWS\ColorPic Uninstaller.exe [2010.11.06 08:22:48 | 000,000,537 | ---- | M] () -- P:\Profile\All Users\Desktop\µTorrent.lnk [2010.11.04 16:38:45 | 000,001,503 | ---- | M] () -- P:\Profile\Administrator\Desktop\CDBurnerXP.lnk [2010.11.04 15:44:15 | 000,000,611 | ---- | M] () -- P:\Profile\Administrator\Desktop\Firefox.lnk [2010.11.04 15:41:59 | 000,000,575 | ---- | M] () -- P:\Profile\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.04 15:41:51 | 000,001,593 | ---- | M] () -- P:\Profile\Administrator\Desktop\HijackThis.lnk [2010.11.04 15:41:22 | 000,000,581 | ---- | M] () -- P:\Profile\Administrator\Desktop\CCleaner.lnk [2010.11.04 15:10:40 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.11.04 00:28:59 | 000,000,239 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.11.04 00:18:07 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2010.11.04 00:18:07 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.11.04 00:18:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2010.11.04 00:16:51 | 000,001,548 | ---- | M] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk [2010.11.03 22:32:46 | 000,008,840 | ---- | M] () -- C:\WINDOWS\SEC1293.PNF [2010.11.03 22:22:10 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.11.03 22:20:26 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SEC50.PNF [2010.11.03 22:19:08 | 000,001,763 | ---- | M] () -- P:\Profile\Administrator\Desktop\Norton PartitionMagic.lnk [2010.11.03 22:05:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.11.03 22:05:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.03 22:05:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.03 22:05:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.03 22:05:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.11.03 20:00:08 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini [2010.11.03 19:13:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010.11.03 19:05:24 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010.11.03 18:45:28 | 000,000,091 | ---- | M] () -- C:\WINDOWS\ALaunch.ini [2010.11.03 18:45:22 | 000,000,088 | ---- | M] () -- C:\WINDOWS\GridV.UNI [2010.11.03 18:41:36 | 000,000,079 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI [2010.11.03 18:40:36 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIBUN4.dll [2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIMP3.dll [2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIFCD3.dll [2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTICDMK7.dll [2010.11.03 18:40:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys [2010.11.03 18:39:52 | 000,201,552 | ---- | M] () -- C:\WINDOWS\System32\VGAunistlog.ini [2010.11.03 18:39:18 | 000,000,001 | ---- | M] () -- C:\WINDOWS\~sisRslt [2010.11.03 18:36:34 | 000,000,807 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010.11.03 18:31:06 | 000,000,529 | ---- | M] () -- C:\WINDOWS\CLEANUP.CMD [2010.11.03 18:31:00 | 000,000,634 | ---- | M] () -- C:\WINDOWS\HOTFIX.BAT [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.28 22:50:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.11.28 22:50:35 | 000,262,448 | RHS- | C] () -- C:\cmldr [2010.11.28 22:46:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.11.28 22:46:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.11.28 22:46:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.11.28 22:46:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.11.28 22:46:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.11.28 21:07:41 | 003,981,348 | R--- | C] () -- P:\Profile\Administrator\Desktop\ComboFix.exe [2010.11.23 18:27:46 | 000,002,225 | ---- | C] () -- P:\Profile\All Users\Desktop\Nero StartSmart.lnk [2010.11.22 19:57:54 | 000,001,632 | ---- | C] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Windows Search.lnk [2010.11.22 19:18:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.11.21 18:21:06 | 000,773,120 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB [2010.11.21 18:05:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010.11.21 17:10:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.11.21 16:55:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.11.21 16:25:28 | 000,000,388 | ---- | C] () -- P:\Profile\Administrator\Desktop\Download.lnk [2010.11.21 12:50:19 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys [2010.11.19 00:13:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TempFile [2010.11.19 00:13:10 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\config.hsp [2010.11.19 00:13:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2010.11.19 00:13:07 | 000,021,760 | ---- | C] () -- C:\WINDOWS\System32\Mg16.dll [2010.11.19 00:13:06 | 000,040,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\mgnt.sys [2010.11.19 00:12:56 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL [2010.11.19 00:10:44 | 000,079,136 | ---- | C] () -- P:\Profile\All Users\Dokumente\Ford Teile.jpg [2010.11.18 23:16:04 | 000,000,581 | ---- | C] () -- P:\Profile\Administrator\Desktop\Microcat.lnk [2010.11.18 22:11:25 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax [2010.11.18 22:11:25 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax [2010.11.18 22:11:25 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax [2010.11.18 22:11:24 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax [2010.11.18 22:11:23 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax [2010.11.18 22:11:23 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax [2010.11.18 22:11:23 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax [2010.11.18 22:11:23 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax [2010.11.18 21:41:38 | 000,001,102 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.11.18 21:41:37 | 000,001,098 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.11.17 22:33:28 | 000,000,766 | -H-- | C] () -- P:\Profile\All Users\Dokumente\os013378.bin [2010.11.13 08:47:28 | 000,001,763 | ---- | C] () -- P:\Profile\Administrator\Desktop\Norton PartitionMagic.lnk [2010.11.09 23:24:53 | 000,007,168 | ---- | C] () -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.09 19:12:52 | 000,054,376 | ---- | C] () -- P:\Profile\Administrator\kobreport.txt [2010.11.09 19:12:52 | 000,005,180 | ---- | C] () -- P:\Profile\Administrator\kobdir.txt [2010.11.09 19:12:52 | 000,000,076 | ---- | C] () -- P:\Profile\Administrator\DoKobDir.bat [2010.11.09 18:41:14 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2010.11.09 18:13:25 | 000,000,663 | ---- | C] () -- P:\Profile\All Users\Desktop\WISO Mein Geld 2011.lnk [2010.11.07 17:51:21 | 000,134,016 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe [2010.11.06 