|
Plagegeister aller Art und deren Bekämpfung: 20 Tan Trojaner SparkasseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.02.2011, 17:02 | #1 |
| 20 Tan Trojaner Sparkasse Hallo Trojaner Team, System: Windows 7 Home Premium Microsoft Security Essentials anfangs hatte ich nur das Problem des 20 Tan Trojaners der Sparkasse den habe ich jetzt nach mehreren suchläufen von Malwarebytes, Combofix, TDSSkiller usw entfernen können nun stoße ich allerdings auf ein neues Problem was mich vermuten lässt das der Trojaner/Virus noch nicht ganz gelöscht wurde. Wenn ich das Programm Dr. Web Cure It starte wird es sofort beendet was allerdings im Abgesicherten Modus nicht passiert. GMER: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2011-02-01 16:41:56 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 Running: s9zxcfmn.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\kwtyapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\dwprot.sys ZwAllocateVirtualMemory [0xAA0BE088] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThread [0xAA0BF1E0] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThreadEx [0xAA0BF2B6] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwFreeVirtualMemory [0xAA0BE306] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThread [0xAA0BF2E2] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThreadEx [0xAA0BF308] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSetContextThread [0xAA0BF32E] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwWriteVirtualMemory [0xAA0BE416] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E4A599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E6EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82E7674C 4 Bytes [88, E0, 0B, AA] .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82E7685C 8 Bytes [E0, F1, 0B, AA, B6, F2, 0B, ...] {LOOPNZ 0xfffffffffffffff3; OR EBP, [EDX-0x55f40d4a]} .text ntkrnlpa.exe!RtlSidHashLookup + 3FC 82E7690C 4 Bytes [06, E3, 0B, AA] {PUSH ES; JECXZ 0xe; STOSB } .text ntkrnlpa.exe!RtlSidHashLookup + 624 82E76B34 8 Bytes [E2, F2, 0B, AA, 08, F3, 0B, ...] {LOOP 0xfffffffffffffff4; OR EBP, [EDX-0x55f40cf8]} .text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82E76BF0 4 Bytes [2E, F3, 0B, AA] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E1F000, 0x349D76, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AA054000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AA054123 629 Bytes [F5, 04, AA, FE, 05, 34, F5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 AA054399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F AA0543FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B AA0544AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ? system32\drivers\dwprot.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Anwender\Desktop\Tools\974trq45.exe[888] USER32.dll!NotifyWinEvent + 48B 76D5F724 4 Bytes [C2, 0C, 0E, 00] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [66E411EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\tdx \Device\Tcp dwprot.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy11 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy11 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy12 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy12 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy13 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy13 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy20 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy20 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy14 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy14 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy21 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy21 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy15 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy15 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy22 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy22 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy16 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy16 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy23 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy23 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\tdx \Device\Udp dwprot.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy17 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy17 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy24 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy24 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy30 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy30 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\tdx \Device\RawIp dwprot.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy18 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy18 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy25 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy25 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy31 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy31 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy19 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy19 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy26 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy26 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy32 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy32 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy27 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy27 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy33 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy33 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy40 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy40 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy28 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy28 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy34 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy34 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy41 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy41 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy29 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy29 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy35 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy35 