|
Plagegeister aller Art und deren Bekämpfung: Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2010, 17:48 | #1 |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Hallo, auch ich habe ein Problem beim Online-Banking mit der Deutschen Bank. Direkt nach dem Einloggen erscheint ein aufgesetztes Fenster, das in einem 4x7-Tableau nach TANs fragt. Im Hintergrund ist der Login-Bereich mit aktuell korrektem Kontostand zu sehen, auf den man aber keinen Zugriff hat, so lange man das Tableau nicht ausgefüllt hat. Da ich hier im Forum noch kein Thema mit einer 28-TAN-Abfrage gefunden habe, hänge ich einen Screen-Shot an. Ich habe Malwarebytes und OTL scannen lassen, Berichte hängen an. Inzwischen - nach der Bereinigung durch Malwarebytes - ist das Problem (optisch) behoben. D.h. ich kann mich wieder problemlos bei der Deutschen Bank einloggen. Ist mein Rechner damit sauer? Was kann/sollte ich noch tun? Für eine Prüfung und weitere Ratschläge wäre ich sehr dankbar. Luhh Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4934 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 24.10.2010 17:29:50 mbam-log-2010-10-24 (17-29-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 234060 Laufzeit: 1 Stunde(n), 7 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9fdddd30-cacb-3743-e0a1-ad637a385e86} (Trojan.ZbotR.Gen) -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Jens und Selina\Anwendungsdaten\Licoan\mocua.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\UACguatpwrc.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. Code:
ATTFilter OTL logfile created on: 24.10.2010 17:43:27 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = D:\Laptop\Software Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 362,00 Mb Available Physical Memory | 35,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,41 Gb Total Space | 61,95 Gb Free Space | 53,21% Space Free | Partition Type: NTFS Drive D: | 109,63 Gb Total Space | 100,52 Gb Free Space | 91,69% Space Free | Partition Type: NTFS Drive E: | 6,83 Gb Total Space | 0,55 Gb Free Space | 7,99% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Laptop\Software\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe (market maker Software AG) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) PRC - C:\WINDOWS\system32\CmUCREye.exe () PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe () PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe () PRC - C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\CNYHKey.exe (Chicony) PRC - C:\Programme\WISO\Börse2006\bin\dptimersvc.exe (market maker Software AG) PRC - C:\WINDOWS\mHotkey.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) ========== Modules (SafeList) ========== MOD - D:\Laptop\Software\OTL.exe (OldTimer Tools) MOD - C:\Programme\Norton 360\Engine\4.3.0.5\asoehook.dll (Symantec Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation) MOD - C:\Programme\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. ) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (N360) -- C:\Programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation) SRV - (WB10WatchDog) -- C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe (market maker Software AG) SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe () SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe () SRV - (CyberLink Media Library Service) -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (DPTIMER_WB) -- C:\Programme\WISO\Börse2006\bin\dptimersvc.exe (market maker Software AG) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (vasjy) -- C:\WINDOWS\System32\drivers\jrjepo.sys File not found DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101021.003\IDSXpx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation) DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (RT2500USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (CMISTOR) -- C:\WINDOWS\system32\drivers\cmiucr.SYS (C-Media Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech) DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.2.1 FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:5.6.4.9 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5006 [2010.10.18 18:52:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010.10.19 15:21:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010.10.18 19:34:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 14:52:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 14:52:53 | 000,000,000 | ---D | M] [2008.09.01 17:41:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.10.23 18:23:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions [2010.09.27 10:23:16 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2006.05.19 19:13:46 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2) [2010.10.13 17:03:28 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.07.29 22:46:41 | 000,000,000 | ---D | M] (Tradesignal Web Edition) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2010.08.19 23:04:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.22 15:38:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.16 16:08:30 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2007.02.25 10:26:54 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010.08.18 23:10:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.30 18:12:27 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2006.05.19 19:13:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2) [2010.02.24 17:05:22 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.02.14 15:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.03.09 16:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\toolbar_extras@de.yahoo.com [2010.10.23 18:23:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.05.02 00:46:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.03.09 16:09:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2010.04.23 20:58:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.23 20:58:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.23 20:58:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.23 20:58:14 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.23 20:58:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O2 - BHO: (no name) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - No CLSID value found. O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdmcks.dll () O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe () O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe () O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe () O4 - HKCU..\Run: [ProfiDialer] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download all with Free Download Manager - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.10.09 14:46:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.24 17:37:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2010.10.24 17:31:41 | 000,000,000 | ---D | C] -- C:\Avenger [2010.10.24 16:19:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.10.24 16:19:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.24 16:19:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.24 16:19:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.24 16:19:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.19 15:22:45 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys [2010.10.19 15:22:45 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys [2010.10.19 15:22:45 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys [2010.10.19 15:22:44 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys [2010.10.19 15:22:44 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys [2010.10.19 15:22:43 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys [2010.10.19 15:22:43 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys [2010.10.19 15:22:42 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys [2010.10.19 15:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005 [2010.10.18 22:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs [2010.10.18 19:34:19 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2010.10.18 19:33:53 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2010.10.18 19:33:53 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2010.10.18 19:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Symantec Shared [2010.10.18 19:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Symantec [2010.10.18 19:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360 [2010.10.18 19:33:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Sidebar [2010.10.18 19:33:30 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360 [2010.10.18 19:33:15 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.10.18 19:33:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller [2010.10.18 19:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Norton [2010.10.18 19:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2010.10.18 18:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5006 [2010.10.18 18:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cock [2010.10.14 17:18:33 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.14 17:18:32 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.14 17:18:16 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2005.10.09 12:04:35 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.24 17:36:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.24 17:36:04 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.10.24 17:35:59 | 000,087,724 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.10.24 17:35:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.24 17:35:46 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2010.10.23 19:38:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.10.23 19:27:20 | 000,215,552 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.23 17:54:35 | 000,000,031 | ---- | M] () -- C:\WINDOWS\iltwain.ini [2010.10.22 17:29:20 | 000,000,218 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat [2010.10.20 15:13:09 | 000,001,871 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360 Online.LNK [2010.10.20 15:12:36 | 000,697,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB [2010.10.18 19:33:53 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2010.10.18 19:33:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2010.10.18 19:33:53 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2010.10.18 19:33:53 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2010.10.18 18:59:02 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.15 16:29:03 | 001,595,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.14 19:35:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.08 19:06:33 | 000,454,302 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.08 19:06:33 | 000,436,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.08 19:06:33 | 000,083,334 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.08 19:06:33 | 000,070,058 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.20 15:12:17 | 000,697,238 