| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf Malare etc..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.12.2012, 17:08
| #1 |
 |  Verdacht auf Malare etc.. Ich denke, dass ich irgendwelche Backdoor Trojaner, Malware, Spyware oder so was ähnliches auf meinem Pc, da ich ausversehen dateien geöffnet habe von einer person und bei der datei sich nix geöffnet hat. die datei war in jpg Format hab den verdacht, dass es Keylogger oder wie oben geschreiben etwas anderes seien könnte. würde mich für eurer hilfe sehr freuen. ps: in mehreren ordnern ist jetzt eine systemdatei namens thumbs.db und desktop.ini. was ist das? danke im voraus. OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/30/2012 1:57:25 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop\Locker\prm tls\Legal\Systemanalyse Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy 3.24 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 66.04% Memory free 5.07 Gb Paging File | 3.97 Gb Available in Paging File | 78.22% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465.75 Gb Total Space | 400.65 Gb Free Space | 86.02% Space Free | Partition Type: NTFS Drive D: | 639.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.98% Space Free | Partition Type: FAT32 Computer Name: BÜRO | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/30 13:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Locker\prm tls\Legal\Systemanalyse\OTL.exe PRC - [2012/12/28 21:47:52 | 002,973,696 | ---- | M] (LG Electronics, Inc.) -- C:\Programme\LGNAS\Remote Network Drive\CloudDrive.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/11 15:24:47 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012/12/11 15:24:10 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/12/11 15:24:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/12/11 15:24:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012/11/07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012/11/07 19:23:46 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/11/02 19:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2012/11/02 19:16:26 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2012/04/12 13:43:25 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_JT50RP.EXE PRC - [2012/03/25 18:59:16 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXSTM.exe PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXRCV.exe PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\Event Manager\EEventManager.exe PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/11/30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe MOD - [2012/09/19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\WEKA\WEKA Launcher\launcherservice.exe -- (launcherservice) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/12 11:48:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/11 15:24:47 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/12/11 15:24:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/12/05 11:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/12 19:17:59 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012/11/07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/11/02 19:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012/04/26 09:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2012/04/12 13:43:25 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) SRV - [2012/03/25 18:59:16 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2011/07/20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva400.sys -- (XDva400) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva396.sys -- (XDva396) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdqpod.sys -- (pxtdqpod) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/12/27 11:44:17 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/12/11 15:24:59 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/11 15:24:59 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/13 17:57:53 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/11/07 19:23:46 | 000,527,408 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2012/11/02 19:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012/01/09 18:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011/12/15 18:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2008/01/03 21:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007/12/20 17:00:06 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{F6915CC7-C1E2-448C-8184-C405B196CFD0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 72.64.146.136:8080 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: firebug%40software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.16 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/02 20:57:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/11/13 21:35:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/26 22:03:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/12/05 11:06:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/12/26 22:02:54 | 000,000,000 | ---D | M] [2012/04/02 20:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012/12/29 11:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions [2012/11/28 22:15:00 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\ffxtlbr@incredibar.com [2012/12/29 11:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\staged [2012/12/13 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions [2012/11/08 11:05:48 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2012/05/19 16:29:23 | 001,335,949 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\firebug@software.joehewitt.com.xpi [2012/12/29 11:46:43 | 000,548,003 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\uriloader@pdf.js.xpi [2012/05/13 13:00:07 | 000,439,720 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012/12/29 11:46:49 | 002,151,598 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\staged\firebug@software.joehewitt.com.xpi [2012/12/29 11:46:41 | 000,455,379 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\staged\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012/12/13 15:58:46 | 002,151,598 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions\firebug@software.joehewitt.com.xpi [2012/12/13 15:58:48 | 000,548,003 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions\uriloader@pdf.js.xpi [2012/11/22 16:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/11/22 16:02:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/11/22 16:02:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/12/26 22:03:30 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2012/04/02 20:57:34 