| |
| |||||||
Log-Analyse und Auswertung: Trojaner PUM.Disabled.SecurityCenterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.10.2012, 13:02
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner PUM.Disabled.SecurityCenter Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.10.2012, 16:41
| #17 |
 | Trojaner PUM.Disabled.SecurityCenterCode:
ATTFilter OTL logfile created on: 11.10.2012 17:18:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Thom\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 200,36 Mb Available Physical Memory | 39,17% Memory free 1,22 Gb Paging File | 0,85 Gb Available in Paging File | 69,39% Paging File free Paging file location(s): C:\pagefile.sys 2 10 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 17,48 Gb Free Space | 44,74% Space Free | Partition Type: NTFS Drive D: | 114,32 Gb Total Space | 114,15 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Drive H: | 465,65 Gb Total Space | 156,71 Gb Free Space | 33,65% Space Free | Partition Type: FAT32 Computer Name: THOM-2000 | User Name: Thom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.11 17:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thom\Desktop\OTL.exe PRC - [2012.10.05 19:55:10 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012.09.14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe PRC - [2012.09.12 05:41:24 | 000,713,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe PRC - [2012.08.27 02:27:10 | 001,108,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe PRC - [2012.08.20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe PRC - [2012.08.20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe PRC - [2012.08.20 04:52:34 | 000,783,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe PRC - [2012.08.20 04:52:26 | 000,450,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe PRC - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009.10.11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe PRC - [2008.10.04 07:41:05 | 001,282,048 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe PRC - [2008.09.24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.09.24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.08.14 08:21:28 | 000,790,112 | ---- | M] () -- C:\Programme\Office-Web\Office-Web Center\Panel.exe PRC - [2006.08.15 08:45:46 | 000,856,064 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2006.03.09 02:00:28 | 000,212,992 | ---- | M] (Popwire AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe PRC - [2005.10.26 17:17:24 | 000,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2005.08.10 08:54:34 | 000,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe PRC - [2005.05.31 01:04:00 | 001,415,824 | ---- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2004.12.16 19:55:28 | 000,339,968 | ---- | M] (Sonix) -- C:\WINDOWS\vsnpstd3.exe PRC - [2004.10.18 01:24:50 | 000,184,320 | ---- | M] (InterVideo Inc.) -- C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2008.10.04 07:26:26 | 000,057,344 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_24_Win32.dll MOD - [2008.08.25 14:21:31 | 000,441,344 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll MOD - [2007.08.14 08:21:50 | 000,147,040 | ---- | M] () -- C:\WINDOWS\system32\Hook.dll MOD - [2007.08.14 08:21:28 | 000,790,112 | ---- | M] () -- C:\Programme\Office-Web\Office-Web Center\Panel.exe MOD - [2007.08.14 08:19:44 | 001,191,520 | ---- | M] () -- C:\WINDOWS\system32\XWheel.dll MOD - [2006.08.20 19:33:44 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.08.15 08:45:26 | 000,065,536 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll MOD - [2005.10.07 10:22:50 | 000,081,920 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll MOD - [2005.07.12 14:25:43 | 000,116,224 | R--- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2005.05.11 14:23:42 | 000,073,728 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll MOD - [2003.11.20 13:18:06 | 000,045,056 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy.dll MOD - [2002.07.04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Programme\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.08.20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.06.09 16:45:42 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.09.24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.09.24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.06 14:38:24 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.09.17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.09.14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012.09.12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.09.12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.08.13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012.08.10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012.08.10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.08.09 13:56:44 | 000,178,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.11.08 20:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.06.16 15:58:18 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2007.06.16 15:58:18 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2007.06.16 15:58:18 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2007.06.16 15:58:17 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2007.06.16 15:58:16 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) DRV - [2007.03.27 15:19:54 | 000,031,360 | ---- | M] (Game) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GMFilter.sys -- (GMFilter Filter) DRV - [2005.01.05 18:29:30 | 000,432,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2004.08.03 23:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2003.09.19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001.08.17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame) DRV - [2001.08.17 13:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.motor-schirm.de/kl_index.htm IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\..\SearchScopes\{8EAFFBB8-7083-49DA-9433-7BE54D0FA845}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= IE - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Optical Tilt Mouse] C:\Programme\Office-Web\Office-Web Center\Panel.exe () O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Programme\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe (Sonix) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [vProt] "C:\Programme\AVG Secure Search\vprot.exe" File not found O4 - HKU\S-1-5-21-1409082233-484763869-1343024091-1004..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-21-1409082233-484763869-1343024091-1004..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Thom\Startmenü\Programme\Autostart\ClearProg.lnk = C:\Programme\ClearProg\ClearProg.exe () O4 - Startup: C:\Dokumente und Einstellungen\Thom\Startmenü\Programme\Autostart\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-484763869-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.de/s/v/24.19/uploader2.cab (UploadListView Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349721288966 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248811633598 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69DAE0E4-E590-4439-AFDF-0EB1420AADB1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A37661E-EA4F-40F7-BD9C-9B9D1B3BB059}: NameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Thom\Eigene Dateien\Eigene Bilder\Picasa Bearbeitungen\picasabackground.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.24 14:27:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{34dd2310-05ce-11df-a20c-000ae64fff51}\Shell\AutoRun\command - "" = H:\Toshiba\more4youa.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 17:11:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thom\Desktop\OTL.exe [2012.10.09 19:24:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\ESET [2012.10.09 19:24:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\ESET [2012.10.09 19:23:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2012.10.09 19:21:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.10.09 19:16:48 | 001,374,624 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Thom\Desktop\eset_smart_security_live_installer.exe [2012.10.06 14:41:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\AVG2013 [2012.10.06 14:39:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG [2012.10.06 14:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\TuneUp Software [2012.10.06 14:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search [2012.10.06 14:38:24 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012.10.06 14:34:36 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.10.06 14:34:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013 [2012.10.06 14:32:47 | 000,000,000 | ---D | C] -- C:\Programme\AVG [2012.10.06 14:31:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2012.10.06 14:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\MFAData [2012.10.06 14:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2012.10.06 14:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Avg2013 [2012.10.06 14:29:34 | 119,909,912 | ---- | C] (AVG Technologies) -- C:\Dokumente und Einstellungen\Thom\Desktop\avg_free_x86_all_2013_2677a5774.exe [2012.10.06 12:14:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\AppData [2012.10.06 12:12:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\jZip [2012.10.06 12:12:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\jZip [2012.10.06 12:11:54 | 000,000,000 | ---D | C] -- C:\Programme\jZip [2012.10.06 12:09:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Desktop\Sammelordner [2012.10.06 12:09:18 | 007,334,464 | ---- | C] (Bandoo Media Inc.) -- C:\Dokumente und Einstellungen\Thom\Desktop\jZipV1.exe [2012.10.05 21:28:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Desktop\LOGDATEIEN [2012.10.05 20:45:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Malwarebytes [2012.10.05 20:44:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.05 20:44:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.05 20:44:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.10.05 20:44:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.10.05 20:42:29 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Thom\Desktop\mbam-setup-1.65.0.1400.exe [2012.10.05 20:39:03 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Thom\Desktop\Malware Virusscanner 2012.exe [2012.10.05 20:00:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Apple Computer [2012.10.05 20:00:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Apple Computer [2012.10.05 20:00:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.10.05 19:58:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.10.05 19:58:27 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.10.05 19:58:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2012.10.05 19:58:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.10.05 19:57:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Apple [2012.10.05 19:57:45 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2012.10.05 19:57:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [2012.10.05 19:57:06 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2012.10.05 19:56:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2012.10.05 19:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple [2012.09.17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys [2012.09.14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012.09.12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2012.09.12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.11 17:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thom\Desktop\OTL.exe [2012.10.11 17:02:13 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.11 17:01:34 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.10.11 17:01:06 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.11 17:00:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.11 17:00:53 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 22:00:00 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004UA.job [2012.10.10 22:00:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.10 20:00:01 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004Core.job [2012.10.10 16:59:47 | 000,538,327 | ---- | M] () -- C:\Dokumente und Einstellungen\Thom\Desktop\adwcleaner.exe [2012.10.09 19:16:54 | 001,374,624 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Thom\Desktop\eset_smart_security_live_installer.exe [2012.10.08 20:49:19 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.08 20:49:19 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.08 20:49:19 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.08 20:49:19 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.08 20:44:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.10.08 20:42:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.10.08 20:28:15 | 000,001,503 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk [2012.10.08 20:27:46 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.06 14:39:03 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2012.10.06 14:38:24 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012.10.06 14:30:00 | 119,909,912 | ---- | M] (AVG Technologies) -- C:\Dokumente und Einstellungen\Thom\Desktop\avg_free_x86_all_2013_2677a5774.exe [2012.10.06 13:50:57 | 000,000,666 | ---- | M] () -- C:\Dokumente und Einstellungen\Thom\Desktop\ClearProg.lnk [2012.10.06 12:20:41 | 000,039,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Thom\Desktop\gmer.zip [2012.10.06 12:12:11 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\jZip.lnk [2012.10.06 12:10:22 | 000,000,773 | ---- | M] () -- C:\WINDOWS\I_VIEW32.INI [2012.10.06 12:09:28 | 007,334,464 | ---- | M] (Bandoo Media Inc.) -- C:\Dokumente und Einstellungen\Thom\Desktop\jZipV1.exe [2012.10.05 21:51:28 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Thom\Desktop\mgr5h3kd.exe [2012.10.05 21:38:53 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Thom\defogger_reenable [2012.10.05 21:36:55 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Thom\Desktop\Defogger.exe [2012.10.05 20:45:53 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.05 20:42:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Thom\Desktop\mbam-setup-1.65.0.1400.exe [2012.10.05 20:39:18 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Thom\Desktop\Malware Virusscanner 2012.exe [2012.10.05 20:36:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2012.10.05 20:00:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.09.17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys [2012.09.14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012.09.12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2012.09.12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.10 16:59:44 | 000,538,327 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\Desktop\adwcleaner.exe [2012.10.08 20:28:14 | 000,001,503 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk [2012.10.08 20:23:36 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys [2012.10.08 19:24:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.10.08 19:24:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.10.06 14:39:02 | 000,000,698 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2012.10.06 12:16:41 | 000,039,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\Desktop\gmer.zip [2012.10.06 12:12:11 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\jZip.lnk [2012.10.05 21:51:27 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\Desktop\mgr5h3kd.exe [2012.10.05 21:38:53 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\defogger_reenable [2012.10.05 21:36:55 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\Desktop\Defogger.exe [2012.10.05 20:44:51 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.05 20:00:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.10.05 19:57:48 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.10.05 19:57:46 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk [2009.06.16 19:40:25 | 000,087,660 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\wsheve.dll [2007.10.24 21:21:24 | 000,005,095 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xnwfyhdk.mld [2007.08.22 18:42:22 | 000,017,619 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\mdb.bin [2006.11.02 22:47:26 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\default.pls [2006.10.29 11:57:43 | 000,081,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.10.24 16:15:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ========== ZeroAccess Check ========== [2007.06.16 16:14:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.05 19:59:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.10.06 15:44:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013 [2012.10.06 14:31:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2010.02.21 14:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2006.10.25 21:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.10.11 17:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2007.06.18 21:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2009.06.10 18:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEB.DE [2012.10.06 14:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\AVG2013 [2009.06.11 11:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\BPS PPL-Lernprogramme [2007.01.06 21:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\CD-LabelPrint [2010.02.21 14:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\elsterformular [2012.10.09 19:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\ESET [2006.10.28 19:16:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\MAGIX [2007.05.22 19:16:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\SmartSurfer [2007.06.16 16:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Teleca [2012.10.06 14:39:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\TuneUp Software [2009.06.10 18:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\WEB.DE [2007.05.22 19:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\WEBDE ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.09.03 18:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Adobe [2008.05.18 14:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\AdobeUM [2007.03.11 12:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Ahead [2012.10.05 20:01:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Apple Computer [2007.05.15 19:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\ArcSoft [2012.10.06 14:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\AVG2013 [2009.06.11 11:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\BPS PPL-Lernprogramme [2007.01.06 21:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\CD-LabelPrint [2010.02.02 17:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\dvdcss [2010.02.21 14:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\elsterformular [2012.10.09 19:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\ESET [2007.05.25 16:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Google [2007.02.28 12:57:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Help [2006.10.24 14:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Identities [2006.11.23 19:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Macromedia [2006.10.28 19:16:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\MAGIX [2012.10.05 20:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Malwarebytes [2009.07.16 17:16:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft [2006.10.25 