| gr.nagus | 02.07.2012 11:18 |
mor.exe von Norton isoliert/entfernt - weitere Aktion erforderlich?
Hallo,
heute bekam ich beim Surfen eine Meldung von der Norton Internetsecurity:
____________________________ ____________________________
Auf Computern ab 02.07.2012 um 10:27:04
Zuletzt verwendet 02.07.2012 um 10:27:04
Start-Element Nein
Gestarted Ja
____________________________
____________________________
Sehr wenige Benutzer
Weniger als 5 Benutzer in der Norton Community haben diese Datei verwendet.
____________________________
Sehr neu
Diese Datei wurde vor weniger als 1 Woche veröffentlicht.
____________________________
Hoch
Das Risiko dieser Datei ist hoch.
____________________________
Bedrohungsdetails
SONAR-Schutz überwacht Ihren Computer auf verdächtige Programmaktivitäten.
____________________________
Quelldatei:
zipper.exe
Datei erstellt:
java.exe
Datei erstellt:
mor.exe
____________________________
Dateiaktionen
Infizierte Datei: j:\dokumente und einstellungen\kuschelbär\lokale einstellungen\temp\mor.exe
entfernt
____________________________
Netzwerkaktionen
Ereignis: Netzwerkaktivität (Ausgeführt von j:\dokumente und einstellungen\kuschelbär\lokale einstellungen\temp\mor.exe, PID:2832)
Keine Aktion unternommen
____________________________
Systemeinstellungsaktionen
Ereignis: Prozessstart (Ausgeführt von j:\dokumente und einstellungen\kuschelbär\lokale einstellungen\temp\mor.exe, PID:2832)
Keine Aktion unternommen
____________________________
Dateiabdruck - SHA:
7ff9ba4fc299cbc6fb4e9a986b1f26b45997d4620684e10d929bbef4db6aff90
____________________________
Dateiabdruck - MD5:
099fa8fd3b40b78a954287ed2f692ad5
____________________________
Norton sagt das keine weitere Aktion erforderlich ist. Ich traue der Sache aber nicht wirklich. Die Angaben zum Status ist in der Übersicht "isoliert" und in den Details steht "entfernt". Was trift jetzt zu? Ist der Bösewicht noch auf der Festplatte und kann er vielleicht wieder ausbrechen?
Anschließend habe ich mit Norton einen vollständigen Systemscan ausgeführt, bei dem aber keinen Bedrohungen gefunden wurden.
Danach habe ich Malwarebytes installiert, aktualisiert und einen vollständigen Systemscan ausgeführt, bei dem ein paar Sachen gefunden wurden, die ich dann gelöscht habe: Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.07.02.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kuschelbär :: KUSCHELBAER [Administrator]
Schutz: Aktiviert
02.07.2012 10:57:48
mbam-log-2012-07-02 (10-57-48).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 404958
Laufzeit: 27 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\SeekService Service (Adware.SeekService) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
J:\Programme\SeekService (Adware.SeekService) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 2
J:\Dokumente und Einstellungen\Kuschelbär\Eigene Dateien\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer-portable.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
J:\Dokumente und Einstellungen\Kuschelbär\Eigene Dateien\Downloads\ADLSoft_UnCompressor_v2.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Anschließend habe ich wie verlangt den Rechner neu gestartet und noch mal einen ergebnislosen Quickscan mit Malwarebytes durchgeführt.
Muss ich jetzt noch etwas tun wegen der mor.exe? Was ist mit dieser java.exe die laut Norton auch erstellt wurde?
Vielen Dank für eure Hilfe!