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB [2010.10.19 15:22:45 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat [2010.10.19 15:22:45 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat [2010.10.19 15:22:45 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf [2010.10.19 15:22:45 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf [2010.10.19 15:22:44 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat [2010.10.19 15:22:44 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat [2010.10.19 15:22:44 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf [2010.10.19 15:22:44 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf [2010.10.19 15:22:43 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat [2010.10.19 15:22:43 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat [2010.10.19 15:22:43 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat [2010.10.19 15:22:43 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf [2010.10.19 15:22:43 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf [2010.10.19 15:22:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf [2010.10.19 15:22:42 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat [2010.10.19 15:22:42 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf [2010.10.19 15:21:55 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini [2010.10.18 19:33:53 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2010.10.18 19:33:53 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2010.10.18 19:33:49 | 000,001,871 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360 Online.LNK [2010.10.18 19:13:48 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2009.04.14 21:46:02 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007.08.20 14:06:03 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL [2007.08.20 14:06:03 | 000,000,468 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini [2007.08.20 12:13:54 | 000,003,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mpauth.dat [2007.05.27 20:55:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007.05.27 20:55:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2007.05.02 01:06:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007.05.02 01:03:21 | 000,000,230 | ---- | C] () -- C:\WINDOWS\BUHL.INI [2007.04.16 18:43:12 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.06.12 15:29:13 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI [2006.04.28 15:11:01 | 000,019,822 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.04.23 15:51:03 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.04.22 23:13:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006.04.22 21:49:37 | 000,215,552 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.04.22 21:49:37 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.03.01 15:01:44 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.03.01 15:01:44 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2006.02.28 18:07:24 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.02.28 15:52:15 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2006.02.28 15:52:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll [2006.02.28 15:52:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2006.02.28 15:52:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll [2006.02.28 15:52:15 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll [2006.02.28 15:52:15 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini [2006.02.28 13:18:15 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.02.28 13:18:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.02.28 13:18:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.02.28 13:18:14 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.02.28 13:18:14 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.01.30 13:15:04 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005.10.18 15:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2005.10.16 16:35:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.10.16 14:47:59 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2005.10.12 11:48:49 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll [2005.10.12 08:39:03 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005.10.09 14:55:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.10.09 14:27:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.10.09 13:48:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.10.09 12:25:40 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005.10.09 12:25:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\A3DA537E26.sys [2005.10.09 12:04:35 | 000,730,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys [2005.10.09 12:04:35 | 000,041,243 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll [2005.10.09 12:04:35 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys [2005.10.09 12:04:35 | 000,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll [2005.10.09 11:53:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll [2005.10.09 11:53:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll [2005.10.09 07:47:00 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.10.08 23:52:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.10.08 15:40:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll [2005.10.08 15:40:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI [2005.10.08 15:30:55 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.10.08 15:18:30 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LoopyMusic.wav:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BuzzingBee.wav:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db:KAVICHS @Alternate Data Stream - 68 bytes -> C:\AUTOEXEC.BAT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotek.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\VFDUtil.UNI:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsrv32.rll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Retten.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTimeVR.qtx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qts:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi007.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd007.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PC-Gebrauchsanweisung.pdf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OemLink.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEM-Eula.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvdisp.nvu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLED___J.PRN:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mgxcdr.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_04-b05.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InstallUtil.InstallLog:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpude.qm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xjis.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unicode.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srframe.mmf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sortkey.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\secupd.sig:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\secupd.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.spd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.sdf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\r1033tts.lxa:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prcp.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.sig:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.bin:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mlang.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltts1033.lxa:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\l_intl.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\l_except.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ksc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gm.dls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\geo.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctype.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_950.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_932.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_875.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_874.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_870.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_869.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_865.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_864.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_863.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_862.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_861.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_860.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_858.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_857.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_855.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_852.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_850.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_775.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_737.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_720.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_708.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_500.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_437.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28605.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28603.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28599.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28598.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28597.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28596.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28595.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28594.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28593.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28592.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28591.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_21866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_21027.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_21025.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20932.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20924.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20905.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20880.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20871.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20838.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20833.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20424.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20423.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20420.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20297.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20290.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20285.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20284.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20280.