13:22:02 | 000,000,537 | ---- | C] () -- P:\Profile\All Users\Desktop\µTorrent.lnk [2010.11.06 13:21:51 | 000,001,548 | ---- | C] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk [2010.11.05 21:52:53 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf [2010.11.04 18:37:05 | 000,000,599 | ---- | C] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Mousometer.lnk [2010.11.04 16:38:45 | 000,001,503 | ---- | C] () -- P:\Profile\Administrator\Desktop\CDBurnerXP.lnk [2010.11.04 16:38:44 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.04 16:31:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\WMTRAY.DLL [2010.11.04 15:44:15 | 000,000,611 | ---- | C] () -- P:\Profile\Administrator\Desktop\Firefox.lnk [2010.11.04 15:41:59 | 000,000,575 | ---- | C] () -- P:\Profile\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.04 15:41:51 | 000,001,593 | ---- | C] () -- P:\Profile\Administrator\Desktop\HijackThis.lnk [2010.11.04 15:10:39 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.11.04 15:02:06 | 000,000,223 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2010.11.04 15:01:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll [2010.11.04 15:01:23 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\LXBL.LOC [2010.11.04 15:01:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBLIH.EXE [2010.11.04 15:01:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL [2010.11.04 15:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE [2010.11.04 00:37:48 | 000,000,581 | ---- | C] () -- P:\Profile\Administrator\Desktop\CCleaner.lnk [2010.11.04 00:28:59 | 000,000,239 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.11.04 00:18:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2010.11.04 00:18:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.11.04 00:18:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2010.11.03 22:32:45 | 000,008,840 | ---- | C] () -- C:\WINDOWS\SEC1293.PNF [2010.11.03 22:20:25 | 000,002,948 | ---- | C] () -- C:\WINDOWS\SEC50.PNF [2010.11.03 20:40:44 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2010.11.03 20:40:33 | 000,079,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2010.11.03 20:40:08 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf [2010.11.03 20:40:06 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2010.11.03 20:40:06 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2010.11.03 20:40:06 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2010.11.03 20:40:06 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2010.11.03 20:40:06 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2010.11.03 20:40:06 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2010.11.03 20:40:06 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2010.11.03 20:40:06 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2010.11.03 20:40:06 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2010.11.03 20:40:06 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2010.11.03 20:40:06 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2010.11.03 20:40:06 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2010.11.03 20:40:05 | 000,002,524 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2010.11.03 20:39:56 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2010.11.03 20:39:56 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2010.11.03 20:39:56 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2010.11.03 20:39:56 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2010.11.03 20:39:56 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2010.11.03 20:39:55 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2010.11.03 20:39:55 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2010.11.03 20:39:55 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2010.11.03 20:39:55 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2010.11.03 20:39:55 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2010.11.03 20:39:55 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2010.11.03 20:39:54 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2010.11.03 20:39:54 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2010.11.03 20:39:53 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2010.11.03 20:39:52 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2010.11.03 20:39:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2010.11.03 20:39:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2010.11.03 20:39:52 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2010.11.03 20:39:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2010.11.03 20:39:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2010.11.03 20:39:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2010.11.03 20:39:52 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2010.11.03 20:39:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2010.11.03 20:39:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2010.11.03 20:39:52 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010.11.03 20:39:52 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2010.11.03 20:39:52 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2010.11.03 20:39:52 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2010.11.03 20:39:52 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2010.11.03 20:39:52 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2010.11.03 20:39:52 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2010.11.03 20:39:52 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2010.11.03 20:39:52 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2010.11.03 20:39:52 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2010.11.03 20:39:52 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2010.11.03 20:39:52 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2010.11.03 20:39:52 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2010.11.03 20:39:52 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2010.11.03 20:39:52 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2010.11.03 20:39:52 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2010.11.03 20:39:52 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2010.11.03 20:39:52 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2010.11.03 20:39:52 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2010.11.03 20:39:52 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2010.11.03 20:39:52 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2010.11.03 20:39:52 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2010.11.03 20:39:52 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2010.11.03 20:39:52 