Gruß
gr.nagus
So hier sind noch die Logfiles:
OTL:OTL Logfile: Code:
OTL logfile created on: 02.07.2012 13:13:36 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = J:\Dokumente und Einstellungen\Kuschelbär\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 70,02% Memory free
8,34 Gb Paging File | 7,25 Gb Available in Paging File | 87,02% Paging File free
Paging file location(s): J:\pagefile.sys 2046 4092K:\pagefile.sys 0 0 [binary data]
%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Programme
Drive C: | 5,90 Gb Total Space | 4,76 Gb Free Space | 80,71% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,06 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
Drive E: | 39,01 Gb Total Space | 2,91 Gb Free Space | 7,45% Space Free | Partition Type: NTFS
Drive F: | 27,46 Gb Total Space | 24,29 Gb Free Space | 88,44% Space Free | Partition Type: NTFS
Drive G: | 35,64 Gb Total Space | 24,75 Gb Free Space | 69,44% Space Free | Partition Type: NTFS
Drive I: | 3,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 29,79 Gb Total Space | 4,17 Gb Free Space | 13,99% Space Free | Partition Type: NTFS
Drive K: | 14,90 Gb Total Space | 11,53 Gb Free Space | 77,41% Space Free | Partition Type: NTFS
Drive L: | 21,05 Gb Total Space | 8,79 Gb Free Space | 41,75% Space Free | Partition Type: NTFS
Computer Name: KUSCHELBAER | User Name: Kuschelbär | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.02 13:12:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- J:\Dokumente und Einstellungen\Kuschelbär\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.06.26 22:08:10 | 000,400,352 | ---- | M] (Mozilla Messaging) -- J:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.06.25 00:07:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- J:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- J:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- J:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- J:\Programme\Norton 360\Engine\6.2.1.5\ccsvchst.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- J:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.04 08:49:40 | 000,099,896 | R--- | M] (HP) -- J:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.12.02 19:40:40 | 000,068,136 | ---- | M] () -- J:\Programme\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2009.11.20 15:14:02 | 000,245,760 | ---- | M] (Marvell) -- J:\Programme\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
PRC - [2009.08.02 06:43:30 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- J:\WINDOWS\system32\LGScsiCommandService.exe
PRC - [2008.06.24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- J:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.06.24 17:05:56 | 000,537,896 | ---- | M] (Nero AG) -- J:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
PRC - [2008.06.18 12:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- J:\WINDOWS\SoundMan.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\explorer.exe
PRC - [2007.10.11 16:20:14 | 000,114,688 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2007.10.11 16:19:44 | 000,308,224 | ---- | M] (Portrait Displays, Inc) -- J:\Programme\Portrait Displays\forteManager\dthtml.exe
PRC - [2007.10.11 16:17:48 | 000,065,536 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007.10.11 16:17:02 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe
PRC - [2007.06.29 06:17:56 | 000,520,192 | ---- | M] () -- J:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2006.12.28 15:05:14 | 000,196,608 | ---- | M] () -- J:\Programme\OCZ Technology\Mouse\Amoumain.exe
PRC - [2006.12.08 22:10:58 | 000,507,904 | ---- | M] (FinePrint Software, LLC) -- J:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2005.11.03 12:09:50 | 000,126,976 | ---- | M] (Saitek) -- J:\Programme\Saitek\Software\SaiMfd.exe
PRC - [2005.10.18 15:34:08 | 000,163,840 | ---- | M] (Saitek) -- J:\Programme\Saitek\Software\ProfilerU.exe
PRC - [2004.12.14 03:12:46 | 000,196,608 | ---- | M] (Adobe Systems Incorporated.) -- J:\Programme\Adobe\Acrobat 7.0\Distillr\acrodist.exe
PRC - [2004.12.14 03:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- J:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.26 22:08:14 | 001,977,312 | ---- | M] () -- J:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2012.06.26 22:08:13 | 000,162,784 | ---- | M] () -- J:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.06.26 22:08:13 | 000,021,984 | ---- | M] () -- J:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.06.25 00:07:31 | 002,042,848 | ---- | M] () -- J:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.23 11:54:28 | 009,459,912 | ---- | M] () -- J:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2011.01.11 01:25:48 | 000,096,112 | ---- | M] () -- J:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- J:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.12.02 19:40:40 | 000,068,136 | ---- | M] () -- J:\Programme\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2009.11.20 15:48:58 | 000,176,128 | R--- | M] () -- J:\WINDOWS\system32\m1210nwia.dll
MOD - [2009.11.20 14:42:08 | 000,163,840 | ---- | M] () -- J:\WINDOWS\system32\HPM1210LM.DLL
MOD - [2009.11.20 14:42:08 | 000,069,632 | ---- | M] () -- J:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll
MOD - [2009.05.07 03:38:14 | 000,020,480 | R--- | M] () -- J:\WINDOWS\system32\SendScsiCmd.dll
MOD - [2009.03.13 11:30:44 | 000,109,096 | ---- | M] () -- J:\Programme\GIGABYTE\EnergySaver\ycc.dll
MOD - [2007.10.11 16:20:14 | 000,114,688 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe
MOD - [2007.10.11 16:17:54 | 000,167,936 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DThook.dll
MOD - [2007.10.11 16:17:48 | 000,077,824 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\CC\gui.dll
MOD - [2007.10.11 16:17:48 | 000,065,536 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
MOD - [2007.10.11 16:16:58 | 000,102,400 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007.06.29 06:17:56 | 000,520,192 | ---- | M] () -- J:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007.02.09 03:22:52 | 000,022,723 | ---- | M] () -- J:\WINDOWS\system32\ml163sl3.dll
MOD - [2006.12.28 15:05:14 | 000,196,608 | ---- | M] () -- J:\Programme\OCZ Technology\Mouse\Amoumain.exe
MOD - [2006.12.28 06:00:10 | 000,098,304 | ---- | M] () -- J:\Programme\OCZ Technology\Mouse\Amoures.dll
MOD - [2006.12.28 05:59:48 | 000,032,768 | ---- | M] () -- J:\WINDOWS\system32\Amhooker.dll
