Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.11.2012, 09:06   #1
Canni
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Frage

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



Hallo und guten Morgen zusammen,

für eines unserer Systeme hat "ESET Endpoint Antivirus" (Version 5.0.2126) die nachfolgenden Warnungen ausgegeben:

Zitat:
Threat Id Threat 501
Client Name Notebook03
Computer Name Notebook03
MAC Address xx
Primary Server 192.168.4.2
Date Received 2012-11-12 08:11:36
Date Occurred 2012-11-12 08:11:25
Level Warning
Scanner Startup scanner
Object file
Name C:\Dokumente und Einstellungen\Username\Anwendungsdaten\olepro32R.dll
Threat a variant of Win32/Kryptik.AOOB trojan
Action cleaned by deleting (after the next restart)
User Domain\Username
Information
Zitat:
Column Name Value
Threat Id Threat 502
Client Name Notebook03
Computer Name Notebook03
MAC Address xx
Primary Server 192.168.4.2
Date Received 2012-11-12 08:13:43
Date Occurred 2012-11-12 08:12:42
Level Critical Warning
Scanner Startup scanner
Object file
Name Operating memory » rundll32.exe(2096)
Threat probably a variant of Win32/Ponmocup.AA trojan
Action unable to clean
User Domain\Username
Information
Zitat:
Threat Id Threat 503
Client Name Notebook03
Computer Name Notebook03
MAC Address xx
Primary Server 192.168.4.2
Date Received 2012-11-12 08:26:25
Date Occurred 2012-11-12 08:26:08
Level Warning
Scanner Real-time file system protection
Object file
Name C:\System Volume Information\_restore{DB2059DD-1446-434B-95F1-0FF082202072}\RP789\A0204411.dll
Threat a variant of Win32/Kryptik.AOOB trojan
Action cleaned by deleting - quarantined
User NT-AUTORITÄT\SYSTEM
Information
Wie würdet ihr weiter vorgehen? Ich habe ESET nun angewiesen, noch einen Vollscan auf dem Rechner vorzunehmen - und warte derzeit noch auf das Ergebnis.

Vielen Dank für Eure Unterstützung !!

Canni

Alt 12.11.2012, 13:28   #2
markusg
/// Malware-holic
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Standard

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



hi
bitte mal drauf achten, in naher zukunft kommt eset 6
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 13.11.2012, 11:52   #3
Canni
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Standard

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



Hallo auch und vielen Dank für die schnelle Unterstützung. Auch wenn manche es anders sehen - ich bin für soetwas sehr dankbar.

OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.11.2012 11:20:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = c:\dokumente und einstellungen\Username\desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 67,35% Memory free
3,72 Gb Paging File | 3,34 Gb Available in Paging File | 89,64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 108,67 Gb Total Space | 86,07 Gb Free Space | 79,20% Space Free | Partition Type: NTFS
 
Computer Name: Notebook03| User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Dokumente und Einstellungen\Username\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Eset\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Programme\Eset\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Programme\gateProtect\VPN Client\bin\Service.exe ()
PRC - C:\Programme\gateProtect\VPN Client\bin\VpnClient.exe (gateProtect Aktiengesellschaft Germany)
PRC - C:\Programme\gateProtect\VPN Client\bin\openvpn.exe ()
PRC - C:\WINDOWS\system32\DKabcoms.exe ( )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\sdb4mlm.dll ()
MOD - C:\WINDOWS\system32\SaXPWIA.dll ()
MOD - C:\Programme\gateProtect\VPN Client\bin\Service.exe ()
MOD - C:\Programme\gateProtect\VPN Client\bin\openvpn.exe ()
MOD - C:\Programme\gateProtect\VPN Client\bin\libssl32.dll ()
MOD - C:\Programme\gateProtect\VPN Client\bin\libeay32.dll ()
MOD - C:\Programme\gateProtect\VPN Client\bin\libpkcs11-helper-1.dll ()
MOD - C:\Programme\Plustek\Plustek SmartOffice PS286\Scanapi.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\AdobeXMP.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe 

Systems Incorporated)
SRV - (ESHASRV) -- C:\Programme\Eset\ESET NOD32 Antivirus\EShaSrv.exe (ESET)
SRV - (EhttpSrv) -- C:\Programme\Eset\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Programme\Eset\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (PSEXESVC) -- C:\WINDOWS\PSEXESVC.EXE (Sysinternals)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (GPVPNService) -- C:\Programme\gateProtect\VPN Client\bin\Service.exe ()
SRV - (dkab_device) -- C:\WINDOWS\system32\DKabcoms.exe ( )
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (winvnc) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (SSPORT) -- C:\WINDOWS\system32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = 

hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

hxxp://www.google.de
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\..\SearchScopes,DefaultScope = 

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: 

"URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\Software\Microsoft\Windows\CurrentVersion\Internet 

Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page 

Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page 

Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page 

Redirect Cache_TIMESTAMP = 56 52 7F E4 0D 8C CD 01  [binary data]
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\..\SearchScopes,DefaultScope = 

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: 

"URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\Software\Microsoft\Windows\CurrentVersion\Internet 

Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll 

(Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: 

c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
 
 
O1 HOSTS File: ([2010.12.15 18:31:52 | 000,000,908 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 192.168.8.1	domainfs02
O1 - Hosts: 192.168.4.2.	domainsrv02
O1 - Hosts: 192.168.3.2	domainsrv01
O1 - Hosts: 192.168.3.2	domain-server
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame 

Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll 

(Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinVNC] C:\Programme\UltraVNC\WinVNC.exe (UltraVNC)
O4 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184..\Run: [JHHUNHM] rundll32 "C:\Dokumente und 

Einstellungen\Username\Anwendungsdaten\olepro32R.dll",wkoceupvmph File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DocAction (Plustek 

SmartOffice PS286).lnk = C:\Programme\Plustek\Plustek SmartOffice PS286\DocuAction.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\Software\Policies\Microsoft\Internet 

Explorer\SearchScopes present
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoDriveTypeAutoRun = 181
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoWindowsUpdate = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoSMHelp = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoSMMyPictures = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoStartMenuMyMusic = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoTaskGrouping = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoAutoTrayNotify = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoStartMenuPinnedList = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoSMConfigurePrograms = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoWelcomeScreen = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoWebServices = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoInternetOpenWith = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoPublishingWizard = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoOnlinePrintsWizard = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoManageMyComputerVerb = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoFolderOptions = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoNetConnectDisconnect = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoDFSTab = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoHardwareTab = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoPropertiesMyComputer = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoPropertiesMyDocuments = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoPropertiesRecycleBin = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoCloseDragDropBands = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoDesktopCleanupWizard = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

RestrictCpl = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoStartMenuNetworkPlaces = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoRecentDocsNetHood = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

GreyMSIAds = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

ForceStartMenuLogOff = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoThemesTab = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoActiveDesktop = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

