| |
| |||||||
Log-Analyse und Auswertung: Trojaner fake alertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.08.2011, 13:00
| #3 |
 |  Trojaner fake alert Hallo M-K-D-B,
__________________vielen Dank für die schnelle Antwort. Nach dem ich alle Programme habe laufen lassen sind zumindest die Ordner wieder sichtbar, aber keine Unterordner.  MaleWare Log: Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7354
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02.08.2011 14:45:52
mbam-log-2011-08-02 (14-45-52).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 197752
Laufzeit: 3 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{DFB4667B-5304-4CD5-B494-2742ACD99212} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7914D9F0-DD27-4260-9BC1-AE01834B77CA} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7914D9F0-DD27-4260-9BC1-AE01834B77CA} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7914D9F0-DD27-4260-9BC1-AE01834B77CA} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7914D9F0-DD27-4260-9BC1-AE01834B77CA} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XTTB00001.XTTB00001.1 (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XTTB00001.XTTB00001 (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrQomoSeRsxGSiA (Trojan.FakeAlert) -> Value: rrQomoSeRsxGSiA -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Value: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Value: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Value: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Value: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\rrqomosersxgsia.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programme\T-Online\t-online_toolbar_2\t-online_toolbar_2.0.dll (Adware.ToolBar) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:47 on 03/08/2011 (User)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F
OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.08.2011 12:54:37 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 73,69% Memory free 4,84 Gb Paging File | 4,08 Gb Available in Paging File | 84,29% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 79,99 Gb Total Space | 21,53 Gb Free Space | 26,92% Space Free | Partition Type: FAT32 Drive D: | 1,94 Gb Total Space | 1,93 Gb Free Space | 99,45% Space Free | Partition Type: FAT Computer Name: RECHNER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.02 14:21:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.05.25 14:06:20 | 000,037,664 | -H-- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.05.17 17:46:02 | 004,706,208 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe PRC - [2011.05.17 17:45:56 | 000,735,648 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.02.26 16:19:26 | 000,603,904 | -H-- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2010.02.18 11:43:20 | 000,490,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.05.27 10:07:48 | 002,230,024 | -H-- | M] () -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe PRC - [2008.12.16 21:59:50 | 000,150,040 | -H-- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008.04.30 17:52:36 | 000,200,704 | -H-- | M] (OptionNV) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe PRC - [2008.04.14 11:45:08 | 000,262,144 | -H-- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.26 14:13:22 | 000,073,728 | -H-- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2008.01.22 11:13:32 | 001,201,448 | -H-- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2008.01.22 11:13:26 | 000,275,752 | -H-- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe PRC - [2008.01.22 11:13:20 | 000,152,872 | -H-- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | -H-- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2006.06.07 16:57:46 | 000,266,295 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe ========== Modules (SafeList) ========== MOD - [2011.08.02 14:21:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.25 14:06:20 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.05.17 17:45:56 | 000,735,648 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.02.26 16:19:26 | 000,603,904 | -H-- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.02.26 16:19:24 | 000,362,752 | -H-- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.06.02 10:10:08 | 000,637,952 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.05.27 10:07:48 | 002,230,024 | -H-- | M] () [Auto | Running] -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001) SRV - [2009.02.05 12:35:28 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.12.16 21:59:50 | 000,150,040 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.11.07 11:37:38 | 000,027,904 | -H-- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.15 05:46:20 | 000,284,016 | -H-- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.05.02 02:42:06 | 000,121,360 | -H-- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.04.30 17:52:36 | 000,200,704 | -H-- | M] (OptionNV) [Auto | Running] -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc) SRV - [2008.04.14 11:45:08 | 000,262,144 | -H-- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2008.02.26 14:13:22 | 000,073,728 | -H-- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008.01.22 11:13:26 | 000,275,752 | -H-- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007.01.31 14:55:42 | 000,096,370 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.11.03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.06.07 16:57:46 | 000,266,295 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2004.10.22 03:24:18 | 000,073,728 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.08.03 10:54:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{F221C2A9-6BC4-452E-AB5C-0BEE659FFAF8}\MpKslc9523bfc.sys -- (MpKslc9523bfc) DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.05.06 09:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2009.02.03 12:47:06 | 000,016,608 | -H-- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008.12.17 08:01:20 | 000,041,752 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.12.17 08:00:12 | 000,768,024 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.12.17 07:53:44 | 002,686,104 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2008.12.17 07:53:22 | 000,013,848 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2008.12.16 21:58:54 | 000,025,624 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.08.26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.14 11:45:12 | 000,012,416 | -H-- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb) DRV - [2008.04.14 11:45:12 | 000,010,752 | -H-- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D) DRV - [2008.04.14 11:45:08 | 000,011,136 | -H-- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2008.02.29 03:13:46 | 000,028,944 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 03:13:24 | 000,036,880 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.02.29 03:12:48 | 000,020,240 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008.02.18 17:14:38 | 000,106,624 | -H-- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV - [2008.02.14 10:04:06 | 004,676,096 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.02.08 13:00:22 | 000,059,648 | -H-- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS) DRV - [2008.01.03 15:10:16 | 000,105,856 | RH-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.03.30 13:38:14 | 000,008,064 | -H-- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER) DRV - [2007.01.29 17:12:52 | 000,018,432 | -H-- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC) DRV - [2006.06.14 13:44:30 | 000,012,288 | RH-- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP) DRV - [2006.06.07 22:06:58 | 000,329,901 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006.06.07 16:33:34 | 000,855,018 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.06.07 16:29:10 | 000,030,459 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.06.07 16:28:20 | 000,149,028 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.06.07 16:26:52 | 000,067,384 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.06.07 16:23:20 | 000,047,811 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2004.05.17 14:04:16 | 000,041,984 | -H-- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2002.05.01 01:27:22 | 000,041,984 | -H-- | M] (ALCATech GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL) DRV - [2001.05.28 15:30:00 | 000,008,864 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS -- (MarxDev3) DRV - [2001.05.28 15:30:00 | 000,008,864 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS -- (MarxDev2) DRV - [2001.05.28 15:30:00 | 000,008,864 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS -- (MarxDev1) DRV - [1997.12.23 02:00:00 | 000,023,936 | -H-- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=hxxp://www.t-online.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.21 08:25:16 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.13 13:10:24 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.02.16 09:46:22 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.02.16 09:46:22 | 000,000,000 | -H-D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.13 13:10:24 | 000,000,000 | -H-D | M] [2009.02.16 09:46:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.02.16 09:46:22 | 000,000,000 | -H-D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2009.08.18 08:43:34 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.08.18 08:43:34 | 000,002,344 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2009.08.18 08:43:34 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2009.08.18 08:43:34 | 000,000,801 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2009.09.14 13:52:48 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 11:25:50 | 000,002,197 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-search.xml O1 HOSTS File: ([2009.02.05 17:06:16 | 000,001,343 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} hxxp://server/ConnectComputer/nshelp.dll (NSHelp Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233666754375 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://file-transfer.az-direct.com/COM/MOVEitUploadWizard7.0.0.ocx (MOVEitUpDownWiz Class) O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.49 217.0.43.33 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.01.18 10:55:56 | 000,000,058 | -H-- | M] () - C:\AUTOEXEC -- [ FAT32 ] O32 - AutoRun File - [2009.02.03 12:22:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ] O32 - AutoRun File - [2011.07.04 13:06:38 | 000,000,036 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{643ee38b-22eb-11df-9b37-001fd00e383e}\Shell - "" = AutoRun O33 - MountPoints2\{643ee38b-22eb-11df-9b37-001fd00e383e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{643ee38b-22eb-11df-9b37-001fd00e383e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{643ee38c-22eb-11df-9b37-001fd00e383e}\Shell\AutoRun\command - "" = sp1jensi.exe O33 - MountPoints2\{643ee38c-22eb-11df-9b37-001fd00e383e}\Shell\open\Command - "" = sp1jensi.exe O33 - MountPoints2\{6fea1d78-26d6-11df-9b39-001fd00e383e}\Shell - "" = AutoRun O33 - MountPoints2\{6fea1d78-26d6-11df-9b39-001fd00e383e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6fea1d78-26d6-11df-9b39-001fd00e383e}\Shell\AutoRun\command - "" = I:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BC44F053-C22D-4BEF-B9FB-3CD538460A65} - T-Online Toolbar ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: >{FD1C598E-2292-4FEE-A62E-D9E7214B1C61} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found MsConfig - Services: "Adobe Version Cue CS4" MsConfig - Services: "AcrSch2Svc" MsConfig - Services: "NVSvc" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - C:\Programme\Belkin\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan.lnk - C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe - (McAfee, Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ScanSnap Manager.lnk - C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe - (PFU LIMITED) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.) MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - File not found MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: ASUSGamerOSD - hkey= - key= - File not found MsConfig - StartUpReg: CardMinder - hkey= - key= - C:\Programme\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe (PFU Limited.) MsConfig - StartUpReg: GEST - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Programme\Logitech\QuickCam\Quickcam.exe () MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: Pdfquickview - hkey= - key= - C:\Programme\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe () MsConfig - StartUpReg: PfuSsSct.exe - hkey= - key= - C:\Programme\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - File not found MsConfig - StartUpReg: WEB.DE_WEB.DE MultiMessenger - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.08.03 12:23:50 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2011.08.03 12:23:42 | 000,000,000 | ---D | C] -- C:\VFAT32 (C) [2011.08.02 15:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\SpyHunter [2011.08.02 15:31:18 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011.08.02 15:31:18 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2011.08.02 15:30:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2011.08.02 15:29:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Windows Search [2011.08.02 14:25:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2011.08.02 14:25:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.02 14:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.08.02 14:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.08.02 14:25:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.02 14:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.08.02 14:20:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent [2011.08.02 14:02:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\System Repair [2011.07.27 15:21:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nero 7 Premium [2011.07.27 15:20:16 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Ahead [2011.07.25 15:44:38 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2011.07.25 15:35:35 | 000,000,000 | -H-D | C] -- C:\Work [2011.07.20 10:01:20 | 000,000,000 | -H-D | C] -- C:\Sperrlisten [2011.07.19 15:11:43 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [2011.07.19 15:10:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2011.07.19 15:09:47 | 000,000,000 | -H-D | C] -- C:\Programme\iPod [2011.07.19 15:09:46 | 000,000,000 | -H-D | C] -- C:\Programme\iTunes [2011.07.19 15:09:46 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.07.19 15:09:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Apple Computer [2011.07.19 15:08:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2011.07.19 15:08:19 | 000,000,000 | -H-D | C] -- C:\Programme\QuickTime [2011.07.19 15:07:45 | 000,000,000 | -H-D | C] -- C:\Programme\Apple Software Update [2011.07.19 15:05:40 | 000,000,000 | -H-D | C] -- C:\Programme\Bonjour [2011.07.07 10:48:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Fujitsu [2011.07.07 09:38:48 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Mein ScanSnap [2011.07.07 09:37:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\InstallShield [2011.07.07 09:35:36 | 000,000,000 | -H-D | C] -- C:\Software [2011.07.06 10:39:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Clementine 8.5 [2011.07.06 10:39:31 | 000,000,000 | -H-D | C] -- C:\Programme\Clementine [2011.07.06 10:34:36 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SPSS für Windows [2011.07.06 10:34:36 | 000,000,000 | -H-D | C] -- C:\Programme\SPSS [2011.07.04 14:18:02 | 000,000,000 | -H-D | C] -- C:\Programme\Microsoft Security Client [2011.07.04 13:29:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canon [2011.07.04 13:04:06 | 000,000,000 | -H-D | C] -- C:\DBASE [2011.07.04 13:00:16 | 001,044,480 | -H-- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL [2011.07.04 13:00:15 | 000,158,720 | -H-- | C] (Mey & Westphal Germany - Hamburg) -- C:\WINDOWS\System32\REGCOL.DLL [2011.07.04 13:00:14 | 000,861,128 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\todg6.ocx [2011.07.04 13:00:14 | 000,670,904 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tdbg5.ocx [2011.07.04 13:00:14 | 000,242,640 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\todgub6.dll [2011.07.04 13:00:14 | 000,111,552 | -H-- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\xarraydb.ocx [2011.07.04 13:00:13 | 000,823,784 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tdbg6.ocx [2011.07.04 13:00:13 | 000,671,936 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\todg5.ocx [2011.07.04 13:00:13 | 000,316,344 | -H-- | C] (Apex Software Corporation) -- C:\WINDOWS\System32\tdbgpp.dll [2011.07.04 13:00:13 | 000,258,048 | -H-- | C] (ABIS_AG) -- C:\WINDOWS\System32\ABISPrnt.dll [2011.07.04 13:00:13 | 000,192,512 | -H-- | C] (Howland & Partner GmbH) -- C:\WINDOWS\System32\abisutil.dll [2011.07.04 13:00:13 | 000,086,504 | -H-- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\XARRAY32.OCX [2011.07.04 13:00:12 | 001,024,000 | -H-- | C] (Howland & Partner GmbH) -- C:\WINDOWS\System32\ABISMDSC.DLL [2011.07.04 13:00:12 | 000,200,704 | -H-- | C] (ABIS_AG) -- C:\WINDOWS\System32\ABISLng.dll [2011.07.04 12:56:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Help [2011.07.04 12:56:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Help [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.03 12:55:32 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2011.08.03 12:47:48 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2011.08.03 12:43:02 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.03 12:40:50 | 000,050,477 | ---- | M] () -- C:\Defogger.exe [2011.08.03 12:38:48 | 000,294,216 | ---- | M] () -- C:\gmer.zip [2011.08.03 12:01:22 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.08.03 12:00:02 | 000,000,490 | -H-- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.08.03 10:59:06 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011.08.03 10:54:42 | 000,002,422 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.03 10:54:10 | 000,000,236 | -H-- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2011.08.03 10:54:08 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.08.03 10:54:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.03 10:54:00 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys [2011.08.02 15:55:18 | 002,146,056 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.02 15:31:20 | 000,001,861 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SpyHunter.lnk [2011.08.02 14:25:54 | 000,000,666 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.02 14:21:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2011.08.02 14:02:22 | 000,000,208 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fz [2011.08.02 14:02:22 | 000,000,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fzr [2011.08.02 14:02:14 | 000,000,757 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\System Repair.lnk [2011.08.02 14:02:14 | 000,000,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\P1kAlMiG2Kb7Fz [2011.08.02 11:00:28 | 000,271,490 | -H-- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011.07.27 16:39:56 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.07.27 13:59:24 | 000,001,544 | -H-- | M] () -- C:\WINDOWS\TEXTPAD0.TWS [2011.07.19 15:07:48 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.07.18 15:45:02 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK [2011.07.07 10:51:32 | 000,000,375 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Scans.lnk [2011.07.07 10:43:36 | 000,000,033 | -H-- | M] () -- C:\PfuSsMon32.cfg [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.07.06 10:35:24 | 000,000,502 | -H-- | M] () -- C:\WINDOWS\System32\spssprod.inf [2011.07.06 10:35:22 | 000,000,195 | -H-- | M] () -- C:\WINDOWS\SpssLM.ini [2011.07.04 14:32:24 | 000,479,068 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.07.04 14:32:24 | 000,437,160 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.07.04 14:32:24 | 000,092,218 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.07.04 14:32:24 | 000,069,386 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.07.04 14:18:32 | 000,001,912 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif [2011.07.04 13:46:00 | 000,002,505 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Microsoft Office Excel 2007.lnk [2011.07.04 13:07:14 | 000,000,439 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\CATALOG.CAT [2011.07.04 13:07:14 | 000,000,258 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\XYZ.CAT [2011.07.04 13:06:38 | 000,000,036 | -H-- | M] () -- C:\AUTOEXEC.BAT [2011.07.04 13:06:38 | 000,000,028 | -H-- | M] () -- C:\CONFIG.SYS [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.03 12:47:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2011.08.03 12:45:30 | 000,294,216 | ---- | C] () -- C:\gmer.zip [2011.08.03 12:45:30 | 000,050,477 | ---- | C] () -- C:\Defogger.exe [2011.08.02 15:31:19 | 000,001,861 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SpyHunter.lnk [2011.08.02 14:25:53 | 000,000,666 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.02 14:02:20 | 000,000,208 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fz [2011.08.02 14:02:20 | 000,000,160 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fzr [2011.08.02 14:02:13 | 000,000,757 | -H-- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\System Repair.lnk [2011.08.02 14:02:12 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\P1kAlMiG2Kb7Fz [2011.07.07 10:51:06 | 000,000,375 | -H-- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Scans.lnk [2011.07.06 10:35:21 | 000,000,502 | -H-- | C] () -- C:\WINDOWS\System32\spssprod.inf [2011.07.06 10:35:21 | 000,000,195 | -H-- | C] () -- C:\WINDOWS\SpssLM.ini [2011.07.04 14:23:25 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011.07.04 14:23:24 | 000,000,382 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2011.07.04 14:18:31 | 000,001,912 | -H-- | C] () -- C:\WINDOWS\epplauncher.mif [2011.07.04 13:07:12 | 000,000,439 | -H-- | C] () -- C:\Dokumente und Einstellungen\User\CATALOG.CAT [2011.07.04 13:07:12 | 000,000,258 | -H-- | C] () -- C:\Dokumente und Einstellungen\User\XYZ.CAT [2011.07.04 13:00:14 | 000,396,288 | -H-- | C] () -- C:\WINDOWS\System32\vbupfstr.DLL [2011.07.04 13:00:14 | 000,141,312 | -H-- | C] () -- C:\WINDOWS\System32\abisdb.DLL [2011.07.04 13:00:14 | 000,112,640 | -H-- | C] () -- C:\WINDOWS\System32\vbdsc32.DLL [2011.07.04 13:00:14 | 000,104,448 | -H-- | C] () -- C:\WINDOWS\System32\vbio32.DLL [2011.07.04 13:00:14 | 000,033,280 | -H-- | C] () -- C:\WINDOWS\System32\vbchrset.dll [2011.07.04 13:00:14 | 000,002,081 | -H-- | C] () -- C:\WINDOWS\System32\abismdsc.ini [2011.07.04 12:57:04 | 000,001,544 | -H-- | C] () -- C:\WINDOWS\TEXTPAD0.TWS [2011.07.04 12:54:13 | 000,494,592 | -H-- | C] () -- C:\WINDOWS\System32\HyperZIPPE.dll [2010.04.13 13:09:53 | 000,023,667 | -H-- | C] () -- C:\WINDOWS\hpqins15.dat [2010.03.05 17:33:15 | 000,078,191 | -H-- | C] () -- C:\WINDOWS\hpqins05.dat [2010.02.26 17:43:17 | 000,214,269 | -H-- | C] () -- C:\WINDOWS\hpwins23.dat [2010.02.26 17:43:17 | 000,001,847 | -H-- | C] () -- C:\WINDOWS\hpwmdl23.dat [2010.02.17 18:58:01 | 000,002,508 | -H-- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\$_hpcst$.hpc [2010.01.12 12:03:34 | 002,283,526 | -H-- | C] () -- C:\WINDOWS\System32\nvdata.bin [2009.12.04 09:16:57 | 000,554,496 | -H-- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2009.09.18 12:11:29 | 000,056,004 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009.06.25 12:47:53 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2009.06.05 11:15:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.06.03 09:45:59 | 000,000,151 | -H-- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.03.04 09:27:44 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.02.27 08:30:11 | 000,002,508 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2009.02.18 14:18:21 | 000,000,375 | -H-- | C] () -- C:\WINDOWS\COVERE~1.INI [2009.02.18 14:05:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Irremote.ini [2009.02.16 09:47:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2009.02.05 12:10:24 | 000,008,864 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS [2009.02.05 12:10:24 | 000,008,864 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS [2009.02.05 12:10:24 | 000,008,864 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS [2009.02.05 12:10:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PROTOCOL.INI [2009.02.05 10:29:03 | 000,000,192 | -H-- | C] () -- C:\WINDOWS\ktel.ini [2009.02.05 10:16:58 | 000,000,161 | -H-- | C] () -- C:\WINDOWS\DISPARAM.INI [2009.02.03 13:04:31 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin [2009.02.03 13:04:31 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin [2009.02.03 13:04:30 | 000,761,856 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.02.03 13:04:30 | 000,196,653 | -H-- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin [2009.02.03 13:04:30 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin [2009.02.03 13:04:30 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin [2009.02.03 13:04:30 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin [2009.02.03 13:04:30 | 000,196,582 | -H-- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin [2009.02.03 13:04:30 | 000,196,582 | -H-- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin [2009.02.03 13:04:30 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.02.03 13:04:30 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009.02.03 13:04:30 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009.02.03 13:04:30 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009.02.03 13:04:30 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\System32\aseng.dll [2009.02.03 13:04:30 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\System32\askorean.dll [2009.02.03 13:04:30 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009.02.03 13:04:30 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009.02.03 13:04:30 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\System32\aschs.dll [2009.02.03 13:04:30 | 000,000,018 | -H-- | C] () -- C:\WINDOWS\System32\atkid.ini [2009.02.03 12:41:24 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009.02.03 12:23:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.02.03 12:20:39 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.02.03 12:14:43 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.02.03 12:13:51 | 002,146,056 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.12.16 21:58:54 | 000,025,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008.12.16 21:50:56 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008.07.26 14:42:52 | 000,081,110 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.05.03 04:16:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008.01.24 12:27:46 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\EMRegSys.dll [2007.10.25 14:05:54 | 000,884,736 | -H-- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter.dll [2007.07.31 17:28:56 | 000,933,888 | -H-- | C] () -- C:\WINDOWS\System32\BatchEncoder1.dll [2007.03.20 