17:58:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft Web Folders [2009.09.16 19:39:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Nero [2008.08.04 18:58:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\skypePM [2007.05.22 19:16:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\SmartSurfer [2007.06.18 21:25:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Sony Ericsson [2007.07.31 20:35:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Sun [2006.10.25 00:36:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\teamspeak2 [2007.06.16 16:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Teleca [2012.10.06 14:39:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\TuneUp Software [2010.02.21 14:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\vlc [2009.06.10 18:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\WEB.DE [2007.05.22 19:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\WEBDE < %APPDATA%\*.exe /s > [2007.05.29 22:18:47 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2008.05.16 20:05:08 | 022,319,360 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe [2008.12.07 15:22:08 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe [2008.12.07 15:22:08 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2008.12.07 15:22:08 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2008.12.07 15:22:08 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2008.12.07 15:22:08 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2008.12.07 15:22:08 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe [2009.09.28 17:06:05 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Thom\Anwendungsdaten\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe < %SYSTEMDRIVE%\*.exe > [2008.04.18 15:40:49 | 022,322,568 | ---- | M] () -- C:\antivir_workstation8_winu_de_h.exe < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.08.19 20:35:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.08.19 20:35:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.08.19 20:35:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.08.19 20:35:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.10.24 16:13:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.10.24 16:13:45 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.10.24 16:13:45 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > [2006.10.24 14:25:33 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2006.10.24 14:32:06 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2009.03.24 22:41:46 | 000,001,044 | ---- | C] () -- C:\WINDOWS\Tasks\Google Software Updater.job [2009.07.01 17:38:23 | 000,001,154 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004Core.job [2009.07.01 17:38:23 | 000,001,206 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004UA.job [2009.08.03 19:31:14 | 000,001,082 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2009.08.03 19:31:14 | 000,001,086 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.10.05 19:57:48 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job < End of report > |
|
11.10.2012, 18:43
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUM.Disabled.SecurityCenter Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:Files
C:\Dokumente und Einstellungen\Thom\Desktop\jZipV1.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
11.10.2012, 19:02
| #19 |
| | Trojaner PUM.Disabled.SecurityCenter Rechner ist beim hochlaufen Neustart stehen = geblieben. Nach drücken der Resettaste = Neustart lief er bis zur Anzeige das OLT geöffnet werden will. Das habe ich bestätigt. Hier der LOG Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Thom\Desktop\jZipV1.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Thom\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Thom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71344 bytes
User: All Users
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Thom
->Temp folder emptied: 54134532 bytes
->Temporary Internet Files folder emptied: 4371851 bytes
->Java cache emptied: 78373159 bytes
->Flash cache emptied: 100493 bytes
User: ThomLokale Einstellungen
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2239018 bytes
%systemroot%\System32 .tmp files removed: 1838471 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156198979 bytes
RecycleBin emptied: 17917 bytes
Total Files Cleaned = 284,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10112012_195118
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
12.10.2012, 10:00
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUM.Disabled.SecurityCenter Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 14:21
| #21 |
| | Trojaner PUM.Disabled.SecurityCenterCode:
ATTFilter 15:17:05.0344 3456 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:17:05.0545 3456 ============================================================
15:17:05.0545 3456 Current date / time: 2012/10/12 15:17:05.0545
15:17:05.0545 3456 SystemInfo:
15:17:05.0545 3456
15:17:05.0555 3456 OS Version: 5.1.2600 ServicePack: 3.0
15:17:05.0555 3456 Product type: Workstation
15:17:05.0555 3456 ComputerName: THOM-2000
15:17:05.0555 3456 UserName: Thom
15:17:05.0555 3456 Windows directory: C:\WINDOWS
15:17:05.0555 3456 System windows directory: C:\WINDOWS
15:17:05.0555 3456 Processor architecture: Intel x86
15:17:05.0555 3456 Number of processors: 1
15:17:05.0555 3456 Page size: 0x1000
15:17:05.0555 3456 Boot type: Normal boot
15:17:05.0555 3456 ============================================================
15:17:06.0766 3456 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:17:06.0766 3456 ============================================================
15:17:06.0766 3456 \Device\Harddisk0\DR0:
15:17:06.0766 3456 MBR partitions:
15:17:06.0766 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
15:17:06.0777 3456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0xE4A1C4C
15:17:06.0777 3456 ============================================================
15:17:06.0807 3456 C: <-> \Device\Harddisk0\DR0\Partition1
15:17:06.0837 3456 D: <-> \Device\Harddisk0\DR0\Partition2
15:17:06.0857 3456 ============================================================
15:17:06.0857 3456 Initialize success
15:17:06.0857 3456 ============================================================
15:18:09.0046 1980 ============================================================
15:18:09.0046 1980 Scan started
15:18:09.0046 1980 Mode: Manual; SigCheck; TDLFS;
15:18:09.0046 1980 ============================================================
15:18:09.0367 1980 ================ Scan system memory ========================
15:18:09.0367 1980 System memory - ok
15:18:09.0387 1980 ================ Scan services =============================
15:18:09.0447 1980 Abiosdsk - ok
15:18:09.0487 1980 abp480n5 - ok
15:18:09.0537 1980 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:18:10.0769 1980 ACPI - ok
15:18:10.0819 1980 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:18:11.0149 1980 ACPIEC - ok
15:18:11.0189 1980 adpu160m - ok
15:18:11.0239 1980 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:18:11.0590 1980 aec - ok
15:18:11.0630 1980 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:18:11.0720 1980 AFD - ok
15:18:11.0740 1980 Aha154x - ok
15:18:11.0780 1980 aic78u2 - ok
15:18:11.0820 1980 aic78xx - ok
15:18:11.0870 1980 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:18:12.0231 1980 Alerter - ok
15:18:12.0271 1980 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
15:18:12.0421 1980 ALG - ok
15:18:12.0461 1980 AliIde - ok
15:18:12.0521 1980 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:18:12.0821 1980 AmdK7 - ok
15:18:12.0862 1980 amsint - ok
15:18:12.0932 1980 [ 9015BC03F62940527EC92D45EE89E46F ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
15:18:12.0952 1980 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
15:18:12.0952 1980 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
15:18:13.0002 1980 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:18:13.0042 1980 Apple Mobile Device - ok
15:18:13.0072 1980 AppMgmt - ok
15:18:13.0132 1980 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:18:13.0502 1980 Arp1394 - ok
15:18:13.0543 1980 asc - ok
15:18:13.0583 1980 asc3350p - ok
15:18:13.0623 1980 asc3550 - ok
15:18:13.0673 1980 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:18:14.0043 1980 AsyncMac - ok
15:18:14.0083 1980 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:18:14.0474 1980 atapi - ok
15:18:14.0504 1980 Atdisk - ok
15:18:14.0544 1980 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:18:14.0904 1980 Atmarpc - ok
15:18:14.0955 1980 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:18:15.0355 1980 AudioSrv - ok
15:18:15.0405 1980 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:18:15.0756 1980 audstub - ok
15:18:16.0096 1980 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Programme\AVG\AVG2013\avgidsagent.exe
15:18:16.0497 1980 AVGIDSAgent - ok
15:18:16.0567 1980 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:18:16.0667 1980 AVGIDSDriver - ok
15:18:16.0717 1980 [ CB77A9743A033E33F8409D235C683D99 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:18:16.0757 1980 AVGIDSHX - ok
15:18:16.0787 1980 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:18:16.0827 1980 AVGIDSShim - ok
15:18:16.0907 1980 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:18:16.0947 1980 Avgldx86 - ok
15:18:16.0987 1980 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
15:18:17.0028 1980 Avglogx - ok
15:18:17.0068 1980 [ DACC0743F5313045D5CCA23F8A7CDF68 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:18:17.0128 1980 Avgmfx86 - ok
15:18:17.0158 1980 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:18:17.0198 1980 Avgrkx86 - ok
15:18:17.0248 1980 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:18:17.0288 1980 Avgtdix - ok