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20278.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20277.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20273.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20269.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20261.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20127.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20108.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20107.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20106.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20105.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20005.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20004.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20003.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20002.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20001.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1361.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1258.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1257.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1256.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1255.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1254.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1253.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1252.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1251.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1250.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1149.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1148.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1147.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1146.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1145.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1144.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1143.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1142.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1141.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1140.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1047.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1026.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10082.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10081.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10079.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10029.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10021.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10017.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10010.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10008.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10007.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10006.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10005.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10004.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10003.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10002.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10001.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_037.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bopomofo.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\big5.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520850.cpx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520437.cpx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLAV32.lib:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3d9caps.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.rll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Channels anzeigen.scf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Seifenblase.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe-Stuck.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Präriewind.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\MREADM_J.TXT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\mozver.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\LavaLamp.avi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Kaffeetasse.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Granit.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\filespecrtrt2500USB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Feder.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Fächer.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\comwarn.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blaue Spitzen 16.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Angler.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\ntuser.dat.LOG:KAVICHS < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.10.2010 17:43:27 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = D:\Laptop\Software Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 362,00 Mb Available Physical Memory | 35,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,41 Gb Total Space | 61,95 Gb Free Space | 53,21% Space Free | Partition Type: NTFS Drive D: | 109,63 Gb Total Space | 100,52 Gb Free Space | 91,69% Space Free | Partition Type: NTFS Drive E: | 6,83 Gb Total Space | 0,55 Gb Free Space | 7,99% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\AOL.exe" = %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found "%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation) "%ProgramFiles%\Skype\Phone\Skype.exe" = %ProgramFiles%\Skype\Phone\Skype.exe:*:enabled:Skype -- File not found "%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found "%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found "%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found "C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\AOL.exe" = %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found "%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation) "%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found "%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found "%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found "C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe" = C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.) "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" = C:\Programme\Home Cinema\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.) "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found "C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found "C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Programme\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat:*:Enabled:patchgrabber -- File not found "C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- File not found "C:\Programme\EA Games\Command and Conquer Generäle\game.dat" = C:\Programme\EA Games\Command and Conquer Generäle\game.dat:*:Enabled:game -- File not found "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard "{0D93041A-03EC-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5 "{0E3E8CBE-C112-4754-B447-83F3E4C381C6}" = WISO Börse 2010 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1929A791-0773-4C6E-99DA-E5988CE4B46C}" = WISO Börse 2006 "{261D0486-9127-4071-BA1D-FE784310752E}" = videon "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .2 "{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Foto 2006 Standard Edition Editor "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Foto 2006 Standard Edition Bibliothek "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro "{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1 "{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch "{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2FEBD11-E587-4C41-AD33-0CD90D26A964}" = Client für die Windows-Rechteverwaltung mit Service Pack 2 "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.8 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN "{EC905264-BCFE-423B-9C42-C3A106266790}" = Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FAF88B432344413595BB2DED98385684}" = DivX User Guide "{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = PowerCineama MakeDVD Module "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "CCleaner" = CCleaner (remove only) "C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0 "C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader "Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem "Easy-WebPrint" = Easy-WebPrint "Free Download Manager_is1" = Free Download Manager 2.1 "GMX Internet Manager" = GMX Internet Manager "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "LetsTrade" = LetsTrade Komponenten "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "medionmusic-manager gold" = medionmusic-manager gold "medionmusic-Suite" = medionmusic-Suite "MedionVFD" = Medion Info Display "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "N360" = Norton 360 "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "PictureItPrem_v11" = Microsoft Foto 2006 Standard Edition "RealPlayer 6.0" = RealPlayer "ShockwaveFlash" = Macromedia Flash Player 8 "ViewpointMediaPlayer" = Viewpoint Media Player "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2006Setup" = Setup-Start von Microsoft Works Suite 2006 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "X10Hardware" = X10 Hardware(TM) "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.11.2009 17:32:34 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes Modul js3250.dll, Version 4.0.0.0, Fehleradresse 0x000290dc. Error - 30.11.2009 19:33:42 | Computer Name = ***-PC | Source = WISO Börse | ID = 1009 Description = Bei der Datenaktualisierung ist während der Ausführung der Aufgabe "Import neuer Kursdaten" der folgende Fehler aufgetreten: "Der Vorgang wurde durch den Benutzer abgebrochen - Fehler 1223(0x4C7)" Error - 29.01.2010 14:52:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00019cfa. Error - 16.02.2010 12:15:23 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00006781. Error - 19.02.2010 12:38:53 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5145, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010a19. Error - 19.02.2010 12:38:55 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010a19. Error - 19.02.2010 12:39:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d. Error - 14.03.2010 13:29:38 | Computer Name = ***-PC | Source = WISO Börse 2010 | ID = 600 Description = Error - 07.04.2010 12:46:46 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00086cf7. Error - 07.04.2010 12:48:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00086cf7. [ System Events ] Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 23.10.2010 13:26:55 | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = Der Server "{959BA0A4-0893-48B4-8B02-BA0DA0A401FE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
24.10.2010, 21:02 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
__________________ |
25.10.2010, 15:17 | #3 |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Hab ich keine Ahnung, ich kenne das Programm nicht und habe es nie wissentlich installiert oder eingesetzt. Habe den Rechner allerdings vor etwa 4 Jahren aus zweiter Hand übernommen.