SpecifyDefaultButtons = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Back = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Forward = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Stop = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Refresh = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Home = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Search = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Favorites = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_History = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Folders = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Fullscreen = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Tools = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_MailNews = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Size = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Print = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Edit = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Discussions = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Cut = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Copy = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Paste = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

Btn_Encoding = 2
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

DisallowRun = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 1 = teamviewer_setup_de.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 2 = teamviewerqs_de.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 3 = teamviewer_host_setup.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 4 = teamviewerqj_de.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 5 = teamviewer_.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 6 = teamviewer_desktop.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 7 = teamviewer_service.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 8 = tv_w32.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 9 = teamviewer.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 10 = teamviewerportable.zip
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re

strictCpl: 1 = access.cpl (Microsoft Corporation)
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re

strictCpl: 2 = desk.cpl (Microsoft Corporation)
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re

strictCpl: 3 = Drucker und Faxgeräte
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re

strictCpl: 4 = inetcpl.cpl (Microsoft Corporation)
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re

strictCpl: 5 = main.cpl (Microsoft Corporation)
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re

strictCpl: 6 = ncpa.cpl (Microsoft Corporation)
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re

strictCpl: 7 = Netzwerkverbindungen
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

NoSizeChoice = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

NoVisualStyleChoice = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

NoColorChoice = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

NoDispAppearancePage = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

HideLogonScripts = 0
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\Software\Policies\Microsoft\Internet 

Explorer\SearchScopes present
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoDriveTypeAutoRun = 145
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

DisallowRun = 1
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 1 = teamviewer_setup_de.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 2 = teamviewerqs_de.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 3 = teamviewer_host_setup.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 4 = teamviewerqj_de.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 5 = teamviewer_.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 6 = teamviewer_desktop.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 7 = teamviewer_service.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 8 = tv_w32.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 9 = teamviewer.exe
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di

sallowRun: 10 = teamviewerportable.zip
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

HideLogonScripts = 0
O7 - 

HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

RunLogonScriptSync = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 

C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} 

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} 

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB 

(DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg 

Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22EE4D86-E7E0-4173-A1D7-A824831BB6AE}: 

DhcpNameServer = 192.168.4.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E6FD560-B6A4-4E90-A33E-D443B7A988EB}: 

DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame 

Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame 

Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\t-mobile - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame 

Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft 

Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies 

Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.08 20:36:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5ab0c3ca-be24-11dc-aeeb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ab0c3ca-be24-11dc-aeeb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ab0c3ca-be24-11dc-aeeb-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall 

%SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE 

/CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection 

C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection 

C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB 

/CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe 

c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" 

"C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.13 11:20:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.13 08:18:05 | 000,517,804 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.13 08:18:05 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.13 08:18:05 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.13 08:18:04 | 000,101,656 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.13 07:58:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.11 12:15:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.12 12:02:48 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.06 10:59:38 | 000,950,585 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2012.09.06 10:58:23 | 000,124,224 | R--- | C] () -- C:\WINDOWS\wiainst.exe
[2012.09.06 10:56:47 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.09.06 10:56:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.09.06 10:56:19 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\sdb4mlm.dll
[2012.09.06 09:51:43 | 000,026,280 | RHS- | C] () -- C:\Dokumente und Einstellungen\Admin\ntuser.pol
[2012.02.15 09:00:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.02 13:18:18 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2011.11.02 13:17:39 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabusb1.dll
[2011.11.02 13:17:39 | 000,655,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabpmui.dll
[2011.11.02 13:17:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabiesc.dll
[2011.11.02 13:17:38 | 001,044,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabserv.dll
[2011.11.02 13:17:38 | 000,573,440 | ---- | C] ( ) -- C:\WINDOWS\System32\dkablmpm.dll
[2011.11.02 13:17:38 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabpar1.dll
[2011.11.02 13:17:37 | 000,864,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabip1.dll
[2011.11.02 13:17:37 | 000,454,656 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabiobj.dll
[2011.11.02 13:17:37 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabhcp.dll
[2011.11.02 13:17:37 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabinpa.dll
[2011.11.02 13:17:36 | 000,819,200 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabcomc.dll
[2011.11.02 13:17:36 | 000,586,992 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcoms.exe
[2011.11.02 13:17:36 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabcomm.dll
[2010.12.17 17:11:48 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\CDASpl.dll
[2008.01.09 17:49:09 | 000,111,582 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2008.01.09 14:47:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft 

Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft 

Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.11.10 18:00:55 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Admin\Anwendungsdaten\gateProtect
[2012.09.06 14:28:57 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Admin\Anwendungsdaten\postgresql
[2012.09.06 11:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Admin\Anwendungsdaten\Samsung
[2008.05.28 12:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Administrator\Anwendungsdaten\gateProtect
[2008.01.09 18:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Administrator.domain\Anwendungsdaten\gateProtect
[2012.09.06 13:48:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All 

Users\Anwendungsdaten\catalog.wci
[2012.09.12 09:27:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2008.01.09 18:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All 

Users\Anwendungsdaten\gateProtect
[2012.05.15 08:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All 

Users\Anwendungsdaten\GroupPolicy
[2008.01.11 12:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Username\Anwendungsdaten\gateProtect
[2012.09.06 10:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Username\Anwendungsdaten\ScanSoft
[2009.11.10 17:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und 

Einstellungen\Username\Anwendungsdaten\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.04.02 11:05:48 | 000,000,000 | ---D | M] -- C:\0e879178f524f79b48d972edae98ca
[2008.01.08 20:46:29 | 000,000,000 | ---D | M] -- C:\DELL
[2012.09.06 14:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.05.09 11:05:26 | 000,000,000 | ---D | M] -- C:\f61568063dd41ca28217b41279f7a3
[2008.01.08 20:48:19 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.02 10:35:36 | 000,000,000 | ---D | M] -- C:\lj1015
[2008.01.09 17:53:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.09.06 12:05:51 | 000,000,000 | R--D | M] -- C:\Programme
[2009.09.16 09:33:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.09.06 11:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.13 07:59:20 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 06:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 06:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 06:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 06:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 06:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 06:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 06:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2008.01.08 20:34:27 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008.01.08 20:41:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.11.12 12:02:48 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- 

C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- 

C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- 

C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- 

C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- 

C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- 

C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- 

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- 

C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- 

C:\WINDOWS\system32\eventlog.dll
[2004.08.04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- 

C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 11:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- 

C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- 

C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- 

C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- 

C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- 

C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 22:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- 

C:\WINDOWS\dell\iastor\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- 

C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- 

C:\WINDOWS\system32\netlogon.dll
[2004.08.04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- 

C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2006.10.18 23:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- 

C:\WINDOWS\dell\nvraid\nvata.sys
 
< MD5 for: NVATABUS.SYS  >
[2006.10.18 22:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- 

C:\WINDOWS\dell\nvraid\NvAtaBus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- 