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy42 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy42 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy36 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy36 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy43 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy43 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy37 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy37 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy44 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy44 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy38 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy38 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy45 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy45 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy39 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy39 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat dwprot.sys ---- Threads - GMER 1.0.15 ---- Thread System [4:2496] AA061F2E ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter OTL logfile created on: 01.02.2011 16:42:53 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Anwender\Desktop\Tools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 439,45 Gb Total Space | 329,67 Gb Free Space | 75,02% Space Free | Partition Type: NTFS Drive D: | 492,06 Gb Total Space | 484,50 Gb Free Space | 98,46% Space Free | Partition Type: NTFS Drive E: | 112,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 995,70 Mb Total Space | 942,23 Mb Free Space | 94,63% Space Free | Partition Type: FAT Computer Name: PCMERTENS | User Name: Anwender | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Anwender\Desktop\Tools\974trq45.exe () PRC - C:\Users\Anwender\Desktop\Tools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) ========== Modules (SafeList) ========== MOD - C:\Users\Anwender\Desktop\Tools\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe () SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (APUpdService) -- C:\Windows\System32\APUpdService.exe (cobra GmbH) SRV - (McAfeeFramework) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.) SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (DwProt) -- File not found DRV - (MxlW2k) -- C:\Windows\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (arusb_win7) -- C:\Windows\System32\drivers\arusb_win7.sys (Atheros Communications, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (Monfilt) -- C:\Windows\System32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\Windows\System32\drivers\Ambfilt.sys (Creative) DRV - (ati2mtag) -- C:\Windows\System32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AFS2K) -- C:\Windows\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (tdrpman) -- C:\Windows\system32\DRIVERS\tdrpman.sys (Acronis) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\System32\drivers\A3AB.sys (D-Link Corporation) DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.sys (Logitech) DRV - (LKbdFlt2) -- C:\Windows\System32\drivers\LKbdFlt2.sys (Logitech) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.17 09:06:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.20 12:06:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.20 12:06:36 | 000,000,000 | ---D | M] [2010.12.04 16:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions [2010.11.02 15:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.12.04 16:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\r79v0m5j.default\extensions [2010.12.04 16:29:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\r79v0m5j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.04 16:29:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\r79v0m5j.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.12.20 12:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.12.04 15:52:45 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.01 15:50:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.11.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.01 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.02.01 16:01:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.02.01 16:01:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.02.01 15:55:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.02.01 15:01:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.02.01 15:01:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.02.01 15:01:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.02.01 15:01:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.02.01 11:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.02.01 11:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.02.01 10:45:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.31 19:32:17 | 000,000,000 | ---D | C] -- C:\Users\Anwender\DoctorWeb [2011.01.31 17:33:24 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Tools [2011.01.31 17:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2011.01.31 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Visd3d [2011.01.28 18:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011.01.28 18:24:42 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.01.18 14:57:11 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Local\ApplicationHistory [2011.01.18 13:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2011.01.12 09:21:20 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 09:21:02 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.12 09:21:02 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.12 09:21:02 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.01.12 09:21:02 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.12 09:21:02 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.12 09:21:01 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011.01.12 09:21:01 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.12 09:21:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.12 09:21:01 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011.01.12 09:21:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.12 09:21:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.12 09:21:01 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.08 12:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011.01.06 18:38:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.01.05 12:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.01.05 12:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.07.26 09:41:18 | 000,822,296 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayerSP115_de.