MOD - [2006.11.27 06:13:32 | 000,028,672 | ---- | M] () -- J:\Programme\OCZ Technology\Mouse\Setuphk.dll
MOD - [2005.10.18 15:30:14 | 000,077,824 | ---- | M] () -- J:\Programme\Saitek\Software\SAILNKU.dll
MOD - [2005.10.18 15:24:32 | 000,147,456 | ---- | M] () -- J:\Programme\Saitek\Software\SAICFG.dll
MOD - [2004.12.14 04:28:26 | 001,212,416 | ---- | M] () -- J:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
MOD - [2004.11.17 16:49:06 | 004,603,904 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\qt-mt332.dll
MOD - [2004.05.11 15:51:56 | 000,798,720 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\libeay32.dll
MOD - [2004.05.11 15:51:56 | 000,155,648 | ---- | M] () -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\ssleay32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- J:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2012.06.25 00:07:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- J:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.23 11:54:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- J:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- J:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- J:\Programme\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2009.12.04 08:49:40 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- J:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.12.02 19:40:40 | 000,068,136 | ---- | M] () [Auto | Running] -- J:\Programme\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2009.11.20 15:14:02 | 000,245,760 | ---- | M] (Marvell) [Auto | Running] -- J:\Programme\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV - [2009.08.02 06:43:30 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- J:\WINDOWS\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2009.05.13 00:35:56 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- J:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.03.05 20:24:32 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- J:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.06.24 17:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Running] -- J:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.10.11 16:20:14 | 000,114,688 | ---- | M] () [Auto | Running] -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2007.10.11 16:17:48 | 000,065,536 | ---- | M] () [Auto | Running] -- J:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006.12.08 22:10:58 | 000,507,904 | ---- | M] (FinePrint Software, LLC) [Auto | Running] -- J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe -- (FinePrint Dispatcher v5)
SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- J:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- J:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.07.02 13:11:02 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- J:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012.06.19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.06.18 20:26:27 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120629.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.05.31 16:45:18 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- J:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.31 16:45:18 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- J:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.16 19:25:35 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120701.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 19:25:35 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120701.008\NAVENG.SYS -- (NAVENG)
DRV - [2012.05.06 19:34:37 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- J:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- J:\WINDOWS\system32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012.03.29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012.03.29 00:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\N360\0602010.005\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 00:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- J:\WINDOWS\system32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2012.03.29 00:28:26 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- J:\WINDOWS\system32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2012.03.29 00:06:26 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011.11.29 16:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- J:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- J:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.11.19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.06.27 05:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.16 09:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.03.05 10:11:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- J:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.12.28 16:07:34 | 000,013,824 | R--- | M] (OCZ Technology Co.,Ltd.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2006.12.28 16:02:22 | 000,008,704 | R--- | M] (OCZ Technology Co.,Ltd.) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2006.11.16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006.07.27 13:49:34 | 000,035,200 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006.07.27 13:49:34 | 000,013,824 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006.07.27 13:49:27 | 000,176,640 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\SaiH075C.sys -- (SaiH075C)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- J:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=6
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.1.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: J:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: J:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: J:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: J:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: J:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: J:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: J:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: J:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012.05.06 19:38:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012.07.02 13:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: J:\Programme\Mozilla Firefox\components [2012.06.25 00:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: J:\Programme\Mozilla Firefox\plugins [2012.06.05 22:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: J:\Programme\Mozilla Thunderbird\components [2012.06.26 22:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: J:\Programme\Mozilla Thunderbird\plugins