C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- 

C:\WINDOWS\system32\scecli.dll
[2004.08.04 11:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- 

C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- 

C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- 

C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- 

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 11:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- 

C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- 

C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- 

C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- 

C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- 

C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- 

C:\WINDOWS\system32\userinit.exe
[2004.08.04 11:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- 

C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 11:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- 

C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- 

C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- 

C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- 

C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- 

C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.08 21:10:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.01.08 21:10:03 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.01.08 21:10:03 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.11.13 11:22:34 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\NTUSER.DAT
[2012.11.13 11:32:12 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\NTUSER.DAT.LOG
[2012.10.05 14:08:45 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.ini
[2012.09.06 09:51:43 | 000,026,280 | RHS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs 

>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: 

%SystemRoot%\system32\win32k.sys [2012.07.03 19:25:08 | 001,866,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary 

data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: 

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On 

SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 

ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---


Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.11.2012 11:20:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = c:\dokumente und einstellungen\username\desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 67,35% Memory free
3,72 Gb Paging File | 3,34 Gb Available in Paging File | 89,64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 108,67 Gb Total Space | 86,07 Gb Free Space | 79,20% Space Free | Partition Type: NTFS
 
Computer Name: Notebook03 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 0
"AllowUserPrefMerge" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 0
"AllowUserPrefMerge" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 0
"LogSuccessfulConnections" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"Enabled" = 0
"AllowUserPrefMerge" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 0
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Globa

llyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) 
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Glo

ballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Autho

rizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft 

Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\DKabcoms.exe" = C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP -- ( )
"C:\WINDOWS\twain_32\Dell\DELL1265\SCNSearch\USDAgent.exe" = 

C:\WINDOWS\twain_32\Dell\DELL1265\SCNSearch\USDAgent.exe:*:Enabled:Dell Scanner Discovery Module V2 -- ()
"C:\Programme\Dell\Dell B1265dnf Laser MFP\Dell Scan Assistant\USDAgent.exe" = C:\Programme\Dell\Dell B1265dnf 

Laser MFP\Dell Scan Assistant\USDAgent.exe:*:Enabled:Dell B1265dnf Laser MFP Scan Assistant - USDAgent.exe -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common 

Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Dell\Dell Printer Manager\Dell.Application.exe" = C:\Programme\Dell\Dell Printer 

Manager\Dell.Application.exe:*:Enabled:Dell Printer Manager -- (Dell Inc.)
"C:\Programme\Dell\Dell Printer Manager\Dell.OrderSupplies.exe" = C:\Programme\Dell\Dell Printer 

Manager\Dell.OrderSupplies.exe:*:Enabled:Dell Order Supplies  -- (Dell Inc.)
"C:\Programme\Dell\Dell Printer Manager\Dell.Alert.exe" = C:\Programme\Dell\Dell Printer 

Manager\Dell.Alert.exe:*:Enabled:Dell Alert  -- (Dell Inc.)
"C:\Programme\Dell\Dell Printer Manager\uninstall.exe" = C:\Programme\Dell\Dell Printer 

Manager\uninstall.exe:*:Enabled:Dell uninstaller  -- (Dell Inc.)
"C:\Programme\Dell\Dell Printer Manager\CDAS2PC\Dell.CDAS2PC.exe" = C:\Programme\Dell\Dell Printer 

Manager\CDAS2PC\Dell.CDAS2PC.exe:*:Enabled:Dell CDA Scan2PC -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Aut

horizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft 

Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\DKabcoms.exe" = C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP -- ( )
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04DB82C1-94DF-45AE-88C4-C32489EE1E85}" = DI Capture
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{2DBE349F-FF05-42FE-81A9-2B3A0EC22BBE}" = Common Desktop Agent
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4771CFBF-A680-419C-9447-BB9D3EAE12A1}" = ESET Endpoint Antivirus
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office 

Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office 

Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office 

Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office 

Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 

2007 Service Pack 3 (SP3)
"{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01750A5-49E5-4BF4-92CC-F72F5F20DBEC}" = Adobe Flash Player 11 ActiveX
"{D9A717D8-6C94-43EA-9E83-7C2A5B7DFA65}" = Plustek SmartOffice PS286
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (11/14/2006 

6.00.01.04)
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell B1265dnf Laser MFP" = Dell B1265dnf Laser MFP
"Dell B1265dnf Laser MFP Scan Assistant" = Dell B1265dnf Laser MFP Scan Assistant
"Dell_HostCD" = Dell Druckersoftware-Deinstallation
"FreePDF_XP" = FreePDF XP (Remove only)
"gateProtect VPN Client 3.0" = gateProtect VPN Client 3.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iDRS(tm) OCR Software by I.R.I.S" = iDRS(tm) OCR Software by I.R.I.S
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU 

Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sv.net" = sv.net
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.11.2012 14:48:29 | Computer Name = Notebook03 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
 keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
 ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden.   Die Registrierung
 wird nicht durchgeführt.
 
Error - 12.11.2012 14:48:31 | Computer Name = Notebook03 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
 werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
 hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
 
Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
 werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
 hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
 
Error - 12.11.2012 15:04:44 | Computer Name = Notebook03 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
 keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
 ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden.   Die Registrierung
 wird nicht durchgeführt.
 
Error - 12.11.2012 15:08:58 | Computer Name = Notebook03 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
 werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
 hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
 
Error - 13.11.2012 02:59:11 | Computer Name = Notebook03 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
 werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
 hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
 
Error - 13.11.2012 02:59:11 | Computer Name = Notebook03 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
 keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
 ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden.   Die Registrierung
 wird nicht durchgeführt.
 
Error - 13.11.2012 03:06:35 | Computer Name = Notebook03 | Source = Ci | ID = 4124
Description = Der Inhaltsindex auf c:\system volume information\catalog.wci ist 
beschädigt. Fahren Sie den  Indexdienst (cisvc) herunter, und starten Sie ihn erneut.
 
Error - 13.11.2012 03:06:35 | Computer Name = Notebook03 | Source = Ci | ID = 4126
Description = Die Metadaten des Inhaltsindex auf c:\system volume information\catalog.wci
 werden aufgeräumt. Wiederherstellen des Indexes erfolgt  automatisch durch erneutes
 Filtern aller Dokumente.
 
Error - 13.11.2012 03:16:18 | Computer Name = Notebook03 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
 werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
 hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
 
[ OSession Events ]
Error - 14.09.2009 08:57:06 | Computer Name = Notebook03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7006
 seconds with 5100 seconds of active time.  This session ended with a crash.
 
Error - 11.03.2011 15:17:23 | Computer Name = Notebook03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.11.2012 14:48:29 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = NETLOGON | ID = 5719
Description = Es steht kein Domänencontroller für die Domäne Domain aus folgendem Grund
 zur  Verfügung:   %%1311.    Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden
 ist, und  versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn
das
 Problem weiterhin besteht.
 
Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 13.11.2012 02:59:10 | Computer Name = Notebook03 | Source = NETLOGON | ID = 5719
Description = Es steht kein Domänencontroller für die Domäne Domain aus folgendem Grund
 zur  Verfügung:   %%1311.    Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden
 ist, und  versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn
das
 Problem weiterhin besteht.
 
Error - 13.11.2012 02:59:10 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 13.11.2012 02:59:11 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 13.11.2012 03:14:14 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 13.11.2012 03:16:59 | Computer Name = Notebook03 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.9.38 für die Netzwerkkarte mit der Netzwerkadresse
 00FF22EE4D86 wurde durch  den DHCP-Server 192.168.9.254 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 13.11.2012 03:17:02 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
 
< End of report >
         
--- --- ---


Heute Morgen kam beim Systemstart ein Verweis auf die olepro32r.dll, welche fehlt (Virenscanner hat sie ja eliminiert).
__________________

Alt 13.11.2012, 22:05   #4
markusg
/// Malware-holic
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Standard

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



hi
sieht bisher nicht weiter schlimm aus.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.11.2012, 13:55   #5
Canni
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Standard

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



Hallo markusg,

Danke für Deine Hilfe. Ich habe alles so umgesetzt, wie Du es geschrieben hast.

Logfile:
Code:
ATTFilter
14:57:00.0692 4088  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:57:01.0099 4088  ============================================================
14:57:01.0099 4088  Current date / time: 2012/11/15 14:57:01.0099
14:57:01.0099 4088  SystemInfo:
14:57:01.0099 4088  
14:57:01.0099 4088  OS Version: 5.1.2600 ServicePack: 3.0
14:57:01.0099 4088  Product type: Workstation
14:57:01.0099 4088  ComputerName: Notebook03
14:57:01.0099 4088  UserName: Admin
14:57:01.0099 4088  Windows directory: C:\WINDOWS
14:57:01.0099 4088  System windows directory: C:\WINDOWS
14:57:01.0099 4088  Processor architecture: Intel x86
14:57:01.0099 4088  Number of processors: 2
14:57:01.0099 4088  Page size: 0x1000
14:57:01.0099 4088  Boot type: Normal boot
14:57:01.0099 4088  ============================================================
14:57:03.0247 4088  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:57:03.0262 4088  ============================================================
14:57:03.0262 4088  \Device\Harddisk0\DR0:
14:57:03.0262 4088  MBR partitions:
14:57:03.0262 4088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0xD9572EA
14:57:03.0262 4088  ============================================================
14:57:03.0294 4088  C: <-> \Device\Harddisk0\DR0\Partition1
14:57:03.0294 4088  ============================================================
14:57:03.0294 4088  Initialize success
14:57:03.0294 4088  ============================================================
14:57:43.0247 2104  ============================================================
14:57:43.0247 2104  Scan started
14:57:43.0247 2104  Mode: Manual; SigCheck; TDLFS; 
14:57:43.0247 2104  ============================================================
14:57:44.0031 2104  ================ Scan system memory ========================
14:57:44.0031 2104  System memory - ok
14:57:44.0031 2104  ================ Scan services =============================
14:57:44.0141 2104  Abiosdsk - ok
14:57:44.0156 2104  abp480n5 - ok
14:57:44.0219 2104  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:57:45.0113 2104  ACPI - ok
14:57:45.0144 2104  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:57:45.0316 2104  ACPIEC - ok
14:57:45.0395 2104  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:57:45.0426 2104  AdobeFlashPlayerUpdateSvc - ok
14:57:45.0426 2104  adpu160m - ok
14:57:45.0442 2104  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:57:45.0630 2104  aec - ok
14:57:45.0661 2104  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:57:45.0724 2104  AFD - ok
14:57:45.0724 2104  Aha154x - ok
14:57:45.0740 2104  aic78u2 - ok
14:57:45.0740 2104  aic78xx - ok
14:57:45.0802 2104  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:57:45.0975 2104  Alerter - ok
14:57:46.0069 2104  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
14:57:46.0241 2104  ALG - ok
14:57:46.0241 2104  AliIde - ok
14:57:46.0288 2104  [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:57:46.0414 2104  AmdK8 - ok
14:57:46.0414 2104  amsint - ok
14:57:46.0476 2104  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:57:46.0649 2104  AppMgmt - ok
14:57:46.0649 2104  asc - ok
14:57:46.0664 2104  asc3350p - ok
14:57:46.0680 2104  asc3550 - ok
14:57:46.0821 2104  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:57:46.0868 2104  aspnet_state - ok
14:57:46.0884 2104  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:57:47.0056 2104  AsyncMac - ok
14:57:47.0072 2104  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:57:47.0229 2104  atapi - ok
14:57:47.0244 2104  Atdisk - ok
14:57:47.0291 2104  [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:57:47.0370 2104  Ati HotKey Poller - ok
14:57:47.0464 2104  [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:57:47.0934 2104  ati2mtag - ok
14:57:47.0981 2104  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:57:48.0153 2104  Atmarpc - ok
14:57:48.0185 2104  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:57:48.0341 2104  AudioSrv - ok
14:57:48.0373 2104  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:57:48.0545 2104  audstub - ok
14:57:48.0608 2104  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:57:48.0859 2104  BCM43XX - ok
14:57:48.0906 2104  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:57:49.0015 2104  bcm4sbxp - ok
14:57:49.0078 2104  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:57:49.0251 2104  Beep - ok
14:57:49.0313 2104  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:57:49.0486 2104  BITS - ok
14:57:49.0533 2104  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
14:57:49.0564 2104  Browser - ok
14:57:49.0611 2104  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\Drivers\BrScnUsb.sys
14:57:49.0689 2104  BrScnUsb ( UnsignedFile.Multi.Generic ) - warning
14:57:49.0689 2104  BrScnUsb - detected UnsignedFile.Multi.Generic (1)
14:57:49.0721 2104  [ D48C13F4A409AEE8DAFADDAC81E34557 ] BrSerIf         C:\WINDOWS\system32\Drivers\BrSerIf.sys
14:57:49.0846 2104  BrSerIf - ok
14:57:49.0862 2104  [ 8FA0AC830A8312912A3AA0C0431CBA0D ] BrUsbSer        C:\WINDOWS\system32\Drivers\BrUsbSer.sys
14:57:49.0940 2104  BrUsbSer - ok
14:57:50.0003 2104  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:57:50.0191 2104  cbidf2k - ok
14:57:50.0207 2104  cd20xrnt - ok
14:57:50.0254 2104  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:57:50.0442 2104  Cdaudio - ok
14:57:50.0473 2104  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:57:50.0614 2104  Cdfs - ok
14:57:50.0646 2104  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:57:50.0834 2104  Cdrom - ok
14:57:50.0865 2104  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
14:57:50.0881 2104  cercsr6 ( UnsignedFile.Multi.Generic ) - warning
14:57:50.0881 2104  cercsr6 - detected UnsignedFile.Multi.Generic (1)
14:57:50.0896 2104  Changer - ok
14:57:50.0943 2104  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:57:51.0100 2104  CiSvc - ok
14:57:51.0131 2104  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:57:51.0320 2104  ClipSrv - ok
14:57:51.0367 2104  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:57:51.0429 2104  clr_optimization_v2.0.50727_32 - ok
14:57:51.0461 2104  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:57:51.0508 2104  clr_optimization_v4.0.30319_32 - ok
14:57:51.0539 2104  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:57:51.0711 2104  CmBatt - ok
14:57:51.0711 2104  CmdIde - ok
14:57:51.0743 2104  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:57:51.0884 2104  Compbatt - ok
14:57:51.0884 2104  COMSysApp - ok
14:57:51.0900 2104  Cpqarray - ok
14:57:51.0962 2104  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:57:52.0119 2104  CryptSvc - ok
14:57:52.0119 2104  dac2w2k - ok
14:57:52.0135 2104  dac960nt - ok
14:57:52.0197 2104  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:57:52.0291 2104  DcomLaunch - ok
14:57:52.0370 2104  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:57:52.0542 2104  Dhcp - ok