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012/10/15 12:30:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/12/05 11:05:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Programme\mozilla firefox\plugins\npijjiFFPlugin1.dll [2012/12/26 22:02:29 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2012/10/08 10:40:26 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/08 10:40:26 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/10/08 10:40:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/10/08 10:40:26 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/08 10:40:26 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/08 10:40:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Programme\Mozilla Firefox\plugins\npijjiFFPlugin1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealDownloader = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Programme\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [REWI Terminüberwachung] C:\Programme\REWI-Verlag\REWI-Zentrale\rewi_termine.exe (Web5 GmbH) O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Network Drive.lnk = C:\Programme\LGNAS\Remote Network Drive\CloudDriveStart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE3BE6E6-E5B8-42BC-86DA-B47444DD38E3}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/04/02 19:04:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/07/02 05:04:08 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{848504c2-7cf4-11e1-b6b3-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{848504c2-7cf4-11e1-b6b3-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{848504c2-7cf4-11e1-b6b3-806d6172696f}\Shell\AutoRun\command - "" = D:\.\SetupX.exe -- [2011/05/18 04:38:30 | 001,656,080 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/29 22:53:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012/12/29 22:39:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2012/12/29 22:39:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012/12/29 22:39:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012/12/29 22:39:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/29 22:39:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012/12/29 17:07:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner (4) [2012/12/28 23:07:50 | 000,000,000 | ---D | C] -- C:\Programme\HitmanPro [2012/12/28 21:13:32 | 000,000,000 | ---D | C] -- C:\Programme\LGNAS [2012/12/28 21:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LG NAS [2012/12/28 20:43:38 | 000,000,000 | ---D | C] -- C:\lgnasinsw [2012/12/28 20:38:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LG Tool Kit [2012/12/28 20:38:31 | 000,000,000 | ---D | C] -- C:\Programme\LGNASInsW [2012/12/27 19:43:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2012/12/27 18:47:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro [2012/12/27 18:47:25 | 008,939,896 | ---- | C] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HitmanPro32.exe [2012/12/27 14:22:29 | 000,000,000 | ---D | C] -- C:\ubuntu [2012/12/27 11:45:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\DAEMON Tools Images [2012/12/27 11:44:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite [2012/12/27 11:44:03 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012/12/27 11:43:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite [2012/12/27 11:43:29 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite [2012/12/27 11:42:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012/12/26 22:04:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RealNetworks [2012/12/26 22:03:29 | 000,000,000 | ---D | C] -- C:\Programme\RealNetworks [2012/12/26 22:03:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks [2012/12/26 22:03:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared [2012/12/26 22:02:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RealNetworks [2012/12/26 22:02:20 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/12/26 21:47:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012/12/26 21:47:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager [2012/12/26 21:47:04 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2012/12/25 17:56:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\bny [2012/12/25 01:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ipswitch [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/30 13:55:27 | 000,000,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012/12/30 13:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/30 13:25:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/12/30 12:23:33 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:23:31 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:21:32 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/12/30 12:21:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:21:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:21:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-1005.job [2012/12/30 12:21:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/29 22:39:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/29 18:42:22 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 12:26:23 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 10:52:01 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/28 23:14:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2012/12/28 21:46:56 | 000,001,785 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Network Drive.lnk [2012/12/28 21:46:49 | 000,001,773 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Remote Network Drive.lnk [2012/12/28 21:13:32 | 000,001,772 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAS Monitor.lnk [2012/12/28 20:38:39 | 000,001,549 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LG NAS Installation Wizard.lnk [2012/12/27 14:22:09 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS [2012/12/27 14:22:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2012/12/27 11:44:17 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012/12/27 11:44:04 | 000,001,577 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Lite.lnk [2012/12/26 22:03:42 | 000,000,817 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2012/12/26 22:02:20 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/12/26 21:55:42 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/26 17:01:17 | 000,000,757 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2012/12/25 20:59:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-1005.job [2012/12/25 01:43:15 | 000,000,033 | ---- | M] () -- C:\WINDOWS\hotkey.ini [2012/12/24 09:48:13 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Default.rdp [2012/12/21 15:12:44 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HitmanPro32.exe [2012/12/18 21:57:33 | 141,127,181 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Jasper Jauch Downhill Winterberg GoPro Hero 2.mp4 [2012/12/18 13:30:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/13 13:10:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/11 15:24:59 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012/12/11 15:24:59 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012/12/07 16:49:29 | 000,519,638 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/12/07 16:49:29 | 000,495,654 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/12/07 16:49:29 | 000,101,336 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/12/07 16:49:29 | 000,084,242 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/12/07 10:40:13 | 000,000,474 | ---- | M] () -- C:\WINDOWS\wininit.ini [2012/12/02 19:55:57 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/30 13:55:24 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012/12/29 22:39:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/29 12:26:27 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 12:26:26 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 12:26:22 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/28 21:46:49 | 000,001,785 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Network Drive.lnk [2012/12/28 21:46:49 | 000,001,773 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Remote Network Drive.lnk [2012/12/28 21:13:32 | 000,001,772 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAS Monitor.lnk [2012/12/28 20:38:39 | 000,001,549 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LG NAS Installation Wizard.lnk [2012/12/27 11:44:04 | 000,001,577 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Lite.lnk [2012/12/26 22:04:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/26 22:04:29 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/26 22:03:42 | 000,000,817 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2012/12/24 23:29:55 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hotkey.ini [2012/12/24 09:48:13 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Default.rdp [2012/12/18 21:44:20 | 141,127,181 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Jasper Jauch Downhill Winterberg GoPro Hero 2.mp4 [2012/12/07 10:40:13 | 000,000,474 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012/12/02 19:55:57 | 000,000,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk [2012/11/28 22:14:45 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll [2012/11/05 14:55:21 | 000,004,441 | ---- | C] () -- C:\WINDOWS\jnzn-v48.ini [2012/11/05 14:55:21 | 000,001,442 | ---- | C] () -- C:\WINDOWS\cftpb_d24.ini [2012/10/05 09:24:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2012/05/14 13:48:17 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2012/04/15 14:11:48 | 000,000,082 | ---- | C] () -- C:\WINDOWS\odbc_merge.INI [2012/04/12 14:55:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2012/04/12 13:10:30 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2012/04/12 13:10:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2012/04/12 13:10:28 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\midas.dll [2012/04/12 12:29:17 | 000,015,602 | ---- | C] () -- C:\WINDOWS\System32\SELF32.INI [2012/04/06 05:16:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/04/04 11:51:06 | 000,023,016 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/04/03 14:51:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/04/02 21:22:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012/04/02 19:49:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/04/02 19:49:14 | 000,141,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/04/02 19:48:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll [2012/04/02 19:05:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/04/02 19:02:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012/04/04 13:23:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2011/12/19 09:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/10/05 07:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CheckPoint [2012/12/27 11:45:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite [2012/04/02 20:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DDMSettings [2012/04/02 21:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Downloaded Installations [2012/05/03 19:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Epson [2012/04/11 19:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRightToGo [2012/06/04 16:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\JonDo [2012/11/10 16:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2012/04/04 15:21:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Need for Speed World [2012/12/30 13:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nitro PDF [2012/11/28 12:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++ [2012/05/03 19:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pdfforge [2012/08/24 13:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2012/04/03 16:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012/12/27 11:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012/04/12 13:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012/12/27 19:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro [2012/04/13 14:00:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ijjigame [2012/04/02 21:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF [2012/12/30 12:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan ========== Purity Check ========== < End of report > Geändert von sluum (30.12.2012 um 17:25 Uhr) |
|
30.12.2012, 19:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verdacht auf Malare etc.. Hallo und
__________________ Code:
ATTFilter Windows XP Professional Edition Service Pack 3
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Und noch eine andere kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Warum postest du die Logs in einem sinnfreien Mischmasch, OTL einmal direkt und dann nopchmal mit GMER im Anhang, welchen Sinn macht das? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
__________________ |
|
30.12.2012, 20:16
| #3 | |
| | Verdacht auf Malare etc..Zitat:
Ich poste jetzt hier alle 3 logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-30 16:36:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA5BA
Running: 78i3keym.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdqpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA669EB32]