__________________Hatte zuletzt Avira Antivir und Zonealarm (je die kostenlose Version) installiert, seit Kurzem jetzt Norton 360. Im Zuge der Phishing-Attacke hatte ich zudem versucht, die BOT-CD von Computerbild laufen zu lassen, habe das aber abgebrochen, weil von dort keine Verbindung zum Internet hergestellt werden konnte und es somit nicht die aktuellste Version war. Ansonsten ist der CCleaner bei mir installiert, den ich aber noch nicht benutzt habe. luhh |
25.10.2010, 16:31 | #4 |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Habe gerade gesehen, dass Avenger auch ein Logfile erstellt, siehe unten. Zeitlich liegt es genau zwischen den Scans mit Malwarebytes und OTL. Ich habe aber zwischen diesen beiden Scans definitiv nichts anderes laufen lassen, sondern strikt Eure Anweisung abgearbeitet. Luhh Code:
ATTFilter Logfile of The Avenger version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Error: file "C:\WINDOWS\system32\AcroIEHelpe.dll" not found! Deletion of file "C:\WINDOWS\system32\AcroIEHelpe.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\uacinit.dll" not found! Deletion of file "C:\WINDOWS\system32\uacinit.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Licoan\mocua.exe" not found! Deletion of file "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Licoan\mocua.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\UACguatpwrc.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\UACguatpwrc.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\WINDOWS\system32\xmldm" not found! Deletion of folder "C:\WINDOWS\system32\xmldm" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exis |
25.10.2010, 18:47 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
Naja, meine bescheidene Meinung dazu Ich hab übrigens gerade eine Idee warum der Avenger ausgeführt wurde....denn der Autor von Avenger ist jetzt im Team von Malwarebytes, gut möglich, dass bestimmte Löschprozesse, die einen Neustart benötigen, vom Avenger ausgeführt werden. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV - (vasjy) -- C:\WINDOWS\System32\drivers\jrjepo.sys File not found O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe () O4 - HKCU..\Run: [ProfiDialer] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () [2010.10.24 17:37:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2010.10.18 22:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs [2010.10.18 18:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5006 [2010.10.18 18:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cock [2010.10.23 17:54:35 | 000,000,031 | ---- | M] () -- C:\WINDOWS\iltwain.ini [2010.10.22 17:29:20 | 000,000,218 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2010, 19:12 | #6 | |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
Luhh Code:
ATTFilter All processes killed ========== OTL ========== Service vasjy stopped successfully! Service vasjy deleted successfully! File C:\WINDOWS\System32\drivers\jrjepo.sys File not found not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Showwnd deleted successfully. C:\WINDOWS\ShowWnd.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ProfiDialer deleted successfully. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk moved successfully. C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe moved successfully. C:\WINDOWS\System32\xmldm folder moved successfully. C:\WINDOWS\System32\UAs folder moved successfully. C:\WINDOWS\System32\5006\components folder moved successfully. C:\WINDOWS\System32\5006 folder moved successfully. C:\WINDOWS\System32\cock folder moved successfully. C:\WINDOWS\iltwain.ini moved successfully. C:\WINDOWS\system32\urhtps.dat moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Besitzer User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 348 bytes User: *** ->Temp folder emptied: 1440 bytes ->Temporary Internet Files folder emptied: 10753230 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 71736632 bytes ->Flash cache emptied: 100231 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 3976695 bytes %systemroot%\System32\dllcache .tmp files removed: 1300480 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1621368 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 86,00 mb OTL by OldTimer - Version 3.2.17.1 log created on 10252010_195144 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_68c.dat not found! Registry entries deleted on Reboot... |
25.10.2010, 19:43 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
Du kannst es wiederherstellen aus dem C:\_OTL Ordner, an die Originalstelle zurückkopieren. Notfalls Acrobat neu installieren. Aber das erstmal später. Erstmal bitte CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2010, 20:22 | #8 | |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
Code:
ATTFilter ComboFix 10-10-24.06 - *** 25.10.2010 21:08:32.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.403 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85C3FB64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85DDEDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85E509FC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FB112-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C588C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85CF13EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D6D5C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D6DBFC-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D6F65C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D705C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D71DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D765C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7729C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7C7A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7EDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7F3EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D813B4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D81BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D8ADDC-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D8E65C-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D8E83C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D90BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D95DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9ADDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9B3EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9D664-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9EDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DA46E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DAB7D4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB3B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB7DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB8A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB8DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DC4714-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DD183C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DD4B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DDC3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE35CC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE4A34-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE6A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE73BC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE85C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE983C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DF8DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E03B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E05BCC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85ED1A24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EF629C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EFCDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F13BFC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F1DA1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F37A1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FA7054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FA9DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FAADDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE970C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86002A1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86077A24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8608447C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860C861C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860CCBFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860CF054-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860D1BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860F565C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860F6BFC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861453E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86147DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615CA1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615CDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861CB404-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D2874-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86299DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8629B46C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8629DB64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A2B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A9BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862AB7A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862BDDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862BE504-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C1DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C55C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862CEB64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D2DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D865C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D93E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DD83C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DEDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862E07BC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862E165C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862E5BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862EA3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F03DC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F1BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F73E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F77A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F883C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F9A1C-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630029C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86300984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630245C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630F6E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631083C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863114B4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631164C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631C3EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631E054-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631F744-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