[2009.11.21 10:49:28 | 000,000,000 | ---D | M] (No name found) -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\Mozilla\Extensions
[2012.05.02 19:14:27 | 000,000,000 | ---D | M] (No name found) -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\Mozilla\Firefox\Profiles\mc4vrqv5.default\extensions
[2010.05.18 12:43:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\Mozilla\Firefox\Profiles\mc4vrqv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.22 21:29:50 | 000,002,448 | ---- | M] () -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\Mozilla\Firefox\Profiles\mc4vrqv5.default\searchplugins\safesearch.xml
[2012.06.25 00:07:41 | 000,000,000 | ---D | M] (No name found) -- J:\Programme\Mozilla Firefox\extensions
[2012.07.02 13:11:57 | 000,000,000 | ---D | M] (Norton Toolbar) -- J:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\COFFPLGN
[2012.05.06 19:38:22 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- J:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPLGN
[2012.05.13 13:36:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- J:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.06.25 00:07:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- J:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.25 00:07:28 | 000,001,392 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 00:07:28 | 000,002,252 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.25 00:07:28 | 000,001,153 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.30 17:35:34 | 000,002,048 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.25 00:07:28 | 000,006,805 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.10.01 16:35:38 | 000,002,400 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\seekservice124.xml
[2009.10.21 18:31:38 | 000,002,400 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\seekservice133.xml
[2012.06.25 00:07:28 | 000,001,178 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 00:07:28 | 000,001,105 | ---- | M] () -- J:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - J:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - J:\Programme\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - J:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - J:\Programme\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - J:\Programme\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - J:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - J:\Programme\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] J:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] J:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] J:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] J:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] J:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DT LGE] J:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [facemoods] J:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] J:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] J:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] J:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] J:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] J:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Profiler] J:\Programme\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] J:\Programme\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Samsung PanelMgr] J:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SoundMan] J:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WheelMouse] J:\Programme\OCZ Technology\Mouse\Amoumain.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] J:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: J:\Dokumente und Einstellungen\Kuschelbär\Startmenü\Programme\Autostart\SpeedFan.lnk = J:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - J:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236273297031 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF80DD1E-FD72-4F1B-AB97-85A9EBB1B389}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - J:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (J:\WINDOWS\system32\userinit.exe) - J:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: J:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: J:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.05 18:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.09.24 23:37:50 | 000,000,041 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.02 10:56:27 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\Malwarebytes
[2012.07.02 10:56:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbam.sys
[2012.07.02 10:56:17 | 000,000,000 | ---D | C] -- J:\Programme\Malwarebytes' Anti-Malware
[2012.07.02 10:56:17 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.02 10:56:17 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.13 19:39:10 | 000,521,728 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.06.05 22:24:46 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.06.05 22:24:14 | 000,000,000 | ---D | C] -- J:\Programme\QuickTime
[2012.06.05 22:24:12 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2012.06.04 20:50:52 | 000,000,000 | ---D | C] -- J:\Programme\Microsoft.NET
[2012.06.04 20:32:26 | 000,527,192 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_7.dll
[2012.06.04 20:32:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_5.dll
[2012.06.04 20:32:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_7.dll
[2012.06.04 20:32:24 | 002,106,216 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_43.dll
[2012.06.04 20:32:24 | 001,868,128 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dcsx_43.dll
[2012.06.04 20:32:23 | 000,470,880 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_43.dll
[2012.06.04 20:32:23 | 000,248,672 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx11_43.dll
[2012.06.04 20:32:22 | 001,998,168 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DX9_43.dll
[2012.06.04 20:32:21 | 000,528,216 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_6.dll
[2012.06.04 20:32:21 | 000,238,936 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_6.dll
[2012.06.04 20:32:21 | 000,074,072 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_4.dll
[2012.06.04 20:32:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\X3DAudio1_7.dll
[2012.06.04 20:32:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_5.dll
[2012.06.04 20:32:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_5.dll
[2012.06.04 20:32:17 | 001,974,616 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_42.dll