SSDT BA78871C ZwClose
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA64E7346]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateEvent [0xA669F99C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA64E15E4]
SSDT BA7886D6 ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateMutant [0xA669F88A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA64E7AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateProcess [0xA669FBCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateProcessEx [0xA669FD80]
SSDT BA788726 ZwCreateSection
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateSemaphore [0xA669FAB4]
SSDT BA7886CC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA64E7C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwDebugActiveProcess [0xA66A008C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA64E21FA]
SSDT BA7886DB ZwDeleteKey
SSDT BA7886E5 ZwDeleteValueKey
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwDeviceIoControlFile [0xA669F46E]
SSDT BA788717 ZwDuplicateObject
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwEnumerateKey [0xA66B242C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwEnumerateValueKey [0xA66B2DDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwLoadDriver [0xA66A017E]
SSDT BA7886EA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA6502D9E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xA6504E8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwNotifyChangeKey [0xA66B56AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenEvent [0xA669FA2E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA64E1E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenMutant [0xA669F916]
SSDT BA7886B8 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenSection [0xA66A04CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenSemaphore [0xA669FB46]
SSDT BA7886BD ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueryKey [0xA66B125C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA66B2A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueryObject [0xA66B58A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQuerySection [0xA66A0A10]
SSDT BA78873F ZwQueryValueKey
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueueApcThread [0xA66A031E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA6503B2C]
SSDT BA7886F4 ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwReplyPort [0xA66B73EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA66B733A]
SSDT BA788730 ZwRequestWaitReplyPort
SSDT BA7886EF ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwResumeThread [0xA66A0F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSaveKey [0xA66B16E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSaveKeyEx [0xA66B1878]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSaveMergedKeys [0xA66B1A14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSecureConnectPort [0xA66B701A]
SSDT BA78872B ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA64E25BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSetInformationToken [0xA669FF38]
SSDT BA788735 ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSetSystemInformation [0xA66A0B60]
SSDT BA7886E0 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSuspendProcess [0xA66A0C54]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSuspendThread [0xA66A0D8E]
SSDT BA78873A ZwSystemDebugControl
SSDT BA7886C7 ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwTerminateThread [0xA669EE62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwUnmapViewOfSection [0xA66A08C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwWriteVirtualMemory [0xA669EFF4]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAFC4 5 Bytes JMP A6691AE0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF96C 5 Bytes JMP A6691EBC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050458C 12 Bytes [D2, 7A, 4E, A6, CC, FB, 69, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504658 12 Bytes JMP 9EBA7886
.text ntkrnlpa.exe!ZwCallbackReturn + 2EDC 805047D4 16 Bytes [2C, 3B, 50, A6, F4, 86, 78, ...] {SUB AL, 0x3b; PUSH EAX; CMPSB ; HLT ; XCHG [EAX-0x46], BH; IN AL, DX ; JAE 0x76; CMPSB ; CMP DH, [EBX+0x6b]; CMPSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 8050480C 20 Bytes [2E, 0F, 6A, A6, E2, 16, 6B, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [54, 0C, 6A, A6, 8E, 0D, 6A, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[2008] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20CB9266 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/30/2012 1:57:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop\Locker\prm tls\Legal\Systemanalyse
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 66.04% Memory free
5.07 Gb Paging File | 3.97 Gb Available in Paging File | 78.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465.75 Gb Total Space | 400.65 Gb Free Space | 86.02% Space Free | Partition Type: NTFS
Drive D: | 639.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Computer Name: BÜRO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLED.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Safari\Safari.exe" -url "%1"
https [open] -- "C:\Programme\Safari\Safari.exe" -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1065:TCP" = 1065:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\Programme\EPSON Software\Event Manager\EEventManager.exe" = C:\Programme\EPSON Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"K:\Cl2\CL2-Revolution.exe.exe" = K:\Cl2\CL2-Revolution.exe.exe:*:Enabled:CL2-Revolution.exe
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\Logitech\Vid HD\Vid.exe" = C:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- ()
"C:\Programme\LGNAS\Remote Network Drive\CloudDrive.exe" = C:\Programme\LGNAS\Remote Network Drive\CloudDrive.exe:*:Enabled:LGNAS Remote Network Drive -- (LG Electronics, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D9EDEF-CD1B-40B5-A33F-4FCF86FB6D3C}" = Handwerksbüro X14-Datenübernahme
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0CF9C28A-6845-4754-BFE1-0355F34D5A57}" = REWI Bauplaner 3.3
"{11D2CA5D-744E-D122-E538-3F9CA10A0432}" = WEKA Handwerksbüro X17 - 06.12
"{124C8673-FB8C-426D-A5BA-2A7400EC5994}" = WEKA DATANORM 3.6
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{211BCB81-5901-EE95-1E3A-A70D1FEE7B1D}" = WEKA Handwerksbüro X16 - 01.12
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3C0247-7F29-446D-B418-D17A5256EDA5}" = REWI Auftragsmanager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF91913-9E6A-4BBB-86DF-FD33D074343F}" = Epson Download Navigator