86320984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86320B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86320C1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863233E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86326BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86327984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86329BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632C3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632C984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632E3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632E7A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86330DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86331904-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86333B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86333BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863357A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633620C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86336514-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633729C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86337A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863389A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633948C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633B83C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633FBFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863453B4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86347DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86348DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634947C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634AA1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634C47C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634C83C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634CB64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634D5DC-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86352A24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863543E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86356DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863577A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86357DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86359BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635B5CC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635C984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635DA1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635EBFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863627A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863643DC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863695C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8636A7A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8636E3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8636F7A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86371344-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86377DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863787A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86381984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863828EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638C5C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638EB5C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86392B64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86394DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863957A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86396DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863973E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8639A3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8639C3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8639C5C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A07A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A2DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A7BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ADA1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AE3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AE9E8-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B13E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B165C-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B1ACC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B78FC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B9344-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B983C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BC68C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BD3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BD47C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BF484-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C2A4C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C3DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C5A74-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C63E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C65C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863CFDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D13E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D2A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D4BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D4DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D55F4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D97A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DE9B4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E17A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E1BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E283C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E483C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E4A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E583C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E7DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863EC5C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863EC7A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863EE47C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F2A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F35CC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F3DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F45C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F45EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F6824-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F770C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F9594-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FA29C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FC9DC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FCC04-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FD204-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640147C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640283C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86402B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864047A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86405DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86407DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640951C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640A984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640AC0C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640C984-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864127A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864135F4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86414A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86418BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86419204-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864193B4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641965C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641A5C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641E3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641EBFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641F47C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86423A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86426B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86426DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86427A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86428204-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86429494-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864295AC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86429BFC-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642CDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642E64C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642EDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642F3E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86430A1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86430A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86431770-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86435DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86436DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86437984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643BC44-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643E564-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643EB64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644083C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644565C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86446B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86447DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86448AB4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644CDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645CB64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86461DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86463494-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646583C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86466A94-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864783F4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8647C834-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8648D854-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8649F674-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8649FBFC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864A5DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864AEBFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864BADDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864C165C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864C8DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864D33E4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864DEDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E29C4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E6524-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864EADDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864EE984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F0DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FF65C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86500204-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86503B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865047A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