15:18:17.0318 1980 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
15:18:17.0378 1980 avgtp - ok
15:18:17.0418 1980 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Programme\AVG\AVG2013\avgwdsvc.exe
15:18:17.0458 1980 avgwd - ok
15:18:17.0518 1980 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:18:17.0929 1980 Beep - ok
15:18:17.0989 1980 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
15:18:18.0480 1980 BITS - ok
15:18:18.0570 1980 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
15:18:18.0660 1980 Bonjour Service - ok
15:18:18.0720 1980 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
15:18:18.0780 1980 Browser - ok
15:18:18.0840 1980 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:18:19.0251 1980 cbidf2k - ok
15:18:19.0291 1980 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:18:19.0641 1980 CCDECODE - ok
15:18:19.0661 1980 cd20xrnt - ok
15:18:19.0731 1980 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:18:20.0112 1980 Cdaudio - ok
15:18:20.0152 1980 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:18:20.0523 1980 Cdfs - ok
15:18:20.0553 1980 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:18:20.0953 1980 Cdrom - ok
15:18:20.0973 1980 Changer - ok
15:18:21.0023 1980 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:18:21.0374 1980 CiSvc - ok
15:18:21.0394 1980 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:18:21.0794 1980 ClipSrv - ok
15:18:21.0834 1980 CmdIde - ok
15:18:21.0874 1980 COMSysApp - ok
15:18:21.0925 1980 Cpqarray - ok
15:18:21.0975 1980 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:18:22.0355 1980 CryptSvc - ok
15:18:22.0395 1980 dac2w2k - ok
15:18:22.0435 1980 dac960nt - ok
15:18:22.0505 1980 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:18:22.0606 1980 DcomLaunch - ok
15:18:22.0666 1980 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:18:23.0016 1980 Dhcp - ok
15:18:23.0066 1980 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:18:23.0437 1980 Disk - ok
15:18:23.0457 1980 dmadmin - ok
15:18:23.0537 1980 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:18:23.0968 1980 dmboot - ok
15:18:23.0998 1980 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:18:24.0378 1980 dmio - ok
15:18:24.0418 1980 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:18:24.0759 1980 dmload - ok
15:18:24.0809 1980 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:18:25.0199 1980 dmserver - ok
15:18:25.0249 1980 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:18:25.0610 1980 DMusic - ok
15:18:25.0670 1980 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:18:25.0750 1980 Dnscache - ok
15:18:25.0810 1980 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:18:26.0151 1980 Dot3svc - ok
15:18:26.0201 1980 dpti2o - ok
15:18:26.0251 1980 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:18:26.0621 1980 drmkaud - ok
15:18:26.0651 1980 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:18:27.0042 1980 EapHost - ok
15:18:27.0102 1980 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:18:27.0432 1980 ERSvc - ok
15:18:27.0483 1980 [ A55DD7D8CED5D2624A9EE2DDA7BE0319 ] es1371 C:\WINDOWS\system32\drivers\es1371mp.sys
15:18:27.0843 1980 es1371 - ok
15:18:27.0893 1980 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
15:18:27.0953 1980 Eventlog - ok
15:18:28.0003 1980 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
15:18:28.0083 1980 EventSystem - ok
15:18:28.0144 1980 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:18:28.0504 1980 Fastfat - ok
15:18:28.0584 1980 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:18:28.0644 1980 FastUserSwitchingCompatibility - ok
15:18:28.0694 1980 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:18:29.0085 1980 Fdc - ok
15:18:29.0135 1980 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:18:29.0495 1980 Fips - ok
15:18:29.0646 1980 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\MAGIX\Common\Database\bin\fbserver.exe
15:18:29.0786 1980 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
15:18:29.0786 1980 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
15:18:29.0856 1980 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:18:30.0186 1980 Flpydisk - ok
15:18:30.0247 1980 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:18:30.0627 1980 FltMgr - ok
15:18:30.0677 1980 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:18:31.0028 1980 Fs_Rec - ok
15:18:31.0068 1980 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:18:31.0418 1980 Ftdisk - ok
15:18:31.0458 1980 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:18:31.0849 1980 gameenum - ok
15:18:31.0899 1980 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:18:31.0939 1980 GEARAspiWDM - ok
15:18:31.0989 1980 [ E8B871AA7BB2BEFDC3398ADE629DC481 ] GMFilter Filter C:\WINDOWS\system32\Drivers\GMFilter.sys
15:18:32.0009 1980 GMFilter Filter ( UnsignedFile.Multi.Generic ) - warning
15:18:32.0009 1980 GMFilter Filter - detected UnsignedFile.Multi.Generic (1)
15:18:32.0079 1980 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:18:32.0450 1980 Gpc - ok
15:18:32.0510 1980 [ CD007D03A9284BFE67D49C01213132BF ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
15:18:32.0530 1980 grmnusb ( UnsignedFile.Multi.Generic ) - warning
15:18:32.0530 1980 grmnusb - detected UnsignedFile.Multi.Generic (1)
15:18:32.0600 1980 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
15:18:32.0640 1980 gupdate - ok
15:18:32.0680 1980 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
15:18:32.0730 1980 gupdatem - ok
15:18:32.0780 1980 [ 5467F1FF0AF264566740F67E8B810735 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
15:18:32.0820 1980 gusvc - ok
15:18:32.0870 1980 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:18:33.0221 1980 helpsvc - ok
15:18:33.0271 1980 [ 923EE4EEF2582909A056904CA8026015 ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
15:18:33.0661 1980 hidgame - ok
15:18:33.0702 1980 HidServ - ok
15:18:33.0752 1980 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:18:34.0142 1980 HidUsb - ok
15:18:34.0212 1980 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:18:34.0583 1980 hkmsvc - ok
15:18:34.0633 1980 hpn - ok
15:18:34.0703 1980 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:18:34.0773 1980 HTTP - ok
15:18:34.0823 1980 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:18:35.0194 1980 HTTPFilter - ok
15:18:35.0224 1980 i2omgmt - ok
15:18:35.0264 1980 i2omp - ok
15:18:35.0314 1980 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:18:35.0704 1980 i8042prt - ok
15:18:35.0764 1980 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:18:35.0784 1980 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:18:35.0784 1980 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:18:35.0845 1980 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:18:36.0205 1980 Imapi - ok
15:18:36.0275 1980 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
15:18:36.0616 1980 ImapiService - ok
15:18:36.0686 1980 ini910u - ok
15:18:36.0736 1980 IntelIde - ok
15:18:36.0796 1980 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:18:37.0146 1980 Ip6Fw - ok
15:18:37.0217 1980 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:18:37.0567 1980 IpFilterDriver - ok
15:18:37.0617 1980 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:18:37.0968 1980 IpInIp - ok
15:18:38.0008 1980 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:18:38.0368 1980 IpNat - ok
15:18:38.0448 1980 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Programme\iPod\bin\iPodService.exe
15:18:38.0558 1980 iPod Service - ok
15:18:38.0589 1980 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:18:38.0939 1980 IPSec - ok
15:18:38.0999 1980 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:18:39.0149 1980 IRENUM - ok
15:18:39.0209 1980 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:18:39.0570 1980 isapnp - ok
15:18:39.0670 1980 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
15:18:39.0730 1980 JavaQuickStarterService - ok
15:18:39.0770 1980 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\WINDOWS\system32\DRIVERS\k750bus.sys
15:18:39.0800 1980 k750bus ( UnsignedFile.Multi.Generic ) - warning
15:18:39.0800 1980 k750bus - detected UnsignedFile.Multi.Generic (1)
15:18:39.0860 1980 [ F44521F63C0C00364FA3D59DB980DE6A ] k750mdfl C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
15:18:39.0880 1980 k750mdfl ( UnsignedFile.Multi.Generic ) - warning
15:18:39.0880 1980 k750mdfl - detected UnsignedFile.Multi.Generic (1)
15:18:39.0920 1980 [ E93323C3ED5E8923A177740A973C27B2 ] k750mdm C:\WINDOWS\system32\DRIVERS\k750mdm.sys
15:18:39.0961 1980 k750mdm ( UnsignedFile.Multi.Generic ) - warning
15:18:39.0961 1980 k750mdm - detected UnsignedFile.Multi.Generic (1)
15:18:40.0001 1980 [ 9D5F5A70CA0B7C428EFCD73DB50E6AC7 ] k750mgmt C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
15:18:40.0031 1980 k750mgmt ( UnsignedFile.Multi.Generic ) - warning
15:18:40.0031 1980 k750mgmt - detected UnsignedFile.Multi.Generic (1)
15:18:40.0101 1980 [ 81CA2D57B2C14F76F4BA80846784BB3D ] k750obex C:\WINDOWS\system32\DRIVERS\k750obex.sys
15:18:40.0131 1980 k750obex ( UnsignedFile.Multi.Generic ) - warning
15:18:40.0131 1980 k750obex - detected UnsignedFile.Multi.Generic (1)
15:18:40.0171 1980 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:18:40.0511 1980 Kbdclass - ok
15:18:40.0571 1980 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:18:40.0962 1980 kmixer - ok
15:18:41.0012 1980 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:18:41.0092 1980 KSecDD - ok
15:18:41.0152 1980 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:18:41.0222 1980 lanmanserver - ok
15:18:41.0262 1980 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:18:41.0332 1980 lanmanworkstation - ok