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53228309-6B6C-4777-BBAF-C1FFDCED34CD}" = ZoneAlarm Antivirus
"{5B4A4D57-F27F-EF52-218D-E7D1EA0A0FB3}" = WEKA Handwerksbüro X17 - 06.12 (Multiuser)
"{66E493CD-A2CC-FE23-1AE3-DD6581E26AAD}" = WEKA Handwerksbüro X14 - 11.10
"{731FFE72-C4E2-4711-8DB2-822AE8388D50}" = Handwerksbüro X14-Problemberichterstattung
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{88FEF54A-67CA-E293-1492-B2FF0F7889AE}" = WEKA Handwerksbüro X14 - 11.10 (Multiuser)
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F1D1ADF-E009-4654-AD7A-C82D3D4606B3}" = LG NAS Installation Wizard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_BASICR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_BASICR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1812261-2BB9-4E6A-A829-1AAD58A794CC}" = Nitro Reader 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A843F1A3-4680-14A4-D0AD-197A2140A65E}" = WEKA Handwerksbüro X16 - 01.12 (Multiuser)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{AF7E45F7-DAF6-4DEF-B439-B334D7F43942}" = Handwerksbüro X16-Datenübernahme
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67383B5-F29A-465D-BF2B-0438D28F4507}" = Remote Network Drive
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{ED1A63BB-5646-4BF9-BD2F-7CDDFE24FE78}" = LG NASMonitor
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3599-1427-7716-9681" = WEKA LauncherService 1.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"BASICR" = Microsoft Office Basic 2007
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"DAEMON Tools Lite" = DAEMON Tools Lite
"de.bwso.hwb.Hwb.X14.4F8E7E6D8E65CECC4BE272E18D7C5FD600AEA0F5.1" = WEKA Handwerksbüro X14 - 11.10
"de.bwso.hwb.Hwb.X16.4F8E7E6D8E65CECC4BE272E18D7C5FD600AEA0F5.1" = WEKA Handwerksbüro X16 - 01.12
"de.bwso.hwb.Hwb.X17.4F8E7E6D8E65CECC4BE272E18D7C5FD600AEA0F5.1" = WEKA Handwerksbüro X17 - 06.12
"de.bwso.hwb.HwbMulti.X14.4F8E7E6D8E65CECC4BE272E18D7C5FD600AEA0F5.1" = WEKA Handwerksbüro X14 - 11.10 (Multiuser)
"de.bwso.hwb.HwbMulti.X16.4F8E7E6D8E65CECC4BE272E18D7C5FD600AEA0F5.1" = WEKA Handwerksbüro X16 - 01.12 (Multiuser)
"de.bwso.hwb.HwbMulti.X17.4F8E7E6D8E65CECC4BE272E18D7C5FD600AEA0F5.1" = WEKA Handwerksbüro X17 - 06.12 (Multiuser)
"DivX Setup" = DivX-Setup
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WP-4535 Series" = EPSON WP-4535 Series Printer Uninstall
"EPSON WP-4535 Series Netg" = Network Guide EPSON WP-4535 Series
"EPSON WP-4535 Series Useg" = User's Guide EPSON WP-4535 Series
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Kassenbuch4" = Softwarenetz Kassenbuch4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"Microsoft.Net.Client.3.5.LangPack.deu" = Microsoft .NET Framework Client Profile Language Pack - DEU
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"RealPlayer 16.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.8d
"weka-hwb-X14" = Weka Handwerksbüro X14
"weka-hwb-X16" = Weka Handwerksbüro X16
"weka-hwb-X17" = WEKA Handwerksbüro 1.17.2.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"WNLT" = IB Updater Service
"Wubi" = Ubuntu
"xampp" = XAMPP 1.7.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/25/2012 12:35:34 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 12/25/2012 3:59:48 PM | Computer Name = ANONYMOUS-CHDF9 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 12/26/2012 4:32:00 PM | Computer Name = ANONYMOUS-CHDF9 | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 12/26/2012 4:32:00 PM | Computer Name = ANONYMOUS-CHDF9 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 12/27/2012 6:44:00 AM | Computer Name = ANONYMOUS-CHDF9 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 12/28/2012 7:34:45 PM | Computer Name = ANONYMOUS-CHDF9 | Source = CGVPNCliService.exe | ID = 0
Description =
Error - 12/28/2012 7:34:55 PM | Computer Name = ANONYMOUS-CHDF9 | Source = CGVPNCliService.exe | ID = 0
Description =
Error - 12/28/2012 7:55:52 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul spybotsd.exe, Version 1.6.2.46, Fehleradresse 0x00001941.
Error - 12/28/2012 7:56:04 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul spybotsd.exe, Version 1.6.2.46, Fehleradresse 0x000049ee.
Error - 12/28/2012 7:56:08 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul spybotsd.exe, Version 1.6.2.46, Fehleradresse 0x000049ee.
[ Application Events ]
Error - 12/25/2012 12:35:34 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 12/25/2012 3:59:48 PM | Computer Name = ANONYMOUS-CHDF9 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 12/26/2012 4:32:00 PM | Computer Name = ANONYMOUS-CHDF9 | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 12/26/2012 4:32:00 PM | Computer Name = ANONYMOUS-CHDF9 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 12/27/2012 6:44:00 AM | Computer Name = ANONYMOUS-CHDF9 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 12/28/2012 7:34:45 PM | Computer Name = ANONYMOUS-CHDF9 | Source = CGVPNCliService.exe | ID = 0
Description =
Error - 12/28/2012 7:34:55 PM | Computer Name = ANONYMOUS-CHDF9 | Source = CGVPNCliService.exe | ID = 0
Description =
Error - 12/28/2012 7:55:52 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul spybotsd.exe, Version 1.6.2.46, Fehleradresse 0x00001941.
Error - 12/28/2012 7:56:04 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul spybotsd.exe, Version 1.6.2.46, Fehleradresse 0x000049ee.
Error - 12/28/2012 7:56:08 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul spybotsd.exe, Version 1.6.2.46, Fehleradresse 0x000049ee.
[ System Events ]
Error - 12/28/2012 6:17:31 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "IBUpdaterService" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 12/28/2012 6:17:36 PM | Computer Name = ANONYMOUS-CHDF9 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBUpdaterService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12/29/2012 5:52:35 AM | Computer Name = BÜRO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBUpdaterService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12/29/2012 10:43:42 AM | Computer Name = BÜRO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBUpdaterService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12/29/2012 10:54:59 AM | Computer Name = BÜRO | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 12/29/2012 6:52:13 PM | Computer Name = BÜRO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 12/29/2012 6:52:13 PM | Computer Name = BÜRO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 12/30/2012 6:46:05 AM | Computer Name = BÜRO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HTTP-SSL.
