| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebyte findet exploit drop gs !Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 16:07
| #1 |
| |  Malwarebyte findet exploit drop gs ! Hallo, MALWAREBYTE findet immer EXPLOITDROPGS. Der Trojaner lässt sich nicht löschen. Was ist zu tun ? Anbei die MALWAREBYTE Auswertung Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.29.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 DBK23 :: PRODBK23 [Administrator] Schutz: Deaktiviert 31.01.2013 16:30:54 MBAM-log-2013-01-31 (17-33-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 659420 Laufzeit: 1 Stunde(n), 2 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 44 C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\32304950-39c6bd26 (Trojan.Agent) -> Keine Aktion durchgeführt. C:\Windows\Installer\{DBC8E755-D889-6A10-5735-A6653713F68B}\syshost.exe (Trojan.Lameshield.124) -> Keine Aktion durchgeführt. c:\users\apothekenadmin\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbk13\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbk23\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr11\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr5\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr6\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr7\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr8\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr9\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbrx\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\temp\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\apothekenadmin\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbk13\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbk23\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbr11\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbr5\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbr6\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbr7\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbr8\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbr9\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\dbrx\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\localservice\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\networkservice\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\windows\system32\config\systemprofile\appdata\local\syshost.exe (Exploit.Drop.GSLAD) -> Keine Aktion durchgeführt. c:\users\apothekenadmin\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbk13\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbk23\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr11\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr5\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr6\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr7\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr8\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbr9\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\dbrx\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\users\public\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\localservice\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\networkservice\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. c:\windows\system32\config\systemprofile\syshost.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. C:\Users\DBK23\AppData\Roaming\Microsoft\AddIns\ProkasXL.exe (Trojan.Agent) -> Keine Aktion durchgeführt. c:\windows\syshost.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. (Ende) |
|
31.01.2013, 19:58
| #2 |
| /// Helfer-Team  | Malwarebyte findet exploit drop gs ! Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
31.01.2013, 20:47
| #3 |