15:18:41.0353 1980 lbrtfdc - ok
15:18:41.0443 1980 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:18:41.0803 1980 LmHosts - ok
15:18:41.0843 1980 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:18:42.0244 1980 Messenger - ok
15:18:42.0304 1980 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:18:42.0664 1980 mnmdd - ok
15:18:42.0734 1980 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:18:43.0125 1980 mnmsrvc - ok
15:18:43.0175 1980 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:18:43.0546 1980 Modem - ok
15:18:43.0596 1980 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:18:43.0926 1980 Mouclass - ok
15:18:43.0956 1980 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:18:44.0297 1980 mouhid - ok
15:18:44.0327 1980 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:18:44.0687 1980 MountMgr - ok
15:18:44.0727 1980 mraid35x - ok
15:18:44.0838 1980 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:18:45.0168 1980 MRxDAV - ok
15:18:45.0238 1980 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:18:45.0338 1980 MRxSmb - ok
15:18:45.0388 1980 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:18:45.0759 1980 MSDTC - ok
15:18:45.0809 1980 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:18:46.0189 1980 Msfs - ok
15:18:46.0230 1980 MSIServer - ok
15:18:46.0280 1980 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:18:46.0600 1980 MSKSSRV - ok
15:18:46.0630 1980 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:18:46.0971 1980 MSPCLOCK - ok
15:18:47.0021 1980 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:18:47.0361 1980 MSPQM - ok
15:18:47.0411 1980 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:18:47.0732 1980 mssmbios - ok
15:18:47.0782 1980 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:18:48.0152 1980 MSTEE - ok
15:18:48.0212 1980 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
15:18:48.0513 1980 ms_mpu401 - ok
15:18:48.0573 1980 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:18:48.0623 1980 Mup - ok
15:18:48.0673 1980 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:18:49.0024 1980 NABTSFEC - ok
15:18:49.0094 1980 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
15:18:49.0464 1980 napagent - ok
15:18:49.0534 1980 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:18:49.0825 1980 NDIS - ok
15:18:49.0855 1980 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:18:50.0245 1980 NdisIP - ok
15:18:50.0315 1980 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:18:50.0375 1980 NdisTapi - ok
15:18:50.0426 1980 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:18:50.0746 1980 Ndisuio - ok
15:18:50.0796 1980 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:18:51.0167 1980 NdisWan - ok
15:18:51.0227 1980 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:18:51.0297 1980 NDProxy - ok
15:18:51.0417 1980 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
15:18:51.0507 1980 Nero BackItUp Scheduler 4.0 - ok
15:18:51.0547 1980 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:18:51.0928 1980 NetBIOS - ok
15:18:51.0978 1980 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:18:52.0348 1980 NetBT - ok
15:18:52.0388 1980 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
15:18:52.0749 1980 NetDDE - ok
15:18:52.0779 1980 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:18:53.0099 1980 NetDDEdsdm - ok
15:18:53.0159 1980 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:18:53.0490 1980 Netlogon - ok
15:18:53.0540 1980 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
15:18:53.0860 1980 Netman - ok
15:18:53.0921 1980 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:18:54.0241 1980 NIC1394 - ok
15:18:54.0301 1980 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
15:18:54.0361 1980 Nla - ok
15:18:54.0391 1980 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:18:54.0802 1980 Npfs - ok
15:18:54.0872 1980 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:18:55.0222 1980 Ntfs - ok
15:18:55.0263 1980 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:18:55.0593 1980 NtLmSsp - ok
15:18:55.0653 1980 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:18:55.0994 1980 NtmsSvc - ok
15:18:56.0024 1980 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:18:56.0354 1980 Null - ok
15:18:56.0484 1980 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:18:56.0935 1980 nv - ok
15:18:56.0995 1980 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:18:57.0315 1980 NwlnkFlt - ok
15:18:57.0366 1980 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:18:57.0696 1980 NwlnkFwd - ok
15:18:57.0766 1980 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:18:58.0067 1980 ohci1394 - ok
15:18:58.0107 1980 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:18:58.0447 1980 Parport - ok
15:18:58.0487 1980 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:18:58.0808 1980 PartMgr - ok
15:18:58.0848 1980 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:18:59.0158 1980 ParVdm - ok
15:18:59.0218 1980 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:18:59.0569 1980 PCI - ok
15:18:59.0599 1980 PCIDump - ok
15:18:59.0639 1980 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:18:59.0969 1980 PCIIde - ok
15:19:00.0019 1980 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:19:00.0360 1980 Pcmcia - ok
15:19:00.0400 1980 PDCOMP - ok
15:19:00.0430 1980 PDFRAME - ok
15:19:00.0470 1980 PDRELI - ok
15:19:00.0510 1980 PDRFRAME - ok
15:19:00.0550 1980 perc2 - ok
15:19:00.0590 1980 perc2hib - ok
15:19:00.0710 1980 [ 6C1618A07B49E3873582B6449E744088 ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
15:19:00.0740 1980 Pfc ( UnsignedFile.Multi.Generic ) - warning
15:19:00.0740 1980 Pfc - detected UnsignedFile.Multi.Generic (1)
15:19:00.0820 1980 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
15:19:00.0851 1980 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
15:19:00.0851 1980 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
15:19:00.0911 1980 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
15:19:00.0961 1980 PlugPlay - ok
15:19:00.0991 1980 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:19:01.0311 1980 PolicyAgent - ok
15:19:01.0351 1980 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:19:01.0692 1980 PptpMiniport - ok
15:19:01.0732 1980 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:19:02.0042 1980 ProtectedStorage - ok
15:19:02.0072 1980 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:19:02.0423 1980 PSched - ok
15:19:02.0483 1980 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:19:02.0783 1980 Ptilink - ok
15:19:02.0843 1980 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:19:02.0883 1980 PxHelp20 - ok
15:19:02.0903 1980 ql1080 - ok
15:19:02.0944 1980 Ql10wnt - ok
15:19:02.0984 1980 ql12160 - ok
15:19:03.0014 1980 ql1240 - ok
15:19:03.0054 1980 ql1280 - ok
15:19:03.0114 1980 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:19:03.0424 1980 RasAcd - ok
15:19:03.0484 1980 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:19:03.0795 1980 RasAuto - ok
15:19:03.0825 1980 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:19:04.0155 1980 Rasl2tp - ok
15:19:04.0205 1980 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:19:04.0546 1980 RasMan - ok
15:19:04.0586 1980 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:19:04.0896 1980 RasPppoe - ok
15:19:04.0956 1980 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:19:05.0287 1980 Raspti - ok
15:19:05.0337 1980 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:19:05.0617 1980 Rdbss - ok
15:19:05.0637 1980 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:19:06.0018 1980 RDPCDD - ok
15:19:06.0108 1980 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:19:06.0198 1980 RDPWD - ok
15:19:06.0258 1980 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:19:06.0549 1980 RDSessMgr - ok
15:19:06.0619 1980 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:19:06.0939 1980 redbook - ok
15:19:07.0009 1980 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:19:07.0300 1980 RemoteAccess - ok
15:19:07.0330 1980 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:19:07.0650 1980 RpcLocator - ok
15:19:07.0720 1980 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:19:07.0811 1980 RpcSs - ok
15:19:07.0851 1980 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:19:08.0141 1980 RSVP - ok
15:19:08.0171 1980 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
15:19:08.0502 1980 SamSs - ok
15:19:08.0552 1980 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:19:08.0892 1980 SCardSvr - ok
15:19:08.0962 1980 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:19:09.0283 1980 Schedule - ok
15:19:09.0363 1980 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:19:09.0493 1980 Secdrv - ok
15:19:09.0543 1980 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
15:19:09.0914 1980 seclogon - ok
15:19:09.0944 1980 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
15:19:10.0314 1980 SENS - ok
15:19:10.0394 1980 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:19:10.0715 1980 serenum - ok
15:19:10.0765 1980 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:19:11.0085 1980 Serial - ok
15:19:11.0135 1980 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:19:11.0466 1980 Sfloppy - ok
15:19:11.0536 1980 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:19:11.0866 1980 SharedAccess - ok
15:19:11.0916 1980 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:19:11.0977 1980 ShellHWDetection - ok
15:19:12.0007 1980 Simbad - ok
15:19:12.0067 1980 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:19:12.0377 1980 sisagp - ok
15:19:12.0427 1980 [ 3FBB6EF8B5A71A2FA11F5F461BB73219 ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
15:19:12.0758 1980 SISNIC - ok