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.01 16:43:59 | 000,684,182 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.01 16:43:59 | 000,641,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.01 16:43:59 | 000,143,110 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.01 16:43:59 | 000,117,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.01 16:19:34 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.01 16:19:34 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.01 16:18:55 | 000,007,597 | ---- | M] () -- C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg [2011.02.01 16:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.01 16:12:08 | 276,947,333 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.02.01 16:12:05 | 2408,931,328 | -HS- | M] () -- C:\hiberfil.sys [2011.02.01 15:50:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.02.01 11:48:10 | 000,001,182 | ---- | M] () -- C:\Users\Anwender\Desktop\Spybot - Search & Destroy.lnk [2011.01.31 17:41:35 | 000,000,921 | ---- | M] () -- C:\Users\Anwender\Desktop\CCleaner.lnk [2011.01.31 13:50:00 | 000,054,272 | ---- | M] () -- C:\Users\Anwender\Desktop\Bestandsliste Bikes alt.xls [2011.01.28 18:26:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.01.26 10:56:00 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job [2011.01.18 14:57:11 | 000,000,096 | ---- | M] () -- C:\Users\Anwender\AppData\Local\fusioncache.dat [2011.01.18 13:47:48 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.01.11 14:29:59 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk [2011.01.10 16:04:23 | 000,025,088 | ---- | M] () -- C:\Users\Anwender\Desktop\PRIVATVERKAUF.doc [2011.01.05 13:58:29 | 000,002,687 | ---- | M] () -- C:\Users\Anwender\Desktop\Lexware buchh.2011.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.01 16:12:08 | 276,947,333 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.02.01 15:01:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.02.01 15:01:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.02.01 15:01:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.02.01 15:01:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.02.01 15:01:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.02.01 11:48:10 | 000,001,182 | ---- | C] () -- C:\Users\Anwender\Desktop\Spybot - Search & Destroy.lnk [2011.01.31 17:41:34 | 000,000,921 | ---- | C] () -- C:\Users\Anwender\Desktop\CCleaner.lnk [2011.01.31 17:27:46 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.01.31 13:50:00 | 000,054,272 | ---- | C] () -- C:\Users\Anwender\Desktop\Bestandsliste Bikes alt.xls [2011.01.28 18:26:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.01.18 14:57:11 | 000,000,096 | ---- | C] () -- C:\Users\Anwender\AppData\Local\fusioncache.dat [2011.01.18 13:47:48 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.01.10 16:04:22 | 000,025,088 | ---- | C] () -- C:\Users\Anwender\Desktop\PRIVATVERKAUF.doc [2011.01.05 13:58:29 | 000,002,687 | ---- | C] () -- C:\Users\Anwender\Desktop\Lexware buchh.2011.lnk [2011.01.05 12:43:42 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk [2010.12.19 15:07:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.12.19 15:07:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.12.19 14:58:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2010.12.19 14:55:55 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.12.12 13:22:05 | 000,003,584 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.10 15:36:24 | 000,007,597 | ---- | C] () -- C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg [2010.12.07 11:34:13 | 000,000,031 | ---- | C] () -- C:\Windows\warhead.ini [2010.11.03 09:32:42 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.10.21 14:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010.08.26 15:37:53 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.08.24 16:48:40 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2009.12.30 20:38:13 | 000,000,031 | ---- | C] () -- C:\Windows\APSqlServerUI.INI [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.07.23 15:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\BH_DATA110VC8.dll [2008.03.03 17:31:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008.02.05 22:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Anwender\AppData\Local\setup.txt [2007.11.15 08:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007.10.26 08:43:37 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2007.03.07 21:28:32 | 000,000,126 | ---- | C] () -- C:\Windows\APDatabaseUI.INI [2007.01.20 10:27:33 | 000,000,064 | ---- | C] () -- C:\Windows\RestorePath.ini [2006.11.04 23:16:26 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006.10.25 10:00:19 | 000,016,384 | ---- | C] () -- C:\Windows\System32\WINKRNME.DLL [2006.10.25 09:34:23 | 000,000,087 | ---- | C] () -- C:\Windows\VSWizard.ini [2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2006.01.15 16:06:03 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2006.01.15 16:06:02 | 000,303,104 | ---- | C] () -- C:\Windows\System32\LxImport50VC7.dll [2006.01.15 16:06:02 | 000,217,088 | ---- | C] () -- C:\Windows\System32\LxImport40VC7.dll [2006.01.15 16:06:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PXTToolVC7.dll [2006.01.12 11:05:15 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2006.01.12 11:05:15 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2005.04.16 08:22:20 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI [2005.01.22 12:41:44 | 000,000,021 | ---- | C] () -- C:\Windows\Pcbh32.INI [2005.01.22 12:07:34 | 000,000,019 | ---- | C] () -- C:\Windows\LxRegi.INI [2005.01.20 16:31:07 | 000,003,306 | ---- | C] () -- C:\Windows\tm.ini [2005.01.16 16:48:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL [2005.01.16 16:48:43 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll [2005.01.16 16:48:43 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll [2005.01.16 16:48:43 | 000,015,627 | ---- | C] () -- C:\Windows\System32\WBROLLRS.DLL [2005.01.16 16:48:42 | 000,237,623 | ---- | C] () -- C:\Windows\System32\dnt26.dll [2005.01.16 16:48:42 | 000,233,527 | ---- | C] () -- C:\Windows\System32\dnt25.dll [2005.01.16 16:48:42 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll [2005.01.16 16:48:42 | 000,221,239 | ---- | C] () -- C:\Windows\System32\dnt24.dll [2005.01.16 16:48:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2005.01.16 16:48:42 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc26.dll [2005.01.16 16:48:42 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc25.dll [2005.01.16 16:48:42 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc24.dll [2005.01.16 16:48:42 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2005.01.16 16:48:42 | 000,073,785 | ---- | C] () -- C:\Windows\System32\dntvm26.dll [2005.01.16 16:48:42 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm25.dll [2005.01.16 16:48:42 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm24.dll [2005.01.16 16:48:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PXTTool.dll [2005.01.16 16:48:42 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2005.01.16 16:48:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\FKStampPainter.dll [2005.01.16 16:48:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL [2005.01.16 16:48:40 | 000,196,688 | ---- | C] () -- C:\Windows\System32\LxImport40.dll [2005.01.16 16:48:40 | 000,102,458 | ---- | C] () -- C:\Windows\System32\LXDasi20.dll [2005.01.08 11:42:29 | 000,561,152 | R--- | C] () -- C:\Windows\System32\hpotscl.dll [2005.01.06 18:49:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2004.12.23 14:33:27 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2004.12.23 09:24:08 | 000,000,831 | ---- | C] () -- C:\Windows\wincmd.ini [2004.12.22 19:15:08 | 000,003,258 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2004.12.22 19:15:05 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2004.12.22 18:38:05 | 000,004,359 | ---- | C] () -- C:\Windows\ODBCINST.INI [2004.05.06 14:07:32 | 000,241,664 | ---- | C] () -- C:\Windows\System32\dnt26VC7.dll [2004.05.06 14:05:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc26VC7.dll [2004.05.06 14:04:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dntvm26VC7.dll [2001.02.14 16:09:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CHFXGer.dll ========== LOP Check ========== [2010.12.04 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Acronis [2007.11.15 08:16:24 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\DassaultSystemes [2010.05.03 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\FinalMediaPlayer [2010.12.04 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Haufe [2010.12.06 21:26:37 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Leadertech [2011.01.28 13:20:56 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Lexware [2010.12.04 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OD2 [2010.12.04 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\PTV AG [2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Samsung [2010.12.19 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\ScanSoft [2010.12.07 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\TeamViewer [2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\TomTom [2011.01.31 11:25:00 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Visd3d [2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\WholeSecurity [2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wireshark [2010.12.19 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Zeon [2009.07.14 05:53:46 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.02.2011 16:42:53 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Anwender\Desktop\Tools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 439,45 Gb Total Space | 329,67 Gb Free Space | 75,02% Space Free | Partition Type: NTFS Drive D: | 492,06 Gb Total Space | 484,50 Gb Free Space | 98,46% Space Free | Partition Type: NTFS Drive E: | 112,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 995,70 Mb Total Space | 942,23 Mb Free Space | 94,63% Space Free | Partition Type: FAT Computer Name: PCMERTENS | User Name: Anwender | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\PROGRA~1\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger "C:\Programme\Haufe\iDesk\iDeskService\pythonw.exe" = C:\PROGRA~1\Haufe\iDesk\iDeskService\pythonw.exe:*:Enabled:pythonw "C:\Programme\IncrediMail\bin\IMApp.exe" = C:\PROGRA~1\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail "C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\PROGRA~1\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail "C:\Programme\IncrediMail\bin\IncMail.exe" = C:\PROGRA~1\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail "C:\Programme\iTunes\iTunes.exe" = C:\PROGRA~1\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\KOCH Media\Schiffe versenken\SeaWar.exe" = C:\PROGRA~1\KOCH Media\Schiffe versenken\SeaWar.exe:*:Disabled:SeaWar 2 -- (Tavex) "C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\PROGRA~1\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{06604771-5346-492A-93C1-486B6CCD10AD}" = MP3 Player "{12B09031-A7E1-43B1-AC8C-A202B676B556}" = RemoteCapture 2.7.3 "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{1632C6D2-EDA8-4BA3-8CA3-74742C6EE3F5}" = Lexware Elster "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support "{18F1608A-C505-4FAC-9740-A607D02656E3}" = Radrouting 4.0 "{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3 "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21C1E6B6-8796-4EEE-ACF3-F318CEFC257C}" = Lexware buchhalter 2006 "{26866243-CFFE-49C8-9546-3C6918CF8AB7}" = Lexware buchhalter 2007 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{31A65C5A-73BF-AEE0-082D-1B6C0B9ACF31}" = AMD Drag and Drop Transcoding "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{362BFFCD-8274-11D8-97C8-000129760CBE}" = MediaLife "{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater "{3C2DE16D-F677-4F88-8B6A-31B7F3907B23}" = Lexware buchhalter 2007 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer "{4449B83C-1257-4355-8F3E-71280E922B5F}" = Intel(R) Network Connections 14.7.31.0 "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox "{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver "{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager "{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility "{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins "{641FE800-650B-4E99-A304-9D50E7235BAF}" = Topo Deutschland v2 "{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver "{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50 "{6F8A93F7-40A8-486D-B9C2-545F568D50B3}" = Lexware buchhalter 2007 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76C4DAB3-F63A-498F-8645-1E8D6B3EC543}" = Lexware info service aktualisierung 2006 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer "{8018AD38-3EBB-A031-D4F8-EF6A5952F168}" = ATI Catalyst Install Manager "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0 "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack "{86C5FBB1-83D3-4E79-B60C-FB43BF003AE9}" = Lexware know how buchhaltung "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{91340052-10BA-4BAC-AC37-B1C04DCE9B59}" = Rad.RoutenPlaner. 6.0 "{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}" = Haufe Formular-Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9762315F-29C6-488C-98D4-80CDE3418102}" = Lexware buchhalter 2006 "{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = File Viewer Utility 1.3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service "{A5D942B1-E0C7-4AC7-8C2A-E4FD446BD3E2}" = cobra Component Update 02 "{A78119C8-BA61-4BA8-A189-5E667D781248}" = Lexware buchhalter 2005 "{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B6C39270-57A2-46F6-96A1-C73EC1503552}" = Lexware buchhalter plus 2005 "{B8464788-07B3-4760-9D5D-803080D74119}" = Lexware buchhalter 2007 "{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10 "{C1C241EF-B082-405D-9DDE-12D9ADD0444D}" = .NET Utilities "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D4C60C60-C284-4364-A054-89D45AC9CDAE}" = Lexware buchhalter 2005 "{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = CIG "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4877B2E-B268-46C7-9F4F-BE56EC8ED41E}" = Lexware kundenmanager 2006 "{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite "{F49F760A-05DD-4424-BE2B-E084B9FDA9C0}" = Lexware buchhalter 2006 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008 "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "2E1BB806D62AF5E83453BEC215BB32B42DD4F944" = Windows-Treiberpaket - MegaWin (BULKUSB) USB "A70_is1" = PC Sport 2008 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ATI Display Driver" = ATI Display Driver "Biketax" = Biketax "Carrera Streckenplaner_is1" = Carrera Streckenplaner "CCleaner" = CCleaner "DC4B79E4E21517EFB0EEF5FE7725D0A37603406F" = Windows-Treiberpaket - VDO/PCS (BULKUSB) USB "FinalMediaPlayer_is1" = Final Media Player 2010 "Formular-Manager" = Haufe Formular-Manager "FreePDF_XP" = FreePDF XP (Remove only) "GPL Ghostscript 9.00" = GPL Ghostscript 9.00 "HaufeReader" = HaufeReader "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{12B09031-A7E1-43B1-AC8C-A202B676B556}" = Canon Utilities RemoteCapture 2.7 "InstallShield_{18F1608A-C505-4FAC-9740-A607D02656E3}" = Radrouting 4.0 "InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "InstallShield_{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = Canon Utilities File Viewer Utility 1.3 "InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = Canon Internet Library for ZoomBrowser EX "InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1 "khb_bh" = Lexware know how buchhaltung "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "PhotoRecord" = Canon PhotoRecord "PROSetDX" = Intel(R) Network Connections 14.7.31.0 "RealPlayer 12.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Schiffe versenken" = Schiffe versenken "sp6" = Logitech SetPoint 6.20 "TeamViewer 6" = TeamViewer 6 "TomTom HOME" = TomTom HOME 2.7.6.2056 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinPcapInst" = WinPcap 4.0.2 "WinZip" = WinZip "Wireshark" = Wireshark 1.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:57:19, on 01.02.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe C:\Program Files\PDF24\pdf24.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Anwender\Desktop\Tools\HijackThis.exe C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe C:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\PROGRA~1\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\PROGRA~1\Java\jre6\lib\deploy\jqs\ie\JQS_PL~1.DLL O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\PROGRA~1\Acronis\TRUEIM~1\TIMOUN~1.EXE O4 - HKLM\..\Run: [FreePDF Assistant] C:\PROGRA~1\FREEPD~1\fpassist.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\PROGRA~1\Acronis\TRUEIM~1\TRUEIM~2.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O8 - Extra context menu item: &eBay Search - res://C:\PROGRA~1\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: APUpdService - cobra GmbH - C:\WINDOWS\system32\APUpdService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 6942 bytes |
01.02.2011, 21:00 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 20 Tan Trojaner SparkasseZitat:
__________________ |
02.02.2011, 08:16 | #3 |
| 20 Tan Trojaner Sparkasse naja da ich erst nach meinen vergeblichen versuchen den rest zu entfernen auf eure seite gestoßen bin sag ich jetzt einfach mal es war zu spät
__________________sind die logs dennnoch hilfreich oder nun total unbrauchbar? |
02.02.2011, 11:19 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 20 Tan Trojaner Sparkasse Wieso postest du wenigstens nicht mal die Logs von TDSS-Killer, CF und so wenn du es schon ausgeführt hast Wurde Malwarebytes schon ausgeführt? Wenn ja davon auch alle Logs posten, die im Reiter Logdateien sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu 20 Tan Trojaner Sparkasse |
bho, bonjour, canon, combofix, corp./icp, desktop, entfernen, error, excel, firefox, flash player, fontcache, format, google earth, home, homepage, kunde, location, locker, logfile, mozilla, mp3, nodrives, nvstor.sys, object, oldtimer, otl.exe, plug-in, problem, programdata, programm, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, software, staropen, start menu, studio, system restore, taskhost.exe, trojaner, trojaner/virus, visual studio, windows internet |