865074EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8650983C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86510A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86514B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86516D34-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651783C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651ADDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651CDDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651E65C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865227C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86528ADC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652983C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652E7DC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653035C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86533DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86536504-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86538DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86539C24-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653F354-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86543BFC-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654752C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654A414-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654B674-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654B83C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654B984-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654E234-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86555B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86558A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8656483C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86577BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8657F83C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86583B64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86583DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8658D5C4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8658EBFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86597D4C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659965C-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865B5DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865BB4EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865BD3EC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865C6A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865C7BFC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865CADDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865D3984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865E5A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865F4C6C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865F565C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86600934-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86601A1C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661065C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661A704-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661AD2C-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661CAC4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86621A84-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866237A4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8662CB64-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8665C984-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86687BB4-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86687DDC-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8668A424-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86691C24-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86692864-FFA4-0100-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86692DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866934D4-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-0100-0D24-347CA8A3377C} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programme\mozilla\mozilla.exe c:\windows\system32\spool\prtprocs\w32x86\CNMPD82.DLL c:\windows\system32\spool\prtprocs\w32x86\CNMPP82.DLL c:\windows\system32\UACnstymfpc.log c:\windows\system32\uactmp.db c:\windows\system32\UACultrknaj.dat c:\windows\system32\UACxptyyrua.db . ((((((((((((((((((((((( Dateien erstellt von 2010-09-25 bis 2010-10-25 )))))))))))))))))))))))))))))) . 2010-10-24 14:19 . 2010-10-24 14:19 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes 2010-10-24 14:19 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-24 14:19 . 2010-10-24 14:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-10-24 14:19 . 2010-10-24 14:19 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-10-24 14:19 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-18 17:34 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-10-18 17:34 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-10-18 17:33 . 2010-10-18 17:40 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared 2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\Symantec 2010-10-18 17:33 . 2010-10-18 17:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-10-18 17:33 . 2010-10-18 17:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-10-18 17:33 . 2010-10-20 13:13 -------- d-----w- c:\windows\system32\drivers\N360 2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\Norton 360 2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\Windows Sidebar 2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\NortonInstaller 2010-10-18 17:29 . 2010-10-18 17:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton 2010-10-14 15:18 . 2010-09-18 06:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-14 15:18 . 2010-09-18 06:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-14 15:18 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 10:22 . 2005-10-09 05:46 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:52 . 2005-10-09 05:46 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:52 . 2005-10-09 05:46 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:52 . 2005-10-09 05:46 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:47 . 2005-10-09 05:46 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:47 . 2005-10-09 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:47 . 2005-10-09 05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:50 . 2005-10-09 05:46 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:54 . 2005-10-09 05:46 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:01 . 2005-10-09 05:46 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2005-10-09 05:46 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2005-10-09 05:46 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:11 . 2005-10-09 05:46 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2005-10-09 05:46 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:44 . 2005-10-09 05:46 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2008-12-09 15:23 47616 --sh--r- c:\windows\system32\appconf32.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2006-02-22 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-06-22 237568] "ledpointer"="CNYHKey.exe" [2005-11-10 5585408] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2006-01-27 176128] "InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640] "CHotkey"="mHotkey.exe" [2004-12-08 550912] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-10-04 35328] "Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2008-4-18 1114112] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%ProgramFiles%\\Messenger\\msmsgs.exe"= "%ProgramFiles%\\AOL 9.0\\AOL.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"= "c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"= "c:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"= "c:\\Programme\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [19.10.2010 15:22 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [19.10.2010 15:22 173104] R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [02.10.2010 00:00 692272] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [19.10.2010 15:22 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [19.10.2010 15:22 116784] R2 DPTIMER_WB;WISO Börse Zeitsteuerung;c:\programme\WISO\Börse2006\bin\dptimersvc.exe [29.08.2005 07:00 396800] R2 N360;Norton 360;c:\programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe [19.10.2010 15:22 126392] R2 WB10WatchDog;WISO Börse 2010 Watchdog;c:\programme\Buhl\WISO Börse 2010\bin\watchdog.exe [21.09.2009 12:33 483544] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18.10.2005 15:01 826752] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [28.02.2006 15:51 86784] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25.10.2010 16:03 102448] R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101021.003\IDSXpx86.sys [19.10.2010 22:36 341880] S0 rseb;rseb; [x] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.gmx.de/ IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Download all with Free Download Manager - file://c:\programme\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\programme\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://c:\programme\Free Download Manager\dllink.htm IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/de/ FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5we.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-{FAF88B432344413595BB2DED98385684} - c:\programme\DivX\DivXUserGuideUninstall ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-10-25 21:12 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\programme\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . Zeit der Fertigstellung: 2010-10-25 21:15:44 ComboFix-quarantined-files.txt 2010-10-25 19:15 Vor Suchlauf: 9 Verzeichnis(se), 66.549.514.240 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 66.572.242.944 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - C40DF065F7F1DF49C8A88D6F606C0DF1 |
27.10.2010, 07:39 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