Error - 12/30/2012 6:46:05 AM | Computer Name = BÜRO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HTTP-SSL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 12/30/2012 7:57:08 AM | Computer Name = BÜRO | Source = Service Control Manager | ID = 7034
Description = Dienst "launcherservice" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/30/2012 1:57:25 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop\Locker\prm tls\Legal\Systemanalyse Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy 3.24 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 66.04% Memory free 5.07 Gb Paging File | 3.97 Gb Available in Paging File | 78.22% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465.75 Gb Total Space | 400.65 Gb Free Space | 86.02% Space Free | Partition Type: NTFS Drive D: | 639.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.98% Space Free | Partition Type: FAT32 Computer Name: BÜRO | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/30 13:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\Locker\prm tls\Legal\Systemanalyse\OTL.exe PRC - [2012/12/28 21:47:52 | 002,973,696 | ---- | M] (LG Electronics, Inc.) -- C:\Programme\LGNAS\Remote Network Drive\CloudDrive.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/11 15:24:47 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012/12/11 15:24:10 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/12/11 15:24:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/12/11 15:24:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012/11/07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012/11/07 19:23:46 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/11/02 19:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2012/11/02 19:16:26 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2012/04/12 13:43:25 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_JT50RP.EXE PRC - [2012/03/25 18:59:16 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXSTM.exe PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXRCV.exe PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\Event Manager\EEventManager.exe PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/11/30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe MOD - [2012/09/19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\WEKA\WEKA Launcher\launcherservice.exe -- (launcherservice) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/12 11:48:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/11 15:24:47 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/12/11 15:24:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/12/05 11:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/12 19:17:59 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012/11/07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/11/02 19:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012/04/26 09:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2012/04/12 13:43:25 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) SRV - [2012/03/25 18:59:16 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2011/07/20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva400.sys -- (XDva400) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva396.sys -- (XDva396) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdqpod.sys -- (pxtdqpod) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/12/27 11:44:17 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/12/11 15:24:59 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/11 15:24:59 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/13 17:57:53 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/11/07 19:23:46 | 000,527,408 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2012/11/02 19:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012/01/09 18:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011/12/15 18:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2008/01/03 21:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007/12/20 17:00:06 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{F6915CC7-C1E2-448C-8184-C405B196CFD0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 72.64.146.136:8080 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: firebug%40software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.16 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/02 20:57:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/11/13 21:35:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/26 22:03:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/12/05 11:06:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/12/26 22:02:54 | 000,000,000 | ---D | M] [2012/04/02 20:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012/12/29 11:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions [2012/11/28 22:15:00 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\ffxtlbr@incredibar.com [2012/12/29 11:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\staged [2012/12/13 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions [2012/11/08 11:05:48 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2012/05/19 16:29:23 | 001,335,949 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\firebug@software.joehewitt.com.xpi [2012/12/29 11:46:43 | 000,548,003 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\uriloader@pdf.js.xpi [2012/05/13 13:00:07 | 000,439,720 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012/12/29 11:46:49 | 002,151,598 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\staged\firebug@software.joehewitt.com.xpi [2012/12/29 11:46:41 | 000,455,379 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5mqg5vkg.default\extensions\staged\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012/12/13 15:58:46 | 002,151,598 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions\firebug@software.joehewitt.com.xpi [2012/12/13 15:58:48 | 000,548,003 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x3hutyye.Standard-Benutzer\extensions\uriloader@pdf.js.xpi [2012/11/22 16:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/11/22 16:02:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/11/22 16:02:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/12/26 22:03:30 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2012/04/02 20:57:34 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012/10/15 12:30:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/12/05 11:05:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Programme\mozilla firefox\plugins\npijjiFFPlugin1.dll [2012/12/26 22:02:29 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2012/10/08 10:40:26 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/08 10:40:26 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/10/08 10:40:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/10/08 10:40:26 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/08 10:40:26 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/08 10:40:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Programme\Mozilla Firefox\plugins\npijjiFFPlugin1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealDownloader = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Programme\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [REWI Terminüberwachung] C:\Programme\REWI-Verlag\REWI-Zentrale\rewi_termine.exe (Web5 GmbH) O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Network Drive.lnk = C:\Programme\LGNAS\Remote Network Drive\CloudDriveStart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE3BE6E6-E5B8-42BC-86DA-B47444DD38E3}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/04/02 19:04:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/07/02 05:04:08 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{848504c2-7cf4-11e1-b6b3-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{848504c2-7cf4-11e1-b6b3-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{848504c2-7cf4-11e1-b6b3-806d6172696f}\Shell\AutoRun\command - "" = D:\.