[2012.06.04 20:32:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dcsx_42.dll
[2012.06.04 20:32:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx11_42.dll
[2012.06.04 20:32:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DX9_42.dll
[2012.06.04 20:32:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_42.dll
[2012.06.04 20:32:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_41.dll
[2012.06.04 20:32:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_41.dll
[2012.06.04 20:32:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DX9_41.dll
[2012.06.04 20:32:11 | 000,517,448 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_4.dll
[2012.06.04 20:32:11 | 000,069,464 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_3.dll
[2012.06.04 20:32:10 | 000,235,352 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_4.dll
[2012.06.04 20:32:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\X3DAudio1_6.dll
[2012.06.04 20:32:08 | 004,379,984 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DX9_40.dll
[2012.06.04 20:32:08 | 002,036,576 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_40.dll
[2012.06.04 20:32:08 | 000,452,440 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_40.dll
[2012.06.04 20:32:07 | 000,514,384 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_3.dll
[2012.06.04 20:32:07 | 000,070,992 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_2.dll
[2012.06.04 20:32:06 | 000,235,856 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_3.dll
[2012.06.04 20:32:06 | 000,023,376 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\X3DAudio1_5.dll
[2012.06.04 20:32:05 | 000,509,448 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_2.dll
[2012.06.04 20:32:05 | 000,238,088 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_2.dll
[2012.06.04 20:32:05 | 000,068,616 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_1.dll
[2012.06.04 20:32:04 | 001,493,528 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_39.dll
[2012.06.04 20:32:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_39.dll
[2012.06.04 20:32:03 | 003,851,784 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DX9_39.dll
[2012.06.04 20:32:02 | 000,507,400 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_1.dll
[2012.06.04 20:32:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_1.dll
[2012.06.04 20:32:02 | 000,065,032 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_0.dll
[2012.06.04 20:32:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\X3DAudio1_4.dll
[2012.06.04 20:32:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_38.dll
[2012.06.04 20:32:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_38.dll
[2012.06.04 20:31:59 | 003,850,760 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DX9_38.dll
[2012.06.04 20:31:59 | 000,479,752 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_0.dll
[2012.06.04 20:31:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_0.dll
[2012.06.04 20:31:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\X3DAudio1_3.dll
[2012.06.04 20:31:56 | 001,420,824 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_37.dll
[2012.06.04 20:31:56 | 000,462,864 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_37.dll
[2012.06.04 20:31:55 | 003,786,760 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DX9_37.dll
[2012.06.04 20:31:51 | 000,267,272 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_10.dll
[2012.06.04 20:31:48 | 001,374,232 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_36.dll
[2012.06.04 20:31:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_36.dll
[2012.06.04 20:31:47 | 003,734,536 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_36.dll
[2012.06.04 20:31:46 | 000,267,112 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_9.dll
[2012.06.04 20:31:45 | 003,727,720 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_35.dll
[2012.06.04 20:31:45 | 001,358,192 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_35.dll
[2012.06.04 20:31:45 | 000,444,776 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_35.dll
[2012.06.04 20:31:43 | 000,266,088 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_8.dll
[2012.06.04 20:31:43 | 000,017,928 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\X3DAudio1_2.dll
[2012.06.04 20:31:42 | 003,497,832 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_34.dll
[2012.06.04 20:31:42 | 001,124,720 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_34.dll
[2012.06.04 20:31:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_34.dll
[2012.06.04 20:31:41 | 000,261,480 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_7.dll
[2012.06.04 20:31:41 | 000,081,768 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xinput1_3.dll
[2012.06.04 20:31:40 | 001,123,696 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\D3DCompiler_33.dll
[2012.06.04 20:31:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_33.dll
[2012.06.04 20:31:39 | 003,495,784 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_33.dll
[2012.06.04 20:31:38 | 000,255,848 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_6.dll
[2012.06.04 20:31:37 | 003,426,072 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_32.dll
[2012.06.04 20:31:37 | 000,251,672 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_5.dll
[2012.06.04 20:31:36 | 002,414,360 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_31.dll
[2012.06.04 20:31:36 | 000,237,848 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_4.dll
[2012.06.04 20:31:36 | 000,015,128 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\x3daudio1_1.dll
[2012.06.04 20:31:35 | 000,236,824 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_3.dll
[2012.06.04 20:31:35 | 000,062,744 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xinput1_2.dll
[2012.06.04 20:31:34 | 000,230,168 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_2.dll
[2012.06.04 20:31:33 | 000,062,672 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xinput1_1.dll
[2012.06.04 20:31:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_1.dll
[2012.06.04 20:31:27 | 002,332,368 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_29.dll
[2012.06.04 20:31:27 | 000,230,096 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine2_0.dll
[2012.06.04 20:31:27 | 000,014,032 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\x3daudio1_0.dll
[2012.06.04 20:31:26 | 002,319,568 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_27.dll