27.10.2010, 19:05 | #10 |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach Login GMER ist sowohl im normalen als auch im abgesicherten Modus abgestürzt. Danach habe ich OSAM und MBRCheck laufen lassen. Hier die Logfiles: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:52:39 on 27.10.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys "catchme" (catchme) - ? - C:\DOKUME~1\JENSUN~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101026.001\IDSxpx86.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVEX15.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "rseb" (rseb) - ? - C:\WINDOWS\system32\drivers\rseb.sys (File not found) "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMEFA.SYS "Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS "Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\1031\UNBIND.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "MedionShop" - ? - hxxp://www.medionshop.de/ (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab {02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL / hxxp://office.microsoft.com/templates/ieawsdc.cab {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - (File not found | COM-object registry key not found) {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdmcks.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\IPSBHO.DLL {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "CHotkey" - ? - mHotkey.exe "EM_EXEC" - "Logitech Inc. " - C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE "InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "ledpointer" - "Chicony" - CNYHKey.exe "MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe" "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Canon BJ Language Monitor MP180" - "CANON INC." - C:\WINDOWS\system32\CNMLM82.DLL "MLMON__J.DLL" - ? - MLMON__J.DLL (File not found) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "Norton 360" (N360) - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WISO Börse 2010 Watchdog" (WB10WatchDog) - "market maker Software AG" - C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe "WISO Börse Zeitsteuerung" (DPTIMER_WB) - "market maker Software AG" - C:\Programme\WISO\Börse2006\bin\dptimersvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000003fc Kernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xF7A50000 \WINDOWS\system32\KDCOM.DLL 0xF7960000 \WINDOWS\system32\BOOTVID.dll 0xF7420000 ACPI.sys 0xF7A52000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF740F000 pci.sys 0xF7550000 isapnp.sys 0xF7B18000 pciide.sys 0xF77D0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7560000 MountMgr.sys 0xF73F0000 ftdisk.sys 0xF77D8000 PartMgr.sys 0xF7570000 VolSnap.sys 0xF73D8000 atapi.sys 0xF7580000 disk.sys 0xF7590000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF73B8000 fltmgr.sys 0xF7362000 SYMDS.SYS 0xF7350000 sr.sys 0xF7323000 SYMEFA.SYS 0xF730C000 KSecDD.sys 0xF727F000 Ntfs.sys 0xF7252000 NDIS.sys 0xF75A0000 ohci1394.sys 0xF75B0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7238000 Mup.sys 0xF66F1000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF62B1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF629D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6275000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF7920000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF6251000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF78D8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF6187000 \SystemRoot\system32\DRIVERS\3xHybrid.sys 0xF6164000 \SystemRoot\system32\DRIVERS\ks.sys 0xF7A00000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0xF78E8000 \SystemRoot\system32\DRIVERS\RTL8139.SYS 0xF604B000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0xF7A5E000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF78F0000 \SystemRoot\System32\Drivers\Modem.SYS 0xF78F8000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF66E1000 \SystemRoot\system32\DRIVERS\serial.sys 0xF7A0C000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF6037000 \SystemRoot\system32\DRIVERS\parport.sys 0xF66D1000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF66C1000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF66B1000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7910000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF7C52000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF66A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7A18000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6020000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF6691000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF6681000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7928000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF7930000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7938000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7660000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7940000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7948000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7ABA000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5FC2000 \SystemRoot\system32\DRIVERS\update.sys 0xF7A24000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF76C0000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xEF92E000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xEF90A000 \SystemRoot\system32\drivers\portcls.sys 0xF20A4000 \SystemRoot\system32\drivers\drmk.sys 0xF076D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A9C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xEDC9B000 \SystemRoot\System32\Drivers\Null.SYS 0xF7AA6000 \SystemRoot\System32\Drivers\Beep.SYS 0xEDCDF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xEDCD7000 \SystemRoot\System32\drivers\vga.sys 0xF7ABE000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7AD2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xEDCCF000 \SystemRoot\System32\Drivers\Msfs.SYS 0xEDCC7000 \SystemRoot\System32\Drivers\Npfs.SYS 0xED4D9000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xEC22B000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xED864000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xEC1B8000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xEC192000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xEC13B000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS 0xED854000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xEC116000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 0xED57C000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xED115000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xED814000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xEBB15000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101026.001\IDSxpx86.sys 0xEB004000 \SystemRoot\system32\DRIVERS\cmiucr.SYS 0xEBAED000 \SystemRoot\system32\DRIVERS\netbt.sys 0xEBACB000 \SystemRoot\System32\drivers\afd.sys 0xF1978000 \SystemRoot\system32\DRIVERS\netbios.sys 0xEBAAC000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS 0xF051A000 \SystemRoot\system32\DRIVERS\LHidFlt2.sys 0xF67C0000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF76A0000 \SystemRoot\system32\DRIVERS\LMouFlt2.sys 0xEBA71000 \SystemRoot\system32\DRIVERS\rt2500usb.sys 0xEC894000 \SystemRoot\System32\Drivers\x10ufx2.sys 0xEFDAA000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xEDB6A000 \SystemRoot\system32\DRIVERS\LKbdFlt2.sys 0xF76D0000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS 0xEBA46000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xEB9D6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF76B0000 \SystemRoot\System32\Drivers\Fips.SYS 0xEB978000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys 0xEB95B000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0xEB8DC000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys 0xEB830000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys 0xEB80C000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xEB7F4000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xEF60A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF79FC000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7900000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF2705000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xF78A8000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xEF56B000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB9DAB000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB956E000 \SystemRoot\system32\drivers\wdmaud.sys 0xF1998000 \SystemRoot\system32\drivers\sysaudio.sys 0xB938C000 \SystemRoot\System32\Drivers\HTTP.sys 0xB92E4000 \SystemRoot\system32\DRIVERS\srv.sys 0xEFF13000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xEF260000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB8ABD000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS 0xB8857000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVEX15.SYS 0xB881B000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVENG.SYS 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 44): 0 System Idle Process 4 System 340 C:\WINDOWS\system32\smss.exe 460 csrss.exe 484 C:\WINDOWS\system32\winlogon.exe 528 C:\WINDOWS\system32\services.exe 540 C:\WINDOWS\system32\lsass.exe 700 C:\WINDOWS\system32\svchost.exe 748 svchost.exe 788 C:\WINDOWS\system32\svchost.exe 848 svchost.exe 896 svchost.exe 1124 C:\WINDOWS\system32\spoolsv.exe 1236 svchost.exe 1324 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe 1372 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe 1472 C:\Programme\WISO\Börse2006\bin\dptimersvc.exe 1488 C:\WINDOWS\explorer.exe 1576 C:\WINDOWS\system32\svchost.exe 1616 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 1704 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe 1720 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe 1864 C:\WINDOWS\system32\nvsvc32.exe 1888 C:\Programme\CyberLink\Shared Files\RichVideo.exe 136 C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe 1328 C:\WINDOWS\RTHDCPL.exe 1332 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 1404 C:\Programme\Home Cinema\PowerCinema\PCMService.exe 1436 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe 1012 C:\WINDOWS\system32\CmUCREye.exe 1780 C:\WINDOWS\CNYHKey.exe 2056 C:\Programme\Medion Info Display\MdionLCM.exe 2244 C:\WINDOWS\mHotkey.exe 2372 C:\PROGRA~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE 2420 wmpnetwk.exe 2444 C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe 2508 C:\Programme\Windows Media Player\wmpnscfg.exe 2948 C:\Programme\RALINK\Common\RaUI.exe 3164 wmiprvse.exe 3176 alg.exe 3412 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe 4044 C:\Programme\Mozilla Firefox\firefox.exe 4088 D:\Software\OSAM\osam.exe 3160 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1a8eb800 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32) PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 8A043C284E07523D32F6E05E5BC7831784FB924F Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
27.10.2010, 19:27 | #11 |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Seit dem Absturz von GMER ist mein Rechner spürbar langsamer geworden, sowohl beim Hochfahren als auch beim Starten von Programmen. Außerdem erscheint beim Hochfahren, wenn ich den Windows-Modus wählen kann, u.a. die Option "do not select this [Debugger aktiviert]". Hängt das irgendwie mit dem abgebrochenen GMER-Scan zusammen und muss/kann ich diesbez. noch etwas tun? Luhh |