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2010.11.03 20:39:51 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2010.11.03 20:39:51 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2010.11.03 20:39:51 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2010.11.03 20:39:51 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2010.11.03 20:39:51 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl [2010.11.03 20:39:51 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl [2010.11.03 20:39:51 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl [2010.11.03 20:39:51 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl [2010.11.03 20:39:51 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl [2010.11.03 20:39:51 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2010.11.03 20:39:50 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl [2010.11.03 20:39:50 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl [2010.11.03 20:39:50 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl [2010.11.03 20:39:50 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl [2010.11.03 20:39:50 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl [2010.11.03 20:39:50 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl [2010.11.03 20:39:50 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl [2010.11.03 20:39:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl [2010.11.03 20:39:50 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl [2010.11.03 20:39:50 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl [2010.11.03 20:00:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2010.11.03 19:13:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.11.03 18:45:28 | 000,001,323 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2010.11.03 18:45:21 | 000,000,088 | ---- | C] () -- C:\WINDOWS\GridV.UNI [2010.11.03 18:41:34 | 000,000,079 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI [2010.11.03 18:31:04 | 000,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI [2010.11.03 18:31:03 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2005.03.09 12:28:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005.03.08 10:31:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.03.08 10:30:54 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2005.03.08 10:28:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005.03.07 23:47:14 | 000,201,552 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2005.03.07 23:30:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.03.04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2005.02.02 19:35:02 | 000,037,774 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [2001.07.06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini ========== LOP Check ========== [2010.11.06 13:02:19 | 000,000,000 | ---D | M] -- P:\Profile\Admin\Anwendungsdaten\TeamViewer [2010.11.09 18:15:45 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service [2010.11.09 18:15:32 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service GmbH [2010.11.20 18:44:40 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Canneverbe Limited [2010.11.13 08:54:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\DAEMON Tools Lite [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Foxit Software [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\LetsTrade [2010.11.22 12:15:04 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\TeamViewer [2010.11.23 11:40:10 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\UDC Profiles [2010.11.06 13:39:33 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\uTorrent [2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\WildPackets [2010.11.22 19:58:17 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Desktop Search [2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Search [2010.11.06 13:27:24 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.11.13 20:05:17 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\Canneverbe Limited [2010.11.06 13:27:24 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.11.19 00:23:55 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\MCADMIN [2010.11.07 09:59:27 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2010.11.23 15:17:56 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\Swiss Academic Software [2010.11.18 20:41:42 | 000,000,000 | ---D | M] -- P:\Profile\Gast\Anwendungsdaten\Windows Desktop Search [2010.11.14 12:16:24 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\Buhl Data Service GmbH [2010.11.06 13:07:39 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\TeamViewer [2010.11.06 19:22:00 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\Windows Desktop Search [2010.11.14 13:19:43 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\Windows Search [2010.11.06 13:20:17 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Buhl Data Service [2010.11.09 20:19:58 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Buhl Data Service GmbH [2010.11.13 20:05:18 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Canneverbe Limited [2010.11.07 12:53:15 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.11.13 23:26:07 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\DAEMON Tools Lite [2010.11.06 13:20:16 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\DataDesign [2010.11.07 10:58:36 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Foxit Software [2010.11.24 22:27:19 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\gtk-2.0 [2010.11.06 13:20:16 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\LetsTrade [2010.11.23 15:20:36 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Swiss Academic Software [2010.11.08 19:36:18 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\TeamViewer [2010.11.06 13:19:37 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Thunderbird [2010.11.23 11:41:00 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\UDC Profiles [2010.11.06 13:10:57 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\uTorrent [2010.11.06 13:10:55 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Windows Desktop Search [2010.11.08 22:09:50 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.07 16:50:18 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Adobe [2010.11.06 19:15:14 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Avira [2010.11.09 18:15:45 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service [2010.11.09 18:15:32 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service GmbH [2010.11.20 18:44:40 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Canneverbe Limited [2010.11.13 08:54:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\DAEMON