14:57:52.0558 2104  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:57:52.0715 2104  Disk - ok
14:57:52.0715 2104  dkab_device - ok
14:57:52.0730 2104  dmadmin - ok
14:57:53.0044 2104  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:57:53.0436 2104  dmboot - ok
14:57:53.0451 2104  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:57:53.0624 2104  dmio - ok
14:57:53.0639 2104  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:57:53.0827 2104  dmload - ok
14:57:53.0859 2104  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:57:54.0000 2104  dmserver - ok
14:57:54.0016 2104  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:57:54.0188 2104  DMusic - ok
14:57:54.0219 2104  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:57:54.0313 2104  Dnscache - ok
14:57:54.0376 2104  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:57:54.0517 2104  Dot3svc - ok
14:57:54.0564 2104  [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
14:57:54.0846 2104  Dot4 - ok
14:57:54.0878 2104  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
14:57:55.0113 2104  Dot4Print - ok
14:57:55.0113 2104  [ 29E86AF2F3457D0441348020FE3CFBD0 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
14:57:55.0364 2104  dot4usb - ok
14:57:55.0364 2104  dpti2o - ok
14:57:55.0395 2104  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:57:55.0599 2104  drmkaud - ok
14:57:55.0661 2104  [ 4D2A9AF9D9AE43FBCF6FEB3CBD98AD12 ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
14:57:56.0053 2104  eamon - ok
14:57:56.0147 2104  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:57:56.0335 2104  EapHost - ok
14:57:56.0382 2104  [ A0BD6F855387CD1A36C6D28D8EDDBCFA ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
14:57:56.0461 2104  ehdrv - ok
14:57:56.0633 2104  [ D1418489E6E7F327588048A18F7B0E77 ] EhttpSrv        C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
14:57:56.0649 2104  EhttpSrv - ok
14:57:56.0727 2104  [ 9F8DAD98CD208B31F47D30B6CD9C0536 ] ekrn            C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
14:57:56.0884 2104  ekrn - ok
14:57:56.0962 2104  [ DF85C125F6F8CED74982687D13CACF0E ] epfwtdir        C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
14:57:57.0166 2104  epfwtdir - ok
14:57:57.0229 2104  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:57:57.0370 2104  ERSvc - ok
14:57:57.0448 2104  [ C4ED090444B65D50569969DCA99B4A90 ] ESHASRV         C:\Programme\ESET\ESET NOD32 Antivirus\EShaSrv.exe
14:57:57.0480 2104  ESHASRV - ok
14:57:57.0511 2104  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
14:57:57.0574 2104  Eventlog - ok
14:57:57.0621 2104  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
14:57:57.0683 2104  EventSystem - ok
14:57:57.0715 2104  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:57:57.0871 2104  Fastfat - ok
14:57:57.0918 2104  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:57:57.0997 2104  FastUserSwitchingCompatibility - ok
14:57:58.0012 2104  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:57:58.0154 2104  Fdc - ok
14:57:58.0185 2104  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:57:58.0326 2104  Fips - ok
14:57:58.0357 2104  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:57:58.0530 2104  Flpydisk - ok
14:57:58.0577 2104  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:57:58.0718 2104  FltMgr - ok
14:57:58.0796 2104  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:57:58.0828 2104  FontCache3.0.0.0 - ok
14:57:58.0843 2104  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:57:59.0016 2104  Fs_Rec - ok
14:57:59.0031 2104  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:57:59.0219 2104  Ftdisk - ok
14:57:59.0251 2104  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:57:59.0423 2104  Gpc - ok
14:57:59.0517 2104  [ 676CC03365C8B1DACEB5260AE0FE1E8E ] GPVPNService    C:\Programme\gateProtect\VPN Client\bin\Service.exe
14:57:59.0533 2104  GPVPNService ( UnsignedFile.Multi.Generic ) - warning
14:57:59.0533 2104  GPVPNService - detected UnsignedFile.Multi.Generic (1)
14:57:59.0580 2104  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:57:59.0768 2104  HDAudBus - ok
14:57:59.0815 2104  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:57:59.0956 2104  helpsvc - ok
14:57:59.0987 2104  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:58:00.0160 2104  HidServ - ok
14:58:00.0191 2104  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:58:00.0379 2104  hidusb - ok
14:58:00.0411 2104  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:58:00.0552 2104  hkmsvc - ok
14:58:00.0552 2104  hpn - ok
14:58:00.0630 2104  [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
14:58:00.0944 2104  HSF_DPV - ok
14:58:00.0975 2104  [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
14:58:01.0116 2104  HSXHWAZL - ok
14:58:01.0179 2104  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:58:01.0241 2104  HTTP - ok
14:58:01.0288 2104  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:58:01.0429 2104  HTTPFilter - ok
14:58:01.0445 2104  i2omgmt - ok
14:58:01.0445 2104  i2omp - ok
14:58:01.0492 2104  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:58:01.0680 2104  i8042prt - ok
14:58:01.0790 2104  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:58:01.0900 2104  idsvc - ok
14:58:01.0915 2104  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:58:02.0088 2104  Imapi - ok
14:58:02.0135 2104  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:58:02.0809 2104  ImapiService - ok
14:58:02.0824 2104  ini910u - ok
14:58:02.0840 2104  IntelIde - ok
14:58:02.0903 2104  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:58:03.0122 2104  Ip6Fw - ok
14:58:03.0154 2104  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:58:03.0389 2104  IpFilterDriver - ok
14:58:03.0420 2104  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:58:03.0592 2104  IpInIp - ok
14:58:03.0624 2104  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:58:03.0796 2104  IpNat - ok
14:58:03.0843 2104  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:58:04.0016 2104  IPSec - ok
14:58:04.0047 2104  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:58:04.0219 2104  IRENUM - ok
14:58:04.0251 2104  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:58:04.0408 2104  isapnp - ok
14:58:04.0439 2104  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:58:04.0658 2104  Kbdclass - ok
14:58:04.0705 2104  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:58:04.0909 2104  kbdhid - ok
14:58:05.0003 2104  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:58:05.0191 2104  kmixer - ok
14:58:05.0223 2104  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:58:05.0348 2104  KSecDD - ok
14:58:05.0411 2104  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:58:05.0442 2104  lanmanserver - ok
14:58:05.0520 2104  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:58:05.0552 2104  lanmanworkstation - ok
14:58:05.0567 2104  lbrtfdc - ok
14:58:05.0614 2104  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:58:05.0756 2104  LmHosts - ok
14:58:05.0787 2104  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:58:05.0850 2104  mdmxsdk - ok
14:58:05.0897 2104  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:58:06.0038 2104  Messenger - ok
14:58:06.0085 2104  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:58:06.0257 2104  mnmdd - ok
14:58:06.0320 2104  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:58:06.0461 2104  mnmsrvc - ok
14:58:06.0508 2104  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:58:06.0649 2104  Modem - ok
14:58:06.0665 2104  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:58:06.0837 2104  Mouclass - ok
14:58:06.0853 2104  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:58:07.0072 2104  mouhid - ok
14:58:07.0088 2104  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:58:07.0245 2104  MountMgr - ok
14:58:07.0245 2104  mraid35x - ok
14:58:07.0260 2104  [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:58:07.0323 2104  MRxDAV - ok
14:58:07.0370 2104  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:58:07.0464 2104  MRxSmb - ok
14:58:07.0511 2104  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:58:07.0668 2104  MSDTC - ok
14:58:07.0683 2104  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:58:07.0809 2104  Msfs - ok
14:58:07.0825 2104  MSIServer - ok
14:58:07.0840 2104  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:58:08.0075 2104  MSKSSRV - ok
14:58:08.0107 2104  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:58:08.0279 2104  MSPCLOCK - ok
14:58:08.0279 2104  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:58:08.0451 2104  MSPQM - ok