27.10.2010, 21:30 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.10.2010, 16:55 | #13 |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach Login rsep-Löschung durchgeführt. Allerdings hat sich kein Report nach der Löschaktion (und anschließendem Neustart) geöffnet. Anbei das neueste Logfile vom OSAM-Scan. Luhh Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:49:19 on 28.10.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys "catchme" (catchme) - ? - C:\DOKUME~1\JENSUN~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101027.001\IDSxpx86.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101027.050\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101027.050\NAVEX15.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMEFA.SYS "Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS "Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\1031\UNBIND.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "MedionShop" - ? - hxxp://www.medionshop.de/ (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab {02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL / hxxp://office.microsoft.com/templates/ieawsdc.cab {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - (File not found | COM-object registry key not found) {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdmcks.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\IPSBHO.DLL {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "CHotkey" - ? - mHotkey.exe "EM_EXEC" - "Logitech Inc. " - C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE "InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "ledpointer" - "Chicony" - CNYHKey.exe "MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe" "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Canon BJ Language Monitor MP180" - "CANON INC." - C:\WINDOWS\system32\CNMLM82.DLL "MLMON__J.DLL" - ? - MLMON__J.DLL (File not found) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "Norton 360" (N360) - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WISO Börse 2010 Watchdog" (WB10WatchDog) - "market maker Software AG" - C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe "WISO Börse Zeitsteuerung" (DPTIMER_WB) - "market maker Software AG" - C:\Programme\WISO\Börse2006\bin\dptimersvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
28.10.2010, 19:40 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus. Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen) Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus den mbrcheck nochmals aus und poste das neue Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.10.2010, 14:15 | #15 |
| Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Erledigt! Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000003fc Kernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xF7A50000 \WINDOWS\system32\KDCOM.DLL 0xF7960000 \WINDOWS\system32\BOOTVID.dll 0xF7420000 ACPI.sys 0xF7A52000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF740F000 pci.sys 0xF7550000 isapnp.sys 0xF7B18000 pciide.sys 0xF77D0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7560000 MountMgr.sys 0xF73F0000 ftdisk.sys 0xF77D8000 PartMgr.sys 0xF7570000 VolSnap.sys 0xF73D8000 atapi.sys 0xF7580000 disk.sys 0xF7590000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF73B8000 fltmgr.sys 0xF7362000 SYMDS.SYS 0xF7350000 sr.sys 0xF7323000 SYMEFA.SYS 0xF730C000 KSecDD.sys 0xF727F000 Ntfs.sys 0xF7252000 NDIS.sys 0xF75A0000 ohci1394.sys 0xF75B0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7238000 Mup.sys 0xF76A0000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF6120000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF610C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF60E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF78D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF60C0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF78E0000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF5FF6000 \SystemRoot\system32\DRIVERS\3xHybrid.sys 0xF5FD3000 \SystemRoot\system32\DRIVERS\ks.sys 0xF71FC000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0xF78F0000 \SystemRoot\system32\DRIVERS\RTL8139.SYS 0xF5EBA000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0xF7A6C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF78F8000 \SystemRoot\System32\Drivers\Modem.SYS 0xF7900000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF76B0000 \SystemRoot\system32\DRIVERS\serial.sys 0xF71F0000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF5EA6000 \SystemRoot\system32\DRIVERS\parport.sys 0xF76C0000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF76D0000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76E0000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7908000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF7C8F000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7700000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF79E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5E8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7710000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7720000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7910000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF7918000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7920000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7670000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7928000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7930000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7A6E000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5E31000 \SystemRoot\system32\DRIVERS\update.sys 0xF79F8000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF6520000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF3573000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xF354F000 \SystemRoot\system32\drivers\portcls.sys 0xF7790000 \SystemRoot\system32\drivers\drmk.sys 0xF75E0000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7ADC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7B6D000 \SystemRoot\System32\Drivers\Null.SYS 0xF7ADE000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7860000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7858000 \SystemRoot\System32\drivers\vga.sys 0xF7AE0000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7AE2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7898000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7888000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF6623000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF2155000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF7640000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF20FC000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF20A5000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS 0xF7730000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF207F000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF205A000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 0xF2002000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101028.001\IDSxpx86.sys 0xF1FDA000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF1FB8000 \SystemRoot\System32\drivers\afd.sys 0xF344D000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF1F99000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS 0xF7828000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF25DF000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF33FD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF1F83000 \SystemRoot\system32\DRIVERS\cmiucr.SYS 0xF33ED000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS 0xF1F58000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF1EE8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF33DD000 \SystemRoot\System32\Drivers\Fips.SYS 0xF1E8A000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys 0xF1E6D000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0xF1DEE000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys 0xF1D42000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys 0xF78E8000 \SystemRoot\system32\DRIVERS\LHidFlt2.sys 0xF39FB000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF2268000 \SystemRoot\system32\DRIVERS\LMouFlt2.sys 0xF1CDF000 \SystemRoot\system32\DRIVERS\rt2500usb.sys 0xF7958000 \SystemRoot\System32\Drivers\x10ufx2.sys 0xF39FF000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF7AF0000 \SystemRoot\system32\DRIVERS\LKbdFlt2.sys 0xF1CBB000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF1CA3000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7A56000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF39F7000 \SystemRoot\System32\drivers\Dxapi.sys 0xF78B8000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B7C000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0x9FF6B000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xF1D36000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9E1AA000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0x9D945000 \SystemRoot\system32\drivers\wdmaud.sys 0xF6500000 \SystemRoot\system32\drivers\sysaudio.sys 0x9D79C000 \SystemRoot\System32\Drivers\HTTP.sys 0x9D6CC000 \SystemRoot\system32\DRIVERS\srv.sys 0xF2248000 \SystemRoot\system32\DRIVERS\secdrv.sys 0x9D69C000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9CD15000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS 0x9CB9F000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101028.041\NAVEX15.SYS 0x9CB8B000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101028.041\NAVENG.SYS 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 46): 0 System Idle Process 4 System 328 C:\WINDOWS\system32\smss.exe 448 csrss.exe 480 C:\WINDOWS\system32\winlogon.exe 524 C:\WINDOWS\system32\services.exe 536 C:\WINDOWS\system32\lsass.exe 700 C:\WINDOWS\system32\svchost.exe 744 svchost.exe 784 C:\WINDOWS\system32\svchost.exe 864 svchost.exe 892 svchost.exe 1108 C:\WINDOWS\system32\spoolsv.exe 1228 svchost.exe 1312 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe 1432 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe 1452 C:\Programme\WISO\Börse2006\bin\dptimersvc.exe 1484 C:\WINDOWS\explorer.exe 1612 C:\WINDOWS\system32\svchost.exe 1636 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 1688 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe 1728 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe 1852 C:\WINDOWS\system32\nvsvc32.exe 1884 C:\Programme\CyberLink\Shared Files\RichVideo.exe 2028 C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe 2016 C:\WINDOWS\RTHDCPL.exe 264 C:\Programme\Home Cinema\PowerCinema\PCMService.exe 456 C:\WINDOWS\system32\CmUCREye.exe 676 C:\WINDOWS\CNYHKey.exe 960 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 904 C:\WINDOWS\system32\wuauclt.exe 1176 C:\Programme\Medion Info Display\MdionLCM.exe 1260 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe 380 C:\WINDOWS\mHotkey.exe 1004 C:\PROGRA~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE 1896 C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe 2076 wmpnetwk.exe 2128 C:\Programme\Windows Media Player\wmpnscfg.exe 2596 C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe 2612 C:\Programme\RALINK\Common\RaUI.exe 2848 wmiprvse.exe 2988 alg.exe 3620 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe 2116 C:\Programme\Mozilla Firefox\firefox.exe 3368 C:\Programme\Mozilla Firefox\plugin-container.exe 2448 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1a8eb800 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32) PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done! |
Themen zu Deutsche Bank 28-TAN-Tableau-Abfrage nach Login |
0x00000001, acroiehelpe.dll, adblock, alternate, appconf32.exe, bonjour, browser, components, desktop, deutsche bank, e-banking, error, firefox, firefox.exe, flash player, format, free download, google, helper, home, hängen, install.exe, installation, intrusion prevention, location, logfile, mozilla, msvcp90.dll, nach login, oldtimer, otl logfile, otl scan, otl.exe, plug-in, problem, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, skype.exe, software, stolen.data, symantec, system, system restore, trojan.zbotr.gen, usb, windows internet, wireless lan, wiso, xmldm |