| | Malwarebyte findet exploit drop gs ! OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 31.01.2013 20:08:18 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DBK23\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,42 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 73,52% Memory free 7,42 Gb Paging File | 6,47 Gb Available in Paging File | 87,20% Paging File free Paging file location(s): c:\pagefile.sys 4095 4095 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 465,27 Gb Total Space | 380,40 Gb Free Space | 81,76% Space Free | Partition Type: NTFS Computer Name: PRODBK23 | User Name: DBK23 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\DBK23\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (67cf29f3c2300003) -- C:\windows\System32\drivers\67cf29f3c2300003.sys () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (ncprwsnt) -- C:\Programme\NCP\SecureClient\ncprwsnt.exe (NCP Engineering GmbH) SRV - (rwsrsu) -- C:\Programme\NCP\SecureClient\rwsrsu.exe (NCP engineering GmbH) SRV - (ncpclcfg) -- C:\Programme\NCP\SecureClient\ncpclcfg.exe (NCP engineering GmbH) SRV - (MatSvc) -- C:\Programme\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (NcpSec) -- C:\Programme\NCP\SecureClient\NCPSEC.EXE () SRV - (WDFME) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe () SRV - (WDSC) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe () SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (uvnc_service) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (DB2JDS) -- C:\SQLLIB\bin\db2jds.exe () SRV - (DB2NTSECSERVER) -- C:\SQLLIB\bin\db2sec.exe () ========== Driver Services (SafeList) ========== DRV - (nmserial) -- C:\windows\system32\drivers\nmserial.sys File not found DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found DRV - (67cf29f3c2300003) -- C:\windows\System32\drivers\67cf29f3c2300003.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (TCPIP6) -- C:\windows\System32\DRIVERS\tcpip.sys () DRV - (Tcpip) -- C:\windows\System32\drivers\tcpip.sys () DRV - (tcpipreg) -- C:\windows\System32\drivers\tcpipreg.sys () DRV - (Ntfs) -- C:\windows\System32\drivers\ntfs.sys () DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys () DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys () DRV - (RdpVideoMiniport) -- C:\windows\System32\drivers\rdpvideominiport.sys () DRV - (TsUsbGD) -- C:\windows\System32\drivers\TsUsbGD.sys () DRV - (TsUsbFlt) -- C:\windows\System32\drivers\tsusbflt.sys () DRV - (NDIS) -- C:\windows\System32\drivers\ndis.sys () DRV - (Wdf01000) -- C:\windows\System32\drivers\Wdf01000.sys () DRV - (WudfPf) -- C:\windows\System32\drivers\WudfPf.sys () DRV - (WUDFRd) -- C:\windows\System32\DRIVERS\WUDFRd.sys () DRV - (cmnsusbser) -- C:\windows\System32\DRIVERS\cmnsusbser.sys () DRV - (KSecDD) -- C:\windows\System32\Drivers\ksecdd.sys () DRV - (RDPWD) -- C:\windows\System32\drivers\rdpwd.sys () DRV - (HipShieldK) -- C:\windows\System32\drivers\HipShieldK.sys () DRV - (ncplelhp) -- C:\windows\System32\DRIVERS\ncplelhp.sys () DRV - (ncpfilt) -- C:\windows\System32\DRIVERS\ncplelhp.sys () DRV - (partmgr) -- C:\windows\System32\drivers\partmgr.sys () DRV - (Fs_Rec) -- C:\windows\System32\drivers\fs_rec.sys () DRV - (TDTCP) -- C:\windows\System32\drivers\tdtcp.sys () DRV - (e1cexpress) -- C:\windows\System32\DRIVERS\e1c6232.sys () DRV - (IntcDAud) -- C:\windows\System32\DRIVERS\IntcDAud.sys () DRV - (Netaapl) -- C:\windows\System32\DRIVERS\netaapl.sys () DRV - (mrxsmb10) -- C:\windows\System32\DRIVERS\mrxsmb10.sys () DRV - (e1qexpress) -- C:\windows\System32\DRIVERS\e1q6232.sys () DRV - (JRAID) -- C:\windows\System32\drivers\jraid.sys () DRV - (srv) -- C:\windows\System32\DRIVERS\srv.sys () DRV - (srv2) -- C:\windows\System32\DRIVERS\srv2.sys () DRV - (srvnet) -- C:\windows\System32\DRIVERS\srvnet.sys () DRV - (mrxsmb20) -- C:\windows\System32\DRIVERS\mrxsmb20.sys () DRV - (mrxsmb) -- C:\windows\System32\DRIVERS\mrxsmb.sys () DRV - (asmtxhci) -- C:\windows\System32\drivers\asmtxhci.sys () DRV - (asmthub3) -- C:\windows\System32\drivers\asmthub3.sys () DRV - (usbhub) -- C:\windows\System32\DRIVERS\usbhub.sys () DRV - (usbccgp) -- C:\windows\System32\DRIVERS\usbccgp.sys () DRV - (usbehci) -- C:\windows\System32\DRIVERS\usbehci.sys () DRV - (usbohci) -- C:\windows\System32\drivers\usbohci.sys () DRV - (usbuhci) -- C:\windows\System32\drivers\usbuhci.sys () DRV - (USBSTOR) -- C:\windows\System32\DRIVERS\USBSTOR.SYS () DRV - (bowser) -- C:\windows\System32\DRIVERS\bowser.sys () DRV - (WDC_SAM) -- C:\windows\System32\DRIVERS\wdcsam.sys () DRV - (SNXPPALX) -- C:\windows\System32\drivers\snxppalx.sys () DRV - (SNXPSERX) -- C:\windows\System32\drivers\snxpserx.sys () DRV - (NETwNs32) -- C:\windows\System32\DRIVERS\NETwNs32.sys () DRV - (volsnap) -- C:\windows\System32\drivers\volsnap.sys () DRV - (volmgr) -- C:\windows\System32\drivers\volmgr.sys () DRV - (vmbus) -- C:\windows\System32\drivers\vmbus.sys () DRV - (vhdmp) -- C:\windows\System32\drivers\vhdmp.sys () DRV - (storflt) -- C:\windows\System32\drivers\vmstorfl.sys () DRV - (storvsc) -- C:\windows\System32\drivers\storvsc.sys () DRV - (TermDD) -- C:\windows\System32\DRIVERS\termdd.sys () DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys () DRV - (sbp2port) -- C:\windows\System32\drivers\sbp2port.sys () DRV - (pci) -- C:\windows\System32\drivers\pci.sys () DRV - (iScsiPrt) -- C:\windows\System32\drivers\msiscsi.sys () DRV - (msdsm) -- C:\windows\System32\drivers\msdsm.sys () DRV - (mpio) -- C:\windows\System32\drivers\mpio.sys () DRV - (mountmgr) -- C:\windows\System32\drivers\mountmgr.sys () DRV - (msahci) -- C:\windows\System32\drivers\msahci.sys () DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys () DRV - (DXGKrnl) -- C:\windows\System32\drivers\dxgkrnl.sys () DRV - (fvevol) -- C:\windows\System32\DRIVERS\fvevol.sys () DRV - (RDPDR) -- C:\windows\System32\drivers\rdpdr.sys () DRV - (tssecsrv) -- C:\windows\System32\DRIVERS\tssecsrv.sys () DRV - (RDPCDD) -- C:\windows\System32\DRIVERS\RDPCDD.sys () DRV - (TDPIPE) -- C:\windows\System32\drivers\tdpipe.sys () DRV - (NdisWan) -- C:\windows\System32\DRIVERS\ndiswan.sys () DRV - (Wanarpv6) -- C:\windows\System32\DRIVERS\wanarp.sys () DRV - (WANARP) -- C:\windows\System32\DRIVERS\wanarp.sys () DRV - (NDProxy) -- C:\windows\System32\drivers\ndproxy.sys () DRV - (tunnel) -- C:\windows\System32\DRIVERS\tunnel.sys () DRV - (Ndisuio) -- C:\windows\System32\DRIVERS\ndisuio.sys () DRV - (umbus) -- C:\windows\System32\DRIVERS\umbus.sys () DRV - (WinUsb) -- C:\windows\System32\DRIVERS\WinUsb.sys () DRV - (HidUsb) -- C:\windows\System32\DRIVERS\hidusb.sys () DRV - (sffp_sd) -- C:\windows\System32\drivers\sffp_sd.sys () DRV - (CompositeBus) -- C:\windows\System32\DRIVERS\CompositeBus.sys () DRV - (kbdhid) -- C:\windows\System32\DRIVERS\kbdhid.sys () DRV - (scfilter) -- C:\windows\System32\DRIVERS\scfilter.sys () DRV - (IPMIDRV) -- C:\windows\System32\drivers\IPMIDrv.sys () DRV - (dmvsc) -- C:\windows\System32\drivers\dmvsc.sys () DRV - (VMBusHID) -- C:\windows\System32\drivers\VMBusHID.sys () DRV - (s3cap) -- C:\windows\System32\drivers\vms3cap.sys () DRV - (CSC) -- C:\windows\System32\drivers\csc.sys () DRV - (rdbss) -- C:\windows\System32\DRIVERS\rdbss.sys () DRV - (MRxDAV) -- C:\windows\System32\drivers\mrxdav.sys () DRV - (DfsC) -- C:\windows\System32\Drivers\dfsc.sys () DRV - (udfs) -- C:\windows\System32\DRIVERS\udfs.sys () DRV - (HTTP) -- C:\windows\System32\drivers\HTTP.sys () DRV - (NetBT) -- C:\windows\System32\DRIVERS\netbt.sys () DRV - (tdx) -- C:\windows\System32\DRIVERS\tdx.sys () DRV - (cdrom) -- C:\windows\System32\DRIVERS\cdrom.sys () DRV - (FTDIBUS) -- C:\windows\System32\drivers\ftdibus.sys () DRV - (FTSER2K) -- C:\windows\System32\drivers\ftser2k.sys () DRV - (StnPport) -- C:\windows\System32\drivers\StnPport.sys () DRV - (StnSport) -- C:\windows\System32\drivers\StnSport.sys () DRV - (nvlddmkm) -- C:\windows\System32\DRIVERS\nvlddmkm.sys () DRV - (rtl8192se) -- C:\windows\System32\DRIVERS\rtl8192se.sys () DRV - (athr) -- C:\windows\System32\DRIVERS\athr.sys () DRV - (MEI) -- C:\windows\System32\drivers\HECI.sys () DRV - (HECI) -- C:\windows\System32\drivers\HECI.sys () DRV - (SPorts) -- C:\windows\System32\drivers\SPorts.sys () DRV - (FSCSLII) -- C:\windows\System32\drivers\FSCSLII.sys () DRV - (nvstor32) -- C:\windows\System32\drivers\nvstor32.sys () DRV - (nvrd32) -- C:\windows\System32\drivers\nvrd32.sys () DRV - (PPorts) -- C:\windows\System32\drivers\PPorts.sys () DRV - (PciPPorts) -- C:\windows\System32\drivers\PciPPorts.sys () DRV - (TPM) -- C:\windows\System32\drivers\tpm.sys () DRV - (Ser2pl) -- C:\windows\System32\drivers\ser2pl.sys () DRV - (nvamacpi) -- C:\windows\System32\drivers\NVAMACPI.sys () DRV - (CLFS) -- C:\windows\System32\CLFS.sys () DRV - (Compbatt) -- C:\windows\System32\drivers\compbatt.sys () DRV - (atapi) -- C:\windows\System32\drivers\atapi.sys () DRV - (pciide) -- C:\windows\System32\drivers\pciide.sys () DRV - (MsRPC) -- C:\windows\System32\drivers\msrpc.sys () DRV - (nv_agp) -- C:\windows\System32\drivers\nv_agp.sys () DRV - (Mup) -- C:\windows\System32\Drivers\mup.sys () DRV - (mouclass) -- C:\windows\System32\DRIVERS\mouclass.sys () DRV - (mssmbios) -- C:\windows\System32\DRIVERS\mssmbios.sys () DRV - (msisadrv) -- C:\windows\System32\drivers\msisadrv.sys () DRV - (isapnp) -- C:\windows\System32\drivers\isapnp.sys () DRV - (kbdclass) -- C:\windows\System32\DRIVERS\kbdclass.sys () DRV - (intelide) -- C:\windows\System32\drivers\intelide.sys () DRV - (FltMgr) -- C:\windows\System32\drivers\fltmgr.sys () DRV - (FileInfo) -- C:\windows\System32\drivers\fileinfo.sys () DRV - (gagp30kx) -- C:\windows\System32\drivers\gagp30kx.sys () DRV - (FsDepends) -- C:\windows\System32\drivers\FsDepends.sys () DRV - (crcdisk) -- C:\windows\System32\drivers\crcdisk.sys () DRV - (Disk) -- C:\windows\System32\drivers\disk.sys () DRV - (volmgrx) -- C:\windows\System32\drivers\volmgrx.sys () DRV - (uliagpkx) -- C:\windows\System32\drivers\uliagpkx.sys () DRV - (Wd) -- C:\windows\System32\drivers\wd.sys () DRV - (uagp35) -- C:\windows\System32\drivers\uagp35.sys () DRV - (viaagp) -- C:\windows\System32\drivers\viaagp.sys () DRV - (vdrvroot) -- C:\windows\System32\drivers\vdrvroot.sys () DRV - (WIMMount) -- C:\windows\System32\drivers\wimmount.sys () DRV - (swenum) -- C:\windows\System32\DRIVERS\swenum.sys () DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys () DRV - (pcmcia) -- C:\windows\System32\drivers\pcmcia.sys () DRV - (spldr) -- C:\windows\System32\drivers\spldr.sys () DRV - (PEAUTH) -- C:\windows\System32\drivers\peauth.sys () DRV - (usbprint) -- C:\windows\System32\drivers\usbprint.sys () DRV - (rdpbus) -- C:\windows\System32\DRIVERS\rdpbus.sys () DRV - (RDPREFMP) -- C:\windows\System32\drivers\rdprefmp.sys () DRV - (RDPENCDD) -- C:\windows\System32\drivers\rdpencdd.sys () DRV - (Modem) -- C:\windows\System32\drivers\modem.sys () DRV - (ROOTMODEM) -- C:\windows\System32\Drivers\RootMdm.sys () DRV - (ws2ifsl) -- C:\windows\System32\drivers\ws2ifsl.sys () DRV - (RasAgileVpn) -- C:\windows\System32\DRIVERS\AgileVpn.sys () DRV - (RasSstp) -- C:\windows\System32\DRIVERS\rassstp.sys () DRV - (RasPppoe) -- C:\windows\System32\DRIVERS\raspppoe.sys () DRV - (PptpMiniport) -- C:\windows\System32\DRIVERS\raspptp.sys () DRV - (AsyncMac) -- C:\windows\System32\DRIVERS\asyncmac.sys () DRV - (RasAcd) -- C:\windows\System32\DRIVERS\rasacd.sys () DRV - (Rasl2tp) -- C:\windows\System32\DRIVERS\rasl2tp.sys () DRV - (IPNAT) -- C:\windows\System32\drivers\ipnat.sys () DRV - (IpFilterDriver) -- C:\windows\System32\DRIVERS\ipfltdrv.sys () DRV - (NdisTapi) -- C:\windows\System32\DRIVERS\ndistapi.sys () DRV - (QWAVEdrv) -- C:\windows\System32\drivers\qwavedrv.sys () DRV - (Psched) -- C:\windows\System32\DRIVERS\pacer.sys () DRV - (NetBIOS) -- C:\windows\System32\DRIVERS\netbios.sys () DRV - (WfpLwf) -- C:\windows\System32\DRIVERS\wfplwf.sys () DRV - (Smb) -- C:\windows\System32\DRIVERS\smb.sys () DRV - (IRENUM) -- C:\windows\System32\drivers\irenum.sys () DRV - (rspndr) -- C:\windows\System32\DRIVERS\rspndr.sys () DRV - (lltdio) -- C:\windows\System32\DRIVERS\lltdio.sys () DRV - (mpsdrv) -- C:\windows\System32\drivers\mpsdrv.sys () DRV - (NdisCap) -- C:\windows\System32\DRIVERS\ndiscap.sys () DRV - (vwifimp) -- C:\windows\System32\DRIVERS\vwifimp.sys () DRV - (vwififlt) -- C:\windows\System32\DRIVERS\vwififlt.sys () DRV - (NativeWifiP) -- C:\windows\System32\DRIVERS\nwifi.sys () DRV - (vwifibus) -- C:\windows\System32\DRIVERS\vwifibus.sys () DRV - (usbvideo) -- C:\windows\System32\Drivers\usbvideo.sys () DRV - (HdAudAddService) -- C:\windows\System32\drivers\HdAudio.sys () DRV - (BthPan) -- C:\windows\System32\DRIVERS\bthpan.sys () DRV - (RFCOMM) -- C:\windows\System32\DRIVERS\rfcomm.sys () DRV - (BTHUSB) -- C:\windows\System32\Drivers\BTHUSB.sys () DRV - (BthEnum) -- C:\windows\System32\drivers\BthEnum.sys () DRV - (UmPass) -- C:\windows\System32\drivers\umpass.sys () DRV - (BTHMODEM) -- C:\windows\System32\drivers\bthmodem.sys () DRV - (HidBth) -- C:\windows\System32\drivers\hidbth.sys () DRV - (BTHPORT) -- C:\windows\System32\Drivers\BTHport.sys () DRV - (ohci1394) -- C:\windows\System32\drivers\ohci1394.sys () DRV - (usbcir) -- C:\windows\System32\drivers\usbcir.sys () DRV - (circlass) -- C:\windows\System32\DRIVERS\circlass.sys () DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys () DRV - (HidIr) -- C:\windows\System32\drivers\hidir.sys () DRV - (drmkaud) -- C:\windows\System32\drivers\drmkaud.sys () DRV - (MTConfig) -- C:\windows\System32\drivers\MTConfig.sys () DRV - (WacomPen) -- C:\windows\System32\drivers\wacompen.sys () DRV - (sfloppy) -- C:\windows\System32\drivers\sfloppy.sys () DRV - (sffp_mmc) -- C:\windows\System32\drivers\sffp_mmc.sys () DRV - (sffdisk) -- C:\windows\System32\drivers\sffdisk.sys () DRV - (fdc) -- C:\windows\System32\drivers\fdc.sys () DRV - (flpydisk) -- C:\windows\System32\drivers\flpydisk.sys () DRV - (Parport) -- C:\windows\System32\drivers\parport.sys () DRV - (Serial) -- C:\windows\System32\drivers\serial.sys () DRV - (Parvdm) -- C:\windows\System32\drivers\parvdm.sys () DRV - (Serenum) -- C:\windows\System32\drivers\serenum.sys () DRV - (mouhid) -- C:\windows\System32\DRIVERS\mouhid.sys () DRV - (sermouse) -- C:\windows\System32\drivers\sermouse.sys () DRV - (MSKSSRV) -- C:\windows\System32\drivers\MSKSSRV.sys () DRV - (MSTEE) -- C:\windows\System32\drivers\MSTEE.sys () DRV - (MSPCLOCK) -- C:\windows\System32\drivers\MSPCLOCK.sys () DRV - (MSPQM) -- C:\windows\System32\drivers\MSPQM.sys () DRV - (Beep) -- C:\windows\System32\drivers\beep.sys () DRV - (monitor) -- C:\windows\System32\DRIVERS\monitor.sys () DRV - (VgaSave) -- C:\windows\System32\drivers\vga.sys () DRV - (vga) -- C:\windows\System32\DRIVERS\vgapnp.sys () DRV - (discache) -- C:\windows\System32\drivers\discache.sys () DRV - (blbdrive) -- C:\windows