\SetupX.exe -- [2011/05/18 04:38:30 | 001,656,080 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/29 22:53:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012/12/29 22:39:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2012/12/29 22:39:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012/12/29 22:39:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012/12/29 22:39:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/29 22:39:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012/12/29 17:07:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner (4) [2012/12/28 23:07:50 | 000,000,000 | ---D | C] -- C:\Programme\HitmanPro [2012/12/28 21:13:32 | 000,000,000 | ---D | C] -- C:\Programme\LGNAS [2012/12/28 21:13:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LG NAS [2012/12/28 20:43:38 | 000,000,000 | ---D | C] -- C:\lgnasinsw [2012/12/28 20:38:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LG Tool Kit [2012/12/28 20:38:31 | 000,000,000 | ---D | C] -- C:\Programme\LGNASInsW [2012/12/27 19:43:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2012/12/27 18:47:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro [2012/12/27 18:47:25 | 008,939,896 | ---- | C] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HitmanPro32.exe [2012/12/27 14:22:29 | 000,000,000 | ---D | C] -- C:\ubuntu [2012/12/27 11:45:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\DAEMON Tools Images [2012/12/27 11:44:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite [2012/12/27 11:44:03 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012/12/27 11:43:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite [2012/12/27 11:43:29 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite [2012/12/27 11:42:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012/12/26 22:04:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RealNetworks [2012/12/26 22:03:29 | 000,000,000 | ---D | C] -- C:\Programme\RealNetworks [2012/12/26 22:03:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks [2012/12/26 22:03:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared [2012/12/26 22:02:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RealNetworks [2012/12/26 22:02:20 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/12/26 21:47:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012/12/26 21:47:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager [2012/12/26 21:47:04 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2012/12/25 17:56:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\bny [2012/12/25 01:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ipswitch [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/30 13:55:27 | 000,000,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012/12/30 13:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/30 13:25:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/12/30 12:23:33 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:23:31 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:21:32 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/12/30 12:21:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:21:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/30 12:21:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-1005.job [2012/12/30 12:21:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/29 22:39:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/29 18:42:22 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 12:26:23 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 10:52:01 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/28 23:14:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2012/12/28 21:46:56 | 000,001,785 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Network Drive.lnk [2012/12/28 21:46:49 | 000,001,773 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Remote Network Drive.lnk [2012/12/28 21:13:32 | 000,001,772 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAS Monitor.lnk [2012/12/28 20:38:39 | 000,001,549 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LG NAS Installation Wizard.lnk [2012/12/27 14:22:09 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS [2012/12/27 14:22:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2012/12/27 11:44:17 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012/12/27 11:44:04 | 000,001,577 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Lite.lnk [2012/12/26 22:03:42 | 000,000,817 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2012/12/26 22:02:20 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/12/26 21:55:42 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/26 17:01:17 | 000,000,757 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2012/12/25 20:59:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-1005.job [2012/12/25 01:43:15 | 000,000,033 | ---- | M] () -- C:\WINDOWS\hotkey.ini [2012/12/24 09:48:13 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Default.rdp [2012/12/21 15:12:44 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HitmanPro32.exe [2012/12/18 21:57:33 | 141,127,181 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Jasper Jauch Downhill Winterberg GoPro Hero 2.mp4 [2012/12/18 13:30:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/13 13:10:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/11 15:24:59 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012/12/11 15:24:59 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012/12/07 16:49:29 | 000,519,638 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/12/07 16:49:29 | 000,495,654 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/12/07 16:49:29 | 000,101,336 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/12/07 16:49:29 | 000,084,242 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/12/07 10:40:13 | 000,000,474 | ---- | M] () -- C:\WINDOWS\wininit.ini [2012/12/02 19:55:57 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/30 13:55:24 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012/12/29 22:39:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/29 12:26:27 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 12:26:26 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/29 12:26:22 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/28 21:46:49 | 000,001,785 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Network Drive.lnk [2012/12/28 21:46:49 | 000,001,773 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Remote Network Drive.lnk [2012/12/28 21:13:32 | 000,001,772 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAS Monitor.lnk [2012/12/28 20:38:39 | 000,001,549 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LG NAS Installation Wizard.lnk [2012/12/27 11:44:04 | 000,001,577 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Lite.lnk [2012/12/26 22:04:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/26 22:04:29 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-57989841-839522115-500.job [2012/12/26 22:03:42 | 000,000,817 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk [2012/12/24 23:29:55 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hotkey.ini [2012/12/24 09:48:13 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Default.rdp [2012/12/18 21:44:20 | 141,127,181 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Jasper Jauch Downhill Winterberg GoPro Hero 2.mp4 [2012/12/07 10:40:13 | 000,000,474 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012/12/02 19:55:57 | 000,000,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk [2012/11/28 22:14:45 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll [2012/11/05 14:55:21 | 000,004,441 | ---- | C] () -- C:\WINDOWS\jnzn-v48.ini [2012/11/05 14:55:21 | 000,001,442 | ---- | C] () -- C:\WINDOWS\cftpb_d24.ini [2012/10/05 09:24:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2012/05/14 13:48:17 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2012/04/15 14:11:48 | 000,000,082 | ---- | C] () -- C:\WINDOWS\odbc_merge.INI [2012/04/12 14:55:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2012/04/12 13:10:30 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2012/04/12 13:10:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2012/04/12 13:10:28 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\midas.dll [2012/04/12 12:29:17 | 000,015,602 | ---- | C] () -- C:\WINDOWS\System32\SELF32.INI [2012/04/06 05:16:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/04/04 11:51:06 | 000,023,016 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/04/03 14:51:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/04/02 21:22:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012/04/02 19:49:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/04/02 19:49:14 | 000,141,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/04/02 19:48:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll [2012/04/02 19:05:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/04/02 19:02:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012/04/04 13:23:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2011/12/19 09:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/10/05 07:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CheckPoint [2012/12/27 11:45:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite [2012/04/02 20:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DDMSettings [2012/04/02 21:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Downloaded Installations [2012/05/03 19:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Epson [2012/04/11 19:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRightToGo [2012/06/04 16:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\JonDo [2012/11/10 16:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2012/04/04 15:21:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Need for Speed World [2012/12/30 13:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nitro PDF [2012/11/28 12:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++ [2012/05/03 19:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pdfforge [2012/08/24 13:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2012/04/03 16:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012/12/27 11:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012/04/12 13:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012/12/27 19:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro [2012/04/13 14:00:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ijjigame [2012/04/02 21:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF [2012/12/30 12:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan ========== Purity Check ========== < End of report > |
|
30.12.2012, 20:21
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malare etc..Zitat:
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.12.2012, 20:28
| #5 |
| | Verdacht auf Malare etc.. der pc ist bei mir zu hause mein vater hat ein unternehmen der verwendet das fürs kassenbuch.. |
|
30.12.2012, 20:31
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malare etc.. Hast du mal den Kasten KOMPLETT gelesen?!  Hier um es noch zu verdeutlichen:  Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe. Weiß dein Vaddi eigentlich Bescheid was mit seinem wichtigen gewerblich genutzten Rechner los ist?! Hast du das mit ihm abgestimmt? 
__________________ --> Verdacht auf Malare etc.. |
|
30.12.2012, 20:34
| #7 |
| | Verdacht auf Malare etc.. auf dem rechner sind keine kundendaten vorhanden. dieser rechner wird von jedem familienmitglied verwendet.. also bekomm ich keine log analyse? |
|
30.12.2012, 20:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malare etc.. Ich wollte, dass du dich dazu äußerst! Denn ich hab keine Lust auf späteres Geheule wie "löscht meine Logfiles da sind streng geheime private Daten usw zu sehen!!!"  Wenn das für dich bzw. euch ok ist, dann machen wir die Analyse, aber bitte nicht später rumheulen, dass da private Daten in den Logs stehen! Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2012, 20:43
| #9 | |
| | Verdacht auf Malare etc.. Ich werde später nicht rumheulen. Und in den Logfiles sieht man einzelne Dateinamen wie von musik, bilder.. nicht. Zone Alarm hat mal Alarm geschlagen und automatisch auf Malware überprüft (1 Fund gelöscht) und wieder neugestartet. einen Logfile davon habe ich leider nicht. von Malewarebytes habe ich ein Log Zitat:
Geändert von sluum (30.12.2012 um 20:53 Uhr) |
|
30.12.2012, 20:51
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malare etc..Zitat:
 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2012, 20:59
| #11 |
| | Verdacht auf Malare etc.. Ich habe mein vorherigen Post editiert und ein log-file von Malewarebytes hinzugefügt. Aber ich kann/werde auch mit dem anti-rootkit mein Rechner scannen. Geändert von sluum (30.12.2012 um 21:18 Uhr) |
|
30.12.2012, 22:12
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malare etc..Zitat:
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.01.2013, 13:12
| #13 |
| | Verdacht auf Malare etc.. Das ist ein kostenloses online Spiel von meinem bruder und ist kein Crack. P.S: Nachdem ich mit OTL gescannt habe haben sich verschiedene dateien und ordner erstellt im ganzen computer die durchsichtig sind. wieso? z.B thumbs.db Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.01.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: BÜRO [administrator] 1/1/2013 2:13:36 PM mbar-log-2013-01-01 (14-13-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26676 Time elapsed: 31 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Geändert von sluum (01.01.2013 um 13:45 Uhr) |
|
02.01.2013, 15:00
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malare etc..Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2013, 16:34
| #15 |
| | Verdacht auf Malare etc.. Ich weiß nicht wieso. |
|
| Themen zu Verdacht auf Malare etc.. |
| amerika, antivir, avira, backdoor, bho, cyberghost, desktop, error, firefox, flash player, format, helper, homepage, installation, kaspersky, log file, logfile, lws.exe, malware, mozilla, plug-in, realtek, registry, safer networking, scan, security, software, spyware, trojaner |
Linear-Darstellung