15:19:12.0818 1980 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:19:13.0128 1980 SLIP - ok
15:19:13.0198 1980 [ F71E66CB5930A2B526C44DE4164E2F28 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys
15:19:13.0308 1980 SNPSTD3 - ok
15:19:13.0338 1980 Sparrow - ok
15:19:13.0379 1980 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:19:13.0689 1980 splitter - ok
15:19:13.0749 1980 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:19:13.0819 1980 Spooler - ok
15:19:13.0849 1980 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:19:14.0009 1980 sr - ok
15:19:14.0080 1980 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
15:19:14.0220 1980 srservice - ok
15:19:14.0290 1980 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:19:14.0390 1980 Srv - ok
15:19:14.0430 1980 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:19:14.0590 1980 SSDPSRV - ok
15:19:14.0630 1980 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:19:14.0660 1980 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
15:19:14.0660 1980 ssmdrv - detected UnsignedFile.Multi.Generic (1)
15:19:14.0741 1980 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:19:15.0031 1980 stisvc - ok
15:19:15.0081 1980 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:19:15.0442 1980 streamip - ok
15:19:15.0482 1980 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:19:15.0792 1980 swenum - ok
15:19:15.0842 1980 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:19:16.0173 1980 swmidi - ok
15:19:16.0213 1980 SwPrv - ok
15:19:16.0263 1980 symc810 - ok
15:19:16.0393 1980 symc8xx - ok
15:19:16.0463 1980 sym_hi - ok
15:19:16.0493 1980 sym_u3 - ok
15:19:16.0533 1980 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:19:16.0904 1980 sysaudio - ok
15:19:16.0944 1980 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:19:17.0304 1980 SysmonLog - ok
15:19:17.0354 1980 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:19:17.0715 1980 TapiSrv - ok
15:19:17.0805 1980 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:19:17.0885 1980 Tcpip - ok
15:19:17.0925 1980 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:19:18.0306 1980 TDPIPE - ok
15:19:18.0356 1980 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:19:18.0656 1980 TDTCP - ok
15:19:18.0706 1980 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:19:19.0037 1980 TermDD - ok
15:19:19.0127 1980 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
15:19:19.0437 1980 TermService - ok
15:19:19.0487 1980 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:19:19.0537 1980 Themes - ok
15:19:19.0557 1980 TosIde - ok
15:19:19.0597 1980 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:19:19.0928 1980 TrkWks - ok
15:19:19.0988 1980 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:19:20.0288 1980 Udfs - ok
15:19:20.0319 1980 ultra - ok
15:19:20.0399 1980 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:19:20.0739 1980 Update - ok
15:19:20.0799 1980 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:19:20.0959 1980 upnphost - ok
15:19:21.0010 1980 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
15:19:21.0340 1980 UPS - ok
15:19:21.0410 1980 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:19:21.0701 1980 usbaudio - ok
15:19:21.0751 1980 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:19:22.0081 1980 usbccgp - ok
15:19:22.0111 1980 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:19:22.0472 1980 usbehci - ok
15:19:22.0522 1980 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:19:22.0842 1980 usbhub - ok
15:19:22.0892 1980 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:19:23.0203 1980 usbohci - ok
15:19:23.0263 1980 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:19:23.0583 1980 usbprint - ok
15:19:23.0613 1980 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:19:23.0934 1980 USBSTOR - ok
15:19:23.0974 1980 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:19:24.0294 1980 usbuhci - ok
15:19:24.0334 1980 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:19:24.0655 1980 VgaSave - ok
15:19:24.0675 1980 ViaIde - ok
15:19:24.0725 1980 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:19:25.0115 1980 VolSnap - ok
15:19:25.0186 1980 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
15:19:25.0356 1980 VSS - ok
15:19:25.0376 1980 vToolbarUpdater12.2.6 - ok
15:19:25.0436 1980 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
15:19:25.0746 1980 W32Time - ok
15:19:25.0816 1980 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:19:26.0217 1980 Wanarp - ok
15:19:26.0257 1980 WDICA - ok
15:19:26.0297 1980 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:19:26.0638 1980 wdmaud - ok
15:19:26.0678 1980 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:19:26.0988 1980 WebClient - ok
15:19:27.0068 1980 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:19:27.0439 1980 winmgmt - ok
15:19:27.0559 1980 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:19:27.0669 1980 WmdmPmSN - ok
15:19:27.0729 1980 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:19:28.0050 1980 WmiApSrv - ok
15:19:28.0160 1980 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
15:19:28.0290 1980 WMPNetworkSvc - ok
15:19:28.0350 1980 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:19:28.0390 1980 WpdUsb - ok
15:19:28.0460 1980 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:19:28.0781 1980 wscsvc - ok
15:19:28.0841 1980 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:19:29.0131 1980 WSTCODEC - ok
15:19:29.0181 1980 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:19:29.0542 1980 wuauserv - ok
15:19:29.0602 1980 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:19:29.0662 1980 WudfPf - ok
15:19:29.0692 1980 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:19:29.0792 1980 WudfRd - ok
15:19:29.0842 1980 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:19:29.0902 1980 WudfSvc - ok
15:19:29.0972 1980 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:19:30.0333 1980 WZCSVC - ok
15:19:30.0403 1980 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:19:30.0744 1980 xmlprov - ok
15:19:30.0824 1980 ================ Scan global ===============================
15:19:30.0854 1980 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:19:30.0934 1980 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:19:30.0984 1980 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:19:31.0024 1980 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:19:31.0034 1980 [Global] - ok
15:19:31.0044 1980 ================ Scan MBR ==================================
15:19:31.0084 1980 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:19:31.0354 1980 \Device\Harddisk0\DR0 - ok
15:19:31.0374 1980 ================ Scan VBR ==================================
15:19:31.0384 1980 [ 26D0696F0E26B6C66406208D3C5C8774 ] \Device\Harddisk0\DR0\Partition1
15:19:31.0394 1980 \Device\Harddisk0\DR0\Partition1 - ok
15:19:31.0435 1980 [ A87ECBECBD76CCDC05A296B6917F6C9B ] \Device\Harddisk0\DR0\Partition2
15:19:31.0445 1980 \Device\Harddisk0\DR0\Partition2 - ok
15:19:31.0445 1980 ============================================================
15:19:31.0455 1980 Scan finished
15:19:31.0455 1980 ============================================================
15:19:31.0625 1732 Detected object count: 13
15:19:31.0625 1732 Actual detected object count: 13
15:20:05.0554 1732 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0554 1732 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0554 1732 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0554 1732 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0574 1732 GMFilter Filter ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0574 1732 GMFilter Filter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0574 1732 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0574 1732 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0584 1732 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0584 1732 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0584 1732 k750bus ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0584 1732 k750bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0594 1732 k750mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0594 1732 k750mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0594 1732 k750mdm ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0594 1732 k750mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0604 1732 k750mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0604 1732 k750mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0604 1732 k750obex ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0604 1732 k750obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0604 1732 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0604 1732 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0604 1732 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0604 1732 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:05.0604 1732 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:05.0604 1732 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.10.2012, 15:37
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUM.Disabled.SecurityCenter Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 16:11
| #23 |
| | Trojaner PUM.Disabled.SecurityCenterCode:
ATTFilter ComboFix 12-10-12.01 - Thom 12.10.2012 16:54:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.244 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Thom\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Thom\Anwendungsdaten\wsheve.dll
c:\dokumente und einstellungen\Thom\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system\01CM8095.DRV
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.int
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-12 bis 2012-10-12 ))))))))))))))))))))))))))))))
.