[2012.06.04 20:31:26 | 000,061,136 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xinput9_1_0.dll
[2012.06.04 20:31:25 | 002,337,488 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_25.dll
[2012.06.04 20:31:25 | 002,297,552 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_26.dll
[2012.06.04 20:31:24 | 002,222,800 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx9_24.dll
[2012.06.04 20:29:03 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.06.04 20:28:07 | 000,000,000 | ---D | C] -- J:\Programme\VideoLAN
[2012.06.04 20:26:17 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SiSoftware
[2012.06.04 20:26:08 | 000,000,000 | ---D | C] -- J:\Programme\SiSoftware
[2012.06.04 20:12:38 | 000,000,000 | ---D | C] -- J:\Programme\SpeedFan
[2012.06.04 20:12:38 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\Kuschelbär\Startmenü\Programme\SpeedFan
[2010.08.12 23:24:06 | 000,047,360 | ---- | C] (VSO Software) -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\pcouffin.sys
[5 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]
[3 J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.02 13:11:18 | 000,212,641 | ---- | M] () -- J:\WINDOWS\System32\nvapps.xml
[2012.07.02 13:11:16 | 000,002,422 | ---- | M] () -- J:\WINDOWS\System32\wpa.dbl
[2012.07.02 13:11:02 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- J:\WINDOWS\gdrv.sys
[2012.07.02 13:10:51 | 000,002,048 | --S- | M] () -- J:\WINDOWS\bootstat.dat
[2012.07.02 12:10:00 | 000,001,090 | ---- | M] () -- J:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.02 11:54:15 | 000,000,884 | ---- | M] () -- J:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.02 11:29:00 | 000,000,470 | ---- | M] () -- J:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012.07.02 10:56:21 | 000,000,762 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.29 09:10:00 | 000,001,086 | ---- | M] () -- J:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.28 23:29:00 | 000,000,470 | ---- | M] () -- J:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2012.06.27 23:29:00 | 000,000,470 | ---- | M] () -- J:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.06.26 22:19:00 | 000,000,276 | ---- | M] () -- J:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.06.26 19:13:29 | 000,000,069 | ---- | M] () -- J:\WINDOWS\NeroDigital.ini
[2012.06.26 15:28:27 | 000,122,368 | ---- | M] () -- J:\Dokumente und Einstellungen\Kuschelbär\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.23 11:54:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- J:\WINDOWS\System32\FlashPlayerApp.exe
[2012.06.23 11:54:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- J:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.06.14 18:52:34 | 000,152,384 | ---- | M] () -- J:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 23:31:36 | 000,517,474 | ---- | M] () -- J:\WINDOWS\System32\perfh007.dat
[2012.06.13 23:31:36 | 000,494,148 | ---- | M] () -- J:\WINDOWS\System32\perfh009.dat
[2012.06.13 23:31:36 | 000,101,628 | ---- | M] () -- J:\WINDOWS\System32\perfc007.dat
[2012.06.13 23:31:36 | 000,084,692 | ---- | M] () -- J:\WINDOWS\System32\perfc009.dat
[2012.06.13 23:20:30 | 000,001,374 | ---- | M] () -- J:\WINDOWS\imsins.BAK
[2012.06.05 22:24:46 | 000,001,590 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.06.05 22:08:27 | 000,157,037 | ---- | M] () -- J:\Dokumente und Einstellungen\Kuschelbär\Desktop\bezahlen Google.jpg
[2012.06.04 20:26:32 | 000,001,009 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\SiSoftware Sandra Lite 2012.SP4a.lnk
[2012.06.04 20:12:40 | 000,000,660 | ---- | M] () -- J:\Dokumente und Einstellungen\Kuschelbär\Desktop\SpeedFan.lnk
[2012.06.04 20:12:39 | 000,000,672 | ---- | M] () -- J:\Dokumente und Einstellungen\Kuschelbär\Startmenü\Programme\Autostart\SpeedFan.lnk
[2012.06.04 20:12:38 | 000,000,045 | ---- | M] () -- J:\WINDOWS\System32\initdebug.nfo
[2012.06.04 19:50:49 | 000,000,064 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.ldb
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\wups2.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\wups.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wups.dll
[2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wuaueng.dll
[5 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]
[3 J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.02 10:56:21 | 000,000,762 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.05 22:24:46 | 000,001,590 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.06.05 22:08:27 | 000,157,037 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Desktop\bezahlen Google.jpg
[2012.06.04 20:59:16 | 011,567,104 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\Sandra.mdb
[2012.06.04 20:26:32 | 000,001,009 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\SiSoftware Sandra Lite 2012.SP4a.lnk
[2012.06.04 20:12:39 | 000,000,660 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Desktop\SpeedFan.lnk
[2012.06.04 20:12:38 | 000,000,672 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Startmenü\Programme\Autostart\SpeedFan.lnk
[2012.06.04 20:12:34 | 000,000,045 | ---- | C] () -- J:\WINDOWS\System32\initdebug.nfo
[2012.06.04 19:50:49 | 000,000,064 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.ldb
[2012.05.26 11:23:30 | 000,109,001 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\ESt2011_Sieg_Andreas_und_Sieg_Gitta.elfo
[2012.02.15 08:58:58 | 000,003,072 | ---- | C] () -- J:\WINDOWS\System32\iacenc.dll
[2011.12.13 10:07:09 | 000,053,760 | R--- | C] () -- J:\WINDOWS\System32\HPM1210SMs.dll
[2011.12.13 10:07:08 | 001,265,664 | ---- | C] () -- J:\WINDOWS\System32\HPM1210SM.exe
[2011.12.13 10:07:08 | 000,163,840 | ---- | C] () -- J:\WINDOWS\System32\HPM1210LM.DLL
[2011.12.13 10:07:04 | 000,176,128 | R--- | C] () -- J:\WINDOWS\System32\m1210nwia.dll
[2011.12.13 09:41:17 | 000,284,160 | ---- | C] () -- J:\WINDOWS\System32\mvhlewsi.DLL
[2011.09.20 15:44:19 | 000,101,876 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\ESt2010_Sieg_Andreas_und_Sieg_Gitta.elfo
[2011.06.15 23:23:19 | 000,001,940 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.06.15 23:18:18 | 000,001,940 | ---- | C] () -- J:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.08.12 23:24:06 | 000,087,608 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\inst.exe
[2010.08.12 23:24:06 | 000,007,887 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\pcouffin.cat