Tools Lite [2010.11.09 23:24:52 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\DivX [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Foxit Software [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Help [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Identities [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\LetsTrade [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Logitech [2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Macromedia [2010.11.12 11:06:12 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Malwarebytes [2010.11.20 18:46:58 | 000,000,000 | --SD | M] -- P:\Profile\Administrator\Anwendungsdaten\Microsoft [2010.11.06 13:39:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla [2010.11.21 16:49:34 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Nero [2010.11.06 13:39:33 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Sun [2010.11.22 12:15:04 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\TeamViewer [2010.11.23 11:40:10 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\UDC Profiles [2010.11.06 13:39:33 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\uTorrent [2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\WildPackets [2010.11.22 19:58:17 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Desktop Search [2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Search [2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2010.06.08 15:48:10 | 032,969,920 | ---- | M] (fCoder Group, Inc. ) -- P:\Profile\Administrator\Anwendungsdaten\udc.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 05:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.11.04 15:10:40 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2005.03.07 23:22:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005.03.07 23:22:08 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005.03.07 23:22:06 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
29.11.2010, 21:18
| #12 |
| | FF öfnet Tabs und Google verlinkt auf attackierende Seiten EXTRAS Code:
ATTFilter OTL Extras logfile created on: 29.11.2010 20:12:38 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
958,00 Mb Total Physical Memory | 555,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): X:\pagefile.sys 1500 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 15,00 Gb Total Space | 5,64 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 10,54 Gb Free Space | 70,27% Space Free | Partition Type: NTFS
Drive P: | 50,00 Gb Total Space | 16,26 Gb Free Space | 32,52% Space Free | Partition Type: NTFS
Drive X: | 5,23 Gb Total Space | 3,61 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
Computer Name: ACER3000 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Java\jre6\bin\javaw.exe" = D:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Programme\uTorrent\uTorrent.exe" = D:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Programme\Google\Google Earth\plugin\geplugin.exe" = D:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECA0079-088F-4E69-B66A-65D5E687B092}" = KOBIL Chipkartenterminal Treiber V2.2s Build: 20090625.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B9289B87-B17E-4C45-81F3-A82EAF83F24B}" = Microcat For Ford (Europe)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Password Unmask 2.0" = Password Unmask 2.0
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"RunAsAdmin" = RunAsAdmin
"SB_ClipboardPath" = ClipboardPath
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tag&Rename_is1" = Tag&Rename 3.5.7
"TeamViewer 5" = TeamViewer 5
"Tweak UI 2.10" = Tweak UI
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"uTorrent" = µTorrent
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.11.2010 11:12:06 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 29.11.2010 12:13:48 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 29.11.2010 12:50:07 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 29.11.2010 13:28:33 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 29.11.2010 13:48:43 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
module mg.exe, version 12.1.0.36, stamp 4c90ea1d, debug? 0, fault address 0x00005114.
Error - 29.11.2010 14:28:07 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 29.11.2010 14:32:43 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0, fault address
0x00012afb.
Error - 29.11.2010 14:42:29 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0, fault address
0x00012afb.
Error - 29.11.2010 15:07:58 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
module mg.exe, version 12.1.0.36, stamp 4c90ea1d, debug? 0, fault address 0x00005114.
Error - 29.11.2010 15:09:47 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
[ System Events ]
Error - 27.11.2010 07:37:37 | Computer Name = ACER3000 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
Error - 27.11.2010 13:13:44 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.11.2010 15:33:57 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst stisvc.
Error - 28.11.2010 16:15:52 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.11.2010 17:17:43 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 28.11.2010 17:43:11 | Computer Name = ACER3000 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 28.11.2010 17:44:40 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.11.2010 17:44:40 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
gagp30kx
Error - 28.11.2010 18:01:53 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.11.2010 18:18:14 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
30.11.2010, 12:13
| #13 |
| /// Malware-holic | FF öfnet Tabs und Google verlinkt auf attackierende Seiten ok erst mal folgendes: lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.11.2010, 19:36
| #14 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| | FF öfnet Tabs und Google verlinkt auf attackierende Seiten hi ich hab mir mal die Mühe gemacht diese Liste auch übersichtlich zu gestallten  Sortiert nach Auswahl Achja, da mein Rechner eh neu aufgesetzt wurde, ist die Liste relativ übersichtlich
|
|
30.11.2010, 20:50
| #15 |
| /// Malware-holic | FF öfnet Tabs und Google verlinkt auf attackierende Seiten ich sehe hier ja nen card reader, machst du banking /einkäufe?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu FF öfnet Tabs und Google verlinkt auf attackierende Seiten |
| administrator, antivir, antivir meldet, attackierende, avira, benutzer, besuch, besucht, cache, code, einstellungen, entdeck, entdeckt, firefox, gen, google, infos, kurze, lokale, mehrere user, melde, meldet, mozilla, phänomen, profile, rechte, seite, seiten |
Linear-Darstellung