.
2012-10-12 14:05 . 2012-10-12 14:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-12 14:05 . 2012-10-12 14:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-12 14:04 . 2012-10-12 14:04 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-11 17:51 . 2012-10-11 17:51 -------- d-----w- C:\_OTL
2012-10-09 17:24 . 2012-10-09 17:24 -------- d-----w- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\ESET
2012-10-09 17:24 . 2012-10-09 17:24 -------- d-----w- c:\dokumente und einstellungen\Thom\Anwendungsdaten\ESET
2012-10-09 17:23 . 2012-10-09 17:23 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET
2012-10-09 17:21 . 2012-10-09 19:25 -------- d-----w- c:\programme\ESET
2012-10-08 18:43 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2012-10-08 18:43 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2012-10-08 18:43 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2012-10-08 17:32 . 2012-08-28 15:05 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-08 17:32 . 2012-08-28 15:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-08 17:30 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-10-08 17:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-10-08 17:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-08 17:20 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-10-08 17:19 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-10-08 17:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-10-08 17:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-10-08 17:13 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-10-08 17:13 . 2010-09-18 06:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-10-08 17:12 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-10-08 17:11 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-10-08 17:11 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-10-08 17:10 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-10-08 17:07 . 2009-10-13 10:32 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2012-10-08 17:07 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2012-10-08 17:07 . 2009-10-12 13:38 150528 -c----w- c:\windows\system32\dllcache\rastls.dll
2012-10-08 17:06 . 2009-09-11 14:17 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2012-10-08 17:06 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2012-10-08 17:06 . 2010-12-22 12:34 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2012-10-08 17:06 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2012-10-08 17:06 . 2009-07-17 16:15 1441792 -c----w- c:\windows\system32\dllcache\query.dll
2012-10-08 17:06 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2012-10-08 17:06 . 2009-06-21 21:45 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-10-08 17:06 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2012-10-08 17:05 . 2009-08-05 08:59 206336 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2012-10-08 17:05 . 2009-06-15 10:43 78848 -c----w- c:\windows\system32\dllcache\telnet.exe
2012-10-08 17:05 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2012-10-06 12:41 . 2012-10-06 12:41 -------- d-----w- c:\dokumente und einstellungen\Thom\Anwendungsdaten\AVG2013
2012-10-06 12:39 . 2012-10-06 12:39 -------- d-----w- c:\dokumente und einstellungen\Thom\Anwendungsdaten\TuneUp Software
2012-10-06 12:38 . 2012-10-06 12:38 -------- d-----w- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search
2012-10-06 12:38 . 2012-10-06 12:38 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-06 12:34 . 2012-10-06 12:34 -------- d-----w- C:\$AVG
2012-10-06 12:34 . 2012-10-06 13:44 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG2013
2012-10-06 12:32 . 2012-10-06 12:32 -------- d-----w- c:\programme\AVG
2012-10-06 12:31 . 2012-10-12 12:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2012-10-06 12:31 . 2012-10-06 12:44 -------- d-----w- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Avg2013
2012-10-06 12:31 . 2012-10-06 12:31 -------- d--h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2012-10-06 12:31 . 2012-10-06 12:31 -------- d-----w- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\MFAData
2012-10-06 11:36 . 2012-10-06 11:48 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-10-06 10:14 . 2012-10-06 10:14 -------- d-----w- c:\dokumente und einstellungen\Thom\AppData
2012-10-05 18:45 . 2012-10-05 18:45 -------- d-----w- c:\dokumente und einstellungen\Thom\Anwendungsdaten\Malwarebytes
2012-10-05 18:44 . 2012-10-05 18:44 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-05 18:44 . 2012-10-05 18:45 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-10-05 18:44 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-05 18:00 . 2012-10-05 18:01 -------- d-----w- c:\dokumente und einstellungen\Thom\Anwendungsdaten\Apple Computer
2012-10-05 18:00 . 2012-10-05 18:00 -------- d-----w- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2012-10-05 17:59 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-05 17:58 . 2012-10-05 17:58 -------- d-----w- c:\programme\iPod
2012-10-05 17:58 . 2012-10-05 17:59 -------- d-----w- c:\programme\iTunes
2012-10-05 17:58 . 2012-10-05 17:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-05 17:58 . 2012-10-05 17:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2012-10-05 17:57 . 2012-10-05 17:57 -------- d-----w- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Apple
2012-10-05 17:57 . 2012-10-05 17:57 -------- d-----w- c:\programme\Apple Software Update
2012-10-05 17:57 . 2012-10-05 17:57 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Apple Computer
2012-10-05 17:57 . 2012-10-05 17:57 -------- d-----w- c:\programme\Bonjour
2012-10-05 17:56 . 2012-10-05 17:58 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2012-10-05 17:56 . 2012-10-05 17:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2012-09-17 16:58 . 2012-09-17 16:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 03:34 . 2012-09-14 03:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 14:04 . 2007-08-27 20:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-12 09:47 . 2012-09-12 09:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 09:47 . 2012-09-12 09:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-08-28 15:05 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-13 14:40 . 2012-08-13 14:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 02:52 . 2012-08-10 02:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 02:52 . 2012-08-10 02:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 11:56 . 2012-08-09 11:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-30 1415824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-12-16 339968]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Optical Tilt Mouse"="c:\programme\Office-Web\Office-Web Center\Panel.exe" [2007-08-14 790112]
"NBKeyScan"="c:\programme\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"AVG_UI"="c:\programme\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Thom\Startmenü\Programme\Autostart\
ClearProg.lnk - c:\programme\ClearProg\ClearProg.exe [2004-12-3 159232]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
InterVideo WinCinema Manager.lnk - c:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-12-12 184320]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [17.09.2012 18:58 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09.08.2012 13:56 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10.08.2012 04:52 35168]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13.08.2012 16:40 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [10.08.2012 04:52 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12.09.2012 11:47 151648]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.09.2012 11:47 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [06.10.2012 14:38 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG2013\avgidsagent.exe [20.08.2012 04:52 5751928]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG2013\avgwdsvc.exe [20.08.2012 04:53 184304]
R3 GMFilter Filter;GMFilter Filter;c:\windows\system32\drivers\GMFilter.sys [16.07.2009 16:44 31360]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [22.05.2009 20:21 108289]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [25.10.2006 21:36 1527900]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 34314692
*Deregistered* - 34314692
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-20 20:41]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004Core.job
- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-03 16:21]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004UA.job
- c:\dokumente und einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-03 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.motor-schirm.de/kl_index.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7A37661E-EA4F-40F7-BD9C-9B9D1B3BB059}: NameServer = 192.168.1.1
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Picasa Media Detector - c:\programme\Picasa2\PicasaMediaDetector.exe
HKLM-Run-vProt - c:\programme\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_NT - c:\programme\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-12 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-12 17:09:24
ComboFix-quarantined-files.txt 2012-10-12 15:09
.