[2010.08.12 23:24:06 | 000,001,144 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\pcouffin.inf
[2010.03.18 21:22:30 | 000,002,528 | ---- | C] () -- J:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc
[2010.02.07 16:30:27 | 000,131,919 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\2009.elfo
[2009.12.01 23:04:06 | 000,122,368 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.21 10:39:43 | 000,002,528 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\Anwendungsdaten\$_hpcst$.hpc
[2009.03.06 23:50:53 | 000,000,040 | -HS- | C] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.03.05 21:03:58 | 000,001,024 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\.rnd
[2009.03.05 18:48:16 | 000,049,152 | ---- | C] () -- J:\Dokumente und Einstellungen\Kuschelbär\index.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> J:\WINDOWS:AA0B7C486F752FC7
< End of report >
--- --- ---
Extras:OTL Logfile: Code:
OTL Extras logfile created on: 02.07.2012 13:13:36 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = J:\Dokumente und Einstellungen\Kuschelbär\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 70,02% Memory free
8,34 Gb Paging File | 7,25 Gb Available in Paging File | 87,02% Paging File free
Paging file location(s): J:\pagefile.sys 2046 4092K:\pagefile.sys 0 0 [binary data]
%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Programme
Drive C: | 5,90 Gb Total Space | 4,76 Gb Free Space | 80,71% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,06 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
Drive E: | 39,01 Gb Total Space | 2,91 Gb Free Space | 7,45% Space Free | Partition Type: NTFS
Drive F: | 27,46 Gb Total Space | 24,29 Gb Free Space | 88,44% Space Free | Partition Type: NTFS
Drive G: | 35,64 Gb Total Space | 24,75 Gb Free Space | 69,44% Space Free | Partition Type: NTFS
Drive I: | 3,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 29,79 Gb Total Space | 4,17 Gb Free Space | 13,99% Space Free | Partition Type: NTFS
Drive K: | 14,90 Gb Total Space | 11,53 Gb Free Space | 77,41% Space Free | Partition Type: NTFS
Drive L: | 21,05 Gb Total Space | 8,79 Gb Free Space | 41,75% Space Free | Partition Type: NTFS
Computer Name: KUSCHELBAER | User Name: Kuschelbär | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- J:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "J:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "J:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"J:\Programme\GIGABYTE\EnergySaver\run.exe" = J:\Programme\GIGABYTE\EnergySaver\run.exe:*:Enabled:update
"J:\Programme\eMule\emule.exe" = J:\Programme\eMule\emule.exe:*:Disabled:eMule
"J:\Programme\TeamViewer\Version6\TeamViewer.exe" = J:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"J:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = J:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"J:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\RpcAgentSrv.exe" = J:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"J:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\WNt500x86\RpcSandraSrv.exe" = J:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"J:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = J:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1883A84D-94AA-432C-9519-FA31B6B118B9}" = forteManager
"{1FA6376A-3120-45DA-8686-96DEFC8A0513}" = HP LaserJet Toolbox
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{33FA361C-6545-4490-945C-1B869370489D}" = HP LaserJet Professional M1210 MFP Series Toolbox
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{688116E1-3223-11D4-B0F4-004005A44561}" = Flamco Berechnungsprogramm
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B10.0309.1
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{967FB80D-56BD-42EF-A942-9E8C78F984A4}" = Saitek SST Programming Software
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{BFFE230A-8520-423D-8A22-DB82C9922925}" = Das Interaktive Kartenwerk. Deutschland
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4a
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{D9FBE6FB-63A5-477E-B671-26FC8B7FE100}" = Desastersoft - Operation Overlord XXL Addon
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA3AFC80-05A5-45A6-BD6E-92641BF93129}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audio Recorder for FREE_is1" = Audio Recorder for FREE 2009 v12.5.3
"Birth of the Federation" = Birth of the Federation
"CD Bremse_is1" = CD Bremse 1.48
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"facemoods" = Facemoods Toolbar
"FinePrint" = FinePrint
"FreeUndelete" = FreeUndelete
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"ie8" = Windows Internet Explorer 8
"Image Analyzer" = Image Analyzer
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"Kalender-Excel_is1" = Kalender-Excel 8.6.1
"KOMPASS Digital Map Madeira_is1" = KOMPASS Digital Map Madeira
"KOMPASS Digital Map_is1" = KOMPASS Digital Map
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Program_is1" = VA Tutorial 2.01
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"Paint Shop Pro 5.01" = Paint Shop Pro 5.01 CD
"Pixum ePrint" = Pixum ePrint 1.2
"RedEye" = RedEye (remove only)
"Samsung ML-1630 Series" = Samsung ML-1630 Series
"SpeedFan" = SpeedFan (remove only)
"TAPPS DE_is1" = TAPPS 1.26 DE
"TeamViewer 6" = TeamViewer 6
"VAHausDesignerPremium.Exe" = VA HausDesigner Premium
"VLC media player" = VLC media player 2.0.1
"WheelMouse" = OCZ Technology Laser Gaming Mouse
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.04.2012 17:29:47 | Computer Name = KUSCHELBAER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 18.04.2012 17:29:47 | Computer Name = KUSCHELBAER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 07.05.2012 05:26:36 | Computer Name = KUSCHELBAER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Acrobat.exe, Version 7.0.0.1333, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 07.05.2012 05:26:37 | Computer Name = KUSCHELBAER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Acrobat.exe, Version 7.0.0.1333, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.06.2012 12:53:01 | Computer Name = KUSCHELBAER | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 23.06.2012 07:54:27 | Computer Name = KUSCHELBAER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 26.06.2012 12:54:28 | Computer Name = KUSCHELBAER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 26.06.2012 12:54:39 | Computer Name = KUSCHELBAER | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich -1264370443.