14:58:08.0483 2104  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:58:08.0624 2104  mssmbios - ok
14:58:08.0655 2104  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:58:08.0671 2104  Mup - ok
14:58:08.0734 2104  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:58:08.0875 2104  napagent - ok
14:58:08.0906 2104  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:58:09.0047 2104  NDIS - ok
14:58:09.0094 2104  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:58:09.0125 2104  NdisTapi - ok
14:58:09.0172 2104  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:58:09.0361 2104  Ndisuio - ok
14:58:09.0361 2104  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:58:09.0564 2104  NdisWan - ok
14:58:09.0611 2104  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:58:09.0643 2104  NDProxy - ok
14:58:09.0690 2104  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:58:09.0831 2104  NetBIOS - ok
14:58:09.0862 2104  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:58:10.0035 2104  NetBT - ok
14:58:10.0066 2104  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:58:10.0254 2104  NetDDE - ok
14:58:10.0254 2104  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:58:10.0395 2104  NetDDEdsdm - ok
14:58:10.0442 2104  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:58:10.0583 2104  Netlogon - ok
14:58:10.0630 2104  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
14:58:10.0771 2104  Netman - ok
14:58:10.0787 2104  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:58:10.0818 2104  NetTcpPortSharing - ok
14:58:10.0865 2104  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:58:10.0897 2104  Nla - ok
14:58:10.0944 2104  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:58:11.0085 2104  Npfs - ok
14:58:11.0116 2104  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:58:11.0288 2104  Ntfs - ok
14:58:11.0304 2104  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:58:11.0430 2104  NtLmSsp - ok
14:58:11.0461 2104  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:58:11.0649 2104  NtmsSvc - ok
14:58:11.0665 2104  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:58:11.0837 2104  Null - ok
14:58:11.0868 2104  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:58:12.0088 2104  NwlnkFlt - ok
14:58:12.0119 2104  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:58:12.0323 2104  NwlnkFwd - ok
14:58:12.0401 2104  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
14:58:12.0433 2104  odserv - ok
14:58:12.0480 2104  [ 7AF6EC0EA4261ECF7DA084103BE31EA8 ] odysseyIM4      C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
14:58:12.0574 2104  odysseyIM4 - ok
14:58:12.0589 2104  OMCI - ok
14:58:12.0621 2104  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:58:12.0636 2104  ose - ok
14:58:12.0668 2104  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:58:12.0825 2104  Parport - ok
14:58:12.0840 2104  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:58:12.0981 2104  PartMgr - ok
14:58:13.0013 2104  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:58:13.0216 2104  ParVdm - ok
14:58:13.0216 2104  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:58:13.0373 2104  PCI - ok
14:58:13.0373 2104  PCIDump - ok
14:58:13.0389 2104  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:58:13.0561 2104  PCIIde - ok
14:58:13.0577 2104  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:58:13.0749 2104  Pcmcia - ok
14:58:13.0765 2104  PDCOMP - ok
14:58:13.0765 2104  PDFRAME - ok
14:58:13.0781 2104  PDRELI - ok
14:58:13.0796 2104  PDRFRAME - ok
14:58:13.0812 2104  perc2 - ok
14:58:13.0812 2104  perc2hib - ok
14:58:13.0859 2104  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
14:58:13.0875 2104  PlugPlay - ok
14:58:13.0890 2104  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:58:14.0016 2104  PolicyAgent - ok
14:58:14.0047 2104  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:58:14.0204 2104  PptpMiniport - ok
14:58:14.0267 2104  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:58:14.0439 2104  Processor - ok
14:58:14.0455 2104  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:58:14.0596 2104  ProtectedStorage - ok
14:58:14.0611 2104  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:58:14.0784 2104  PSched - ok
14:58:14.0815 2104  [ A283E768FA12EF33087F07B01F82D6DD ] PSEXESVC        C:\WINDOWS\PSEXESVC.EXE
14:58:14.0909 2104  PSEXESVC - ok
14:58:14.0925 2104  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:58:15.0144 2104  Ptilink - ok
14:58:15.0144 2104  ql1080 - ok
14:58:15.0160 2104  Ql10wnt - ok
14:58:15.0176 2104  ql12160 - ok
14:58:15.0176 2104  ql1240 - ok
14:58:15.0191 2104  ql1280 - ok
14:58:15.0238 2104  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:58:15.0426 2104  RasAcd - ok
14:58:15.0458 2104  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:58:15.0630 2104  RasAuto - ok
14:58:15.0646 2104  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:58:15.0865 2104  Rasl2tp - ok
14:58:15.0881 2104  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:58:16.0100 2104  RasMan - ok
14:58:16.0100 2104  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:58:16.0289 2104  RasPppoe - ok
14:58:16.0289 2104  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:58:16.0508 2104  Raspti - ok
14:58:16.0524 2104  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:58:16.0680 2104  Rdbss - ok
14:58:16.0696 2104  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:58:16.0884 2104  RDPCDD - ok
14:58:16.0931 2104  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:58:17.0104 2104  rdpdr - ok
14:58:17.0151 2104  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:58:17.0198 2104  RDPWD - ok
14:58:17.0213 2104  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:58:17.0354 2104  RDSessMgr - ok
14:58:17.0370 2104  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:58:17.0543 2104  redbook - ok
14:58:17.0558 2104  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:58:17.0715 2104  RemoteAccess - ok
14:58:17.0762 2104  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:58:17.0919 2104  RemoteRegistry - ok
14:58:17.0966 2104  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:58:18.0075 2104  rimmptsk - ok
14:58:18.0107 2104  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:58:18.0248 2104  RpcLocator - ok
14:58:18.0295 2104  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:58:18.0326 2104  RpcSs - ok
14:58:18.0389 2104  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:58:18.0608 2104  RSVP - ok
14:58:18.0624 2104  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:58:18.0749 2104  SamSs - ok
14:58:18.0781 2104  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:58:18.0922 2104  SCardSvr - ok
14:58:18.0953 2104  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:58:19.0094 2104  Schedule - ok
14:58:19.0126 2104  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:58:19.0408 2104  sdbus - ok
14:58:19.0439 2104  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:58:19.0596 2104  Secdrv - ok
14:58:19.0627 2104  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:58:19.0768 2104  seclogon - ok
14:58:19.0800 2104  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
14:58:19.0956 2104  SENS - ok
14:58:20.0003 2104  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
14:58:20.0176 2104  Serial - ok
14:58:20.0223 2104  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:58:20.0395 2104  Sfloppy - ok
14:58:20.0427 2104  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:58:20.0583 2104  SharedAccess - ok
14:58:20.0599 2104  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:58:20.0630 2104  ShellHWDetection - ok
14:58:20.0630 2104  Simbad - ok
14:58:20.0646 2104  Sparrow - ok
14:58:20.0677 2104  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:58:20.0818 2104  splitter - ok
14:58:20.0850 2104  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:58:20.0897 2104  Spooler - ok
14:58:20.0912 2104  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:58:21.0038 2104  sr - ok
14:58:21.0085 2104  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:58:21.0242 2104  srservice - ok
14:58:21.0273 2104  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:58:21.0336 2104  Srv - ok
14:58:21.0383 2104  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:58:21.0524 2104  SSDPSRV - ok
14:58:21.0571 2104  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\WINDOWS\system32\Drivers\SSPORT.sys
14:58:21.0571 2104  SSPORT ( UnsignedFile.Multi.Generic ) - warning
14:58:21.0571 2104  SSPORT - detected UnsignedFile.Multi.Generic (1)
14:58:21.0665 2104  [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
14:58:22.0088 2104  STHDA - ok