Vor Suchlauf: 20 Verzeichnis(se), 19.047.530.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 19.089.616.896 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 581C08D274AD6AF8F94E6AD5E5632869
|
|
12.10.2012, 18:47
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUM.Disabled.SecurityCenter Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.10.2012, 18:01
| #25 |
| | Trojaner PUM.Disabled.SecurityCenter sodala hat nen bisschen gedauert aber hat alles geklappt hoffe ich Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-13 18:15:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722516VLAT80 rev.V34OA6EA
Running: mgr5h3kd.exe; Driver: C:\DOKUME~1\Thom\LOKALE~1\Temp\kflyapoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xF7866118]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xF78661E8]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7865D4A]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) ZwQueryValueKey [0xF85E7258]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xF7865F38]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xF7865FCE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF7865E00]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7865E9C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF786606A]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:26:16 on 13.10.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG2013\avgrsx.exe [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1409082233-484763869-1343024091-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Thom\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys "AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys "AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys "AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys "avgtp" (avgtp) - "AVG Technologies" - C:\WINDOWS\system32\drivers\avgtpx86.sys "catchme" (catchme) - ? - C:\DOKUME~1\Thom\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GMFilter Filter" (GMFilter Filter) - "Game" - C:\WINDOWS\System32\Drivers\GMFilter.sys "grmnusb" (grmnusb) - "GARMIN Corp." - C:\WINDOWS\System32\drivers\grmnusb.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kflyapoc" (kflyapoc) - ? - C:\DOKUME~1\Thom\LOKALE~1\Temp\kflyapoc.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Padus ASPI Shell" (Pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Sony Ericsson 750 driver (WDM)" (k750bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750bus.sys "Sony Ericsson 750 USB WMC Device Management Drivers" (k750mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mgmt.sys "Sony Ericsson 750 USB WMC Modem Drivers" (k750mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdm.sys "Sony Ericsson 750 USB WMC Modem Filter" (k750mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdfl.sys "Sony Ericsson 750 USB WMC OBEX Interface Drivers" (k750obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750obex.sys "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2013\avgse.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {2F5AC606-70CF-461C-BFE1-6063670C3484} "MouseCplExt Class" - ? - C:\WINDOWS\system32\MousePage.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {A5110426-177D-4e08-AB3F-785F10B4439C} "Sony Ericsson Datei-Manager" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll <binary data> "&Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found) ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248811633598 {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {474F00F5-3853-492C-AC3A-476512BBC336} "UploadListView Class" - ? - C:\WINDOWS\Downloaded Program Files\UploaderX.dll / hxxp://picasaweb.google.de/s/v/24.19/uploader2.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - ? - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (File not found) {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "EWPBrowseObject Class" - ? - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "InterVideo WinCinema Manager.lnk" - "InterVideo Inc." - C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "ClearProg.lnk" - ? - C:\Programme\ClearProg\ClearProg.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\Thom\Startmenü\Programme\Autostart\desktop.ini "Hardcopy.LNK" - "sw4you, Siegfried Weckmann" - C:\Programme\Hardcopy\hardcopy.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "AVG_UI" - "AVG Technologies CZ, s.r.o." - "C:\Programme\AVG\AVG2013\avgui.exe" /TRAYONLY "Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe" "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "Optical Tilt Mouse" - ? - "C:\Programme\Office-Web\Office-Web Center\Panel.exe" (File found, but it contains no detailed information) "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor iP4300" - "CANON INC." - C:\WINDOWS\system32\CNMLM86.DLL "hpzlnt04" - "HP" - C:\WINDOWS\system32\hpzlnt04.dll "RPT" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) "WEB.DE Fax Monitor" - "WEB.DE GmbH" - C:\WINDOWS\system32\UIWEBMON.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2013\avgwdsvc.exe "AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2013\avgidsagent.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\MAGIX\Common\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe "vToolbarUpdater12.2.6" (vToolbarUpdater12.2.6) - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe (File not found) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-13 18:46:04
-----------------------------
18:46:04.628 OS Version: Windows 5.1.2600 Service Pack 3
18:46:04.628 Number of processors: 1 586 0x602
18:46:04.638 ComputerName: THOM-2000 UserName: Thom
18:46:05.549 Initialize success
18:46:44.158 AVAST engine defs: 12101300
18:47:51.842 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:47:51.842 Disk 0 Vendor: HDS722516VLAT80 V34OA6EA Size: 157066MB BusType: 3
18:47:51.852 Disk 0 MBR read successfully
18:47:51.852 Disk 0 MBR scan
18:47:52.273 Disk 0 Windows XP default MBR code
18:47:52.283 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
18:47:52.774 Disk 0 Partition - 00 0F Extended LBA 117059 MB offset 81915435
18:47:52.784 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 117059 MB offset 81915498
18:47:52.824 Disk 0 scanning sectors +321653430
18:47:53.034 Disk 0 scanning C:\WINDOWS\system32\drivers
18:48:17.652 Service scanning
18:48:42.831 Modules scanning
18:49:04.003 Disk 0 trace - called modules:
18:49:04.354 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:49:04.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fa5ab8]
18:49:04.354 3 CLASSPNP.SYS[f8556fd7] -> nt!IofCallDriver -> \Device\00000058[0x82f80f18]
18:49:04.354 5 ACPI.sys[f84ac620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fab940]
18:49:04.935 AVAST engine scan C:\WINDOWS
18:49:21.861 AVAST engine scan C:\WINDOWS\system32
18:52:21.537 AVAST engine scan C:\WINDOWS\system32\drivers
18:52:47.126 AVAST engine scan C:\Dokumente und Einstellungen\Thom
18:55:49.056 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:58:50.906 Scan finished successfully
18:59:15.643 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Thom\Desktop\MBR.dat"
18:59:15.653 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Thom\Desktop\aswMBR.txt"
|
|
13.10.2012, 20:49
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUM.Disabled.SecurityCenter Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.10.2012, 13:57
| #27 |
| | Trojaner PUM.Disabled.SecurityCenter Hallo, superanti läuft grad der scan. Es werden Funde gemeldet! Trojan.Agent/Gen-Krpytik! Was ist zu tun wenn Scan durch ist? Malwarebytes hatte keine Meldung |
|
14.10.2012, 19:18
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUM.Disabled.SecurityCenterZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 15:48
| #29 |
| | Trojaner PUM.Disabled.SecurityCenterCode:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.14.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Thom :: THOM-2000 [Administrator] 14.10.2012 10:54:08 mbam-log-2012-10-14 (10-54-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 311785 Laufzeit: 2 Stunde(n), 54 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/15/2012 at 04:35 PM
Application Version : 5.6.1010
Core Rules Database Version : 9401
Trace Rules Database Version: 7213
Scan type : Complete Scan
Total Scan Time : 19:59:53
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 37818
Registry threats detected : 0
File items scanned : 79037
File threats detected : 6
Trojan.Agent/Gen-Krpytik
C:\01COMM32\BIN\01ABOU32.DLL
C:\01COMM32\BIN\AUTOCT32.DLL
C:\01COMM32\BIN\IMG32MFX.DLL
C:\01COMM32\BIN\INSTFAX.EXE
C:\01COMM32\BIN\PRINTD32.DLL
C:\01COMM32\BIN\WSCANI32.DLL
|
|
15.10.2012, 15:54
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner PUM.Disabled.SecurityCenterCode:
ATTFilter Trojan.Agent/Gen-Krpytik
C:\01COMM32\BIN\01ABOU32.DLL
C:\01COMM32\BIN\AUTOCT32.DLL
C:\01COMM32\BIN\IMG32MFX.DLL
C:\01COMM32\BIN\INSTFAX.EXE
C:\01COMM32\BIN\PRINTD32.DLL
C:\01COMM32\BIN\WSCANI32.DLL
Ordner C:\01COMM32 ?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner PUM.Disabled.SecurityCenter |
| antivir, avira, bho, bonjour, canon, einstellungen, error, explorer, fehler, firefox, google, helper, home, homepage, installation, logfile, malwarebytes, microsoft, plug-in, problem, pum.disabled.securitycenter, registry, safer networking, scan, software, trojaner, virus, wallpaper, winlogon |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