17:16:12 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\ASDR.exe [2006.06.07 16:52:08 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.02.28 12:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.02.28 12:00:00 | 000,479,068 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.02.28 12:00:00 | 000,437,160 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.02.28 12:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.02.28 12:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.02.28 12:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.02.28 12:00:00 | 000,092,218 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.02.28 12:00:00 | 000,069,386 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.02.28 12:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2006.02.28 12:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.02.28 12:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.02.28 12:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.02.28 12:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.02.28 12:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2004.10.11 11:19:00 | 000,092,672 | -H-- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004.09.29 10:35:50 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.09.29 10:35:16 | 000,004,520 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.11.14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.08.18 02:09:30 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2000.06.13 13:30:06 | 000,222,720 | -H-- | C] () -- C:\WINDOWS\System32\spss_lmd.exe ========== LOP Check ========== [2009.02.05 10:12:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2009.02.05 12:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2009.02.24 10:26:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.03.11 13:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.03.11 13:48:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.03.23 13:26:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009.04.13 14:30:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.02.26 16:19:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.06.10 09:15:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2009.07.06 13:58:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2011.07.19 15:09:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.16 10:22:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.02.17 18:50:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PFU [2010.02.17 18:50:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia [2010.02.17 18:50:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Suite [2010.02.26 16:19:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software [2011.07.04 13:29:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Canon [2011.07.07 10:48:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Fujitsu [2011.08.02 15:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Windows Search [2011.08.03 12:55:32 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2011.08.03 12:00:02 | 000,000,490 | -H-- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2011.08.03 10:54:10 | 000,000,236 | -H-- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2011.08.03 10:59:06 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [1999.01.04 00:42:06 | 000,000,000 | -H-D | M] -- C:\CDROM [2009.02.05 11:34:48 | 000,000,000 | -HSD | M] -- C:\FOUND.000 [2009.03.27 10:45:06 | 000,000,000 | -HSD | M] -- C:\FOUND.001 [2009.05.15 12:48:10 | 000,000,000 | -HSD | M] -- C:\FOUND.002 [2011.07.04 12:46:56 | 000,000,000 | -H-D | M] -- C:\Abis Lizen [2010.04.21 12:10:34 | 000,000,000 | -H-D | M] -- C:\L2010 [2009.02.03 12:08:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS [2009.02.03 12:13:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen [2009.02.03 12:22:06 | 000,000,000 | RH-D | M] -- C:\Programme [2011.07.04 12:48:38 | 000,000,000 | -H-D | M] -- C:\2010 [2011.07.04 12:49:08 | 000,000,000 | -H-D | M] -- C:\2011 [2011.07.04 13:04:08 | 000,000,000 | -H-D | M] -- C:\DBASE [2009.02.03 12:26:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.07 09:35:38 | 000,000,000 | -H-D | M] -- C:\Software [2011.07.20 10:01:22 | 000,000,000 | -H-D | M] -- C:\Sperrlisten [2011.08.02 15:31:20 | 000,000,000 | ---D | M] -- C:\sh4ldr [2009.02.03 12:38:20 | 000,000,000 | -H-D | M] -- C:\Intel [2011.07.25 15:35:36 | 000,000,000 | -H-D | M] -- C:\Work [2011.08.03 12:23:44 | 000,000,000 | ---D | M] -- C:\VFAT32 (C) [2009.02.03 13:06:10 | 000,000,000 | -H-D | M] -- C:\Program Files [2009.02.03 14:28:16 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.02.05 11:50:10 | 000,000,000 | -H-D | M] -- C:\TEMP [2009.02.05 12:32:10 | 000,000,000 | -HSD | M] -- C:\Recycled < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2006.02.28 12:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: REGEDIT.EXE > [2006.02.28 12:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 12:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 12:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-04 12:32:29 < > < End of report > Vielen Dank. Gruß Frank |
| Themen zu Trojaner fake alert |
| adware.toolbar, alert, fehler, fenster, gefahren, installiert, meldung, monitor, monitor schwarz, nicht vorhanden, ordner, plötzlich, popup, programme, pum.hidden.desktop, pum.hijack.displayproperties, pum.hijack.taskmanager, rogue.fakehdd, runter, sichtbar, system, trojan.fakealert, trojaner, windows, windows xp |
Baum-Darstellung