14:58:22.0166 2104  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:58:22.0307 2104  stisvc - ok
14:58:22.0339 2104  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:58:22.0511 2104  swenum - ok
14:58:22.0527 2104  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:58:22.0715 2104  swmidi - ok
14:58:22.0715 2104  SwPrv - ok
14:58:22.0731 2104  symc810 - ok
14:58:22.0731 2104  symc8xx - ok
14:58:22.0746 2104  sym_hi - ok
14:58:22.0746 2104  sym_u3 - ok
14:58:22.0809 2104  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:58:22.0950 2104  sysaudio - ok
14:58:22.0997 2104  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:58:23.0154 2104  SysmonLog - ok
14:58:23.0217 2104  [ 5C7C939BBD03784FE58C80578D065CC9 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
14:58:23.0295 2104  tap0901 ( UnsignedFile.Multi.Generic ) - warning
14:58:23.0295 2104  tap0901 - detected UnsignedFile.Multi.Generic (1)
14:58:23.0342 2104  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:58:23.0514 2104  TapiSrv - ok
14:58:23.0577 2104  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:58:23.0608 2104  Tcpip - ok
14:58:23.0640 2104  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:58:23.0797 2104  TDPIPE - ok
14:58:23.0812 2104  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:58:23.0985 2104  TDTCP - ok
14:58:23.0985 2104  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:58:24.0188 2104  TermDD - ok
14:58:24.0235 2104  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:58:24.0815 2104  TermService - ok
14:58:24.0847 2104  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:58:24.0894 2104  Themes - ok
14:58:24.0941 2104  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:58:25.0160 2104  TlntSvr - ok
14:58:25.0176 2104  TosIde - ok
14:58:25.0223 2104  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:58:25.0364 2104  TrkWks - ok
14:58:25.0395 2104  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:58:25.0536 2104  Udfs - ok
14:58:25.0552 2104  ultra - ok
14:58:25.0599 2104  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:58:25.0850 2104  Update - ok
14:58:25.0881 2104  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:58:26.0069 2104  upnphost - ok
14:58:26.0101 2104  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
14:58:26.0242 2104  UPS - ok
14:58:26.0273 2104  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:58:26.0461 2104  usbccgp - ok
14:58:26.0492 2104  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:58:26.0665 2104  usbehci - ok
14:58:26.0665 2104  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:58:26.0837 2104  usbhub - ok
14:58:26.0869 2104  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:58:27.0025 2104  usbohci - ok
14:58:27.0057 2104  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:58:27.0213 2104  usbprint - ok
14:58:27.0261 2104  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:58:27.0417 2104  usbscan - ok
14:58:27.0449 2104  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:58:27.0605 2104  USBSTOR - ok
14:58:27.0668 2104  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:58:27.0809 2104  VgaSave - ok
14:58:27.0825 2104  ViaIde - ok
14:58:27.0856 2104  [ B67632451F760797BB183E1FB99F4B39 ] vnccom          C:\WINDOWS\system32\Drivers\vnccom.SYS
14:58:27.0919 2104  vnccom ( UnsignedFile.Multi.Generic ) - warning
14:58:27.0919 2104  vnccom - detected UnsignedFile.Multi.Generic (1)
14:58:27.0966 2104  [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv          C:\WINDOWS\system32\DRIVERS\vncdrv.sys
14:58:28.0013 2104  vncdrv ( UnsignedFile.Multi.Generic ) - warning
14:58:28.0013 2104  vncdrv - detected UnsignedFile.Multi.Generic (1)
14:58:28.0044 2104  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:58:28.0185 2104  VolSnap - ok
14:58:28.0264 2104  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:58:28.0420 2104  VSS - ok
14:58:28.0452 2104  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:58:28.0593 2104  W32Time - ok
14:58:28.0608 2104  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:58:28.0765 2104  Wanarp - ok
14:58:28.0765 2104  WDICA - ok
14:58:28.0828 2104  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:58:28.0985 2104  wdmaud - ok
14:58:29.0000 2104  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:58:29.0157 2104  WebClient - ok
14:58:29.0188 2104  [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
14:58:29.0455 2104  winachsf - ok
14:58:29.0565 2104  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:58:29.0721 2104  winmgmt - ok
14:58:29.0800 2104  [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
14:58:29.0972 2104  WinRM - ok
14:58:30.0098 2104  [ 913FF5A608DE6A2AB320EB919092049A ] winvnc          C:\Programme\UltraVNC\WinVNC.exe
14:58:30.0207 2104  winvnc ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0207 2104  winvnc - detected UnsignedFile.Multi.Generic (1)
14:58:30.0207 2104  wltrysvc - ok
14:58:30.0254 2104  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:58:30.0317 2104  WmdmPmSN - ok
14:58:30.0395 2104  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:58:30.0521 2104  Wmi - ok
14:58:30.0552 2104  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:58:30.0819 2104  WmiAcpi - ok
14:58:30.0850 2104  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:58:31.0007 2104  WmiApSrv - ok
14:58:31.0132 2104  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
14:58:31.0383 2104  WMPNetworkSvc - ok
14:58:31.0508 2104  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:58:31.0587 2104  WPFFontCache_v0400 - ok
14:58:31.0634 2104  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:58:31.0775 2104  wscsvc - ok
14:58:31.0790 2104  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:58:31.0947 2104  wuauserv - ok
14:58:31.0978 2104  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:58:32.0057 2104  WudfPf - ok
14:58:32.0088 2104  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:58:32.0104 2104  WudfRd - ok
14:58:32.0135 2104  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:58:32.0151 2104  WudfSvc - ok
14:58:32.0214 2104  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:58:32.0386 2104  WZCSVC - ok
14:58:32.0402 2104  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:58:32.0558 2104  xmlprov - ok
14:58:32.0574 2104  ================ Scan global ===============================
14:58:32.0621 2104  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
14:58:32.0652 2104  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:58:32.0668 2104  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:58:32.0699 2104  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
14:58:32.0699 2104  [Global] - ok
14:58:32.0699 2104  ================ Scan MBR ==================================
14:58:32.0731 2104  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:58:33.0060 2104  \Device\Harddisk0\DR0 - ok
14:58:33.0060 2104  ================ Scan VBR ==================================
14:58:33.0060 2104  [ ACC2F3FFF9BA05F0C5662455218CA57E ] \Device\Harddisk0\DR0\Partition1
14:58:33.0076 2104  \Device\Harddisk0\DR0\Partition1 - ok
14:58:33.0076 2104  ============================================================
14:58:33.0076 2104  Scan finished
14:58:33.0076 2104  ============================================================
14:58:33.0201 3592  Detected object count: 8
14:58:33.0201 3592  Actual detected object count: 8
14:58:57.0693 3592  BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0693 3592  BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:57.0693 3592  cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0693 3592  cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:57.0693 3592  GPVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0693 3592  GPVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:57.0708 3592  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0708 3592  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:57.0708 3592  tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0708 3592  tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:57.0708 3592  vnccom ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0708 3592  vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:57.0708 3592  vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0708 3592  vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:57.0724 3592  winvnc ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:57.0724 3592  winvnc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Wie bekommen wir die nach der Windows-Anmeldung auftretende Fehlermeldung entfernt, dass "C:\Dokumente und Einstellungen\Username\Anwendungsdaten\olepro32R.dll" nicht gefunden werden konnte?