Error - 26.06.2012 13:54:43 | Computer Name = KUSCHELBAER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 01.07.2012 03:25:07 | Computer Name = KUSCHELBAER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nmindexstoresvr.exe, Version 3.3.8.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x01eaed9f.
[ System Events ]
Error - 01.07.2012 13:47:30 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 01.07.2012 15:51:39 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 01.07.2012 15:51:39 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.07.2012 04:05:33 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 02.07.2012 04:05:33 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.07.2012 05:31:20 | Computer Name = KUSCHELBAER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume8" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 02.07.2012 05:31:21 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 02.07.2012 05:31:21 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.07.2012 07:11:09 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 02.07.2012 07:11:09 | Computer Name = KUSCHELBAER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
--- --- ---
Gmer:
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-02 15:00:37
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-29 WDC_WD1600AAJS-08PSA0 rev.05.06H05
Running: gcgukm0o.exe; Driver: J:\DOKUME~1\KUSCHE~1\LOKALE~1\Temp\fxdiqaob.sys
---- System - GMER 1.0.15 ----
SSDT 89AC3898 ZwAlertResumeThread
SSDT 89AC3978 ZwAlertThread
SSDT 89A4BCD0 ZwAllocateVirtualMemory
SSDT 89AB53F8 ZwAssignProcessToJobObject
SSDT 89B346B8 ZwConnectPort
SSDT \??\J:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6C41D40]
SSDT 89A489A8 ZwCreateMutant
SSDT 89A865E8 ZwCreateSymbolicLinkObject
SSDT 89A4CFB0 ZwCreateThread
SSDT 89AB54D8 ZwDebugActiveProcess
SSDT \??\J:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6C41FC0]
SSDT \??\J:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6C42680]
SSDT 89A86E70 ZwDuplicateObject
SSDT 89AA0AE8 ZwFreeVirtualMemory
SSDT 89AA28D8 ZwImpersonateAnonymousToken
SSDT 89AA29B8 ZwImpersonateThread
SSDT 8A207690 ZwLoadDriver
SSDT 89A6ADA8 ZwMapViewOfSection
SSDT 89A488E8 ZwOpenEvent
SSDT 89A4CE58 ZwOpenProcess
SSDT 89A72248 ZwOpenProcessToken
SSDT 89A89930 ZwOpenSection
SSDT 89A86F60 ZwOpenThread
SSDT 89A866D8 ZwProtectVirtualMemory
SSDT 89AB4A78 ZwResumeThread
SSDT 89A723D0 ZwSetContextThread
SSDT 89A6AC18 ZwSetInformationProcess
SSDT 89AB5598 ZwSetSystemInformation
SSDT \??\J:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6C42910]
SSDT 89A48828 ZwSuspendProcess
SSDT 89AB4B38 ZwSuspendThread
SSDT 89AC8A08 ZwTerminateProcess
SSDT 89A722F0 ZwTerminateThread
SSDT 89A6ACE8 ZwUnmapViewOfSection
SSDT 89AA0BB8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504564 8 Bytes [E8, 65, A8, 89, B0, CF, A4, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 805045E0 4 Bytes [E8, 0A, AA, 89]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DA4 8050465C 4 Bytes CALL EED9EAE9
.text ntkrnlpa.exe!ZwCallbackReturn + 3008 805048C0 4 Bytes CALL BED9EF71
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
.text J:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9652360, 0x35483F, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
--- --- ---
Ich hoffe das hilft etwas.
Danke nochmal.
Gruß
gr.nagus |