Alt 19.11.2012, 17:31   #6
markusg
/// Malware-holic
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Standard

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184..\Run: [JHHUNHM] rundll32 "C:\Dokumente und Einstellungen\Username\Anwendungsdaten\olepro32R.dll",wkoceupvmph File not found
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
__________________
--> Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?

Alt 26.11.2012, 12:23   #7
Canni
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Standard

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



Das kam als Bestätigung ... passt das so?

Vielen Dank !

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1825349137-338196624-3985880893-1184\Software\Microsoft\Windows\CurrentVersion\Run\\JHHUNHM deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 405 bytes
 
User: Administrator
 
User: Administrator.Domain
->Flash cache emptied: 405 bytes
 
User: All Users
 
User: Default User
 
User: User
->Flash cache emptied: 78696 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
Error: Unable to interpret <[emptytemp]]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 11262012_120842
         

Alt 27.11.2012, 18:04   #8
markusg
/// Malware-holic
 
Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Standard

Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?



hi,
passt.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?
antivirus, dokumente, einstellungen, entfernen, eset, guten, kryptik.aoob trojan, morgen, ponmocup.aa, rechner, restore, rundll, rundll32.exe, system volume information, systeme, threat, trojan, unterstützung, variant, version, volume, warnungen, win, win32/ponmocup.aa, würde, würdet, zusammen, _restore



Ähnliche Themen: Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Windows Vista, Trojanerbefall Win32/Kryptik.BXAT trojan Antivirenprogramm kann nicht mehr gestartet werden
    Log-Analyse und Auswertung - 28.03.2014 (19)
  3. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  4. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  5. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  6. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  7. Win32/Kryptik.BDQK trojan entdeckt
    Log-Analyse und Auswertung - 30.06.2013 (8)
  8. Verschlüsselungs-Trojaner: Trojan.Win32.Yakes.bshd, Trojan.Win32.Bublik.abyj
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (1)
  9. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  10. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  11. Entfernen von Virus:Win32/Bamital.H und Trojan:Win32/Spyeye.H aus wininit.exe und explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 19.11.2010 (37)
  12. syspck32.exe Win32/Rootkit.Kryptik.AF trojan
    Log-Analyse und Auswertung - 05.10.2010 (19)
  13. Trojan.Win32.Cosmu.jnu/Trojan/Win32.Cosmu.gen Befall !!! Kann ihn nicht entfernen !!!
    Log-Analyse und Auswertung - 01.02.2010 (49)
  14. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  15. Win32/Kryptik.BDR trojan
    Plagegeister aller Art und deren Bekämpfung - 17.12.2009 (9)
  16. Trojan-Spy.Win32.Pophot.gzv / Trojan.Win32.Buzus.alwl / Virus.Win32.Virut.ce
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (1)
  17. brauch hilfe bei: Win32/Oleloa.gen!, Trojan.Win32.Golid.g, Trojan.Win32.Small.ev
    Plagegeister aller Art und deren Bekämpfung - 29.11.2005 (1)

Zum Thema Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? - Hallo und guten Morgen zusammen, für eines unserer Systeme hat "ESET Endpoint Antivirus" (Version 5.0.2126) die nachfolgenden Warnungen ausgegeben: Zitat: Threat Id Threat 501 Client Name Notebook03 Computer Name Notebook03 - Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?...
Archiv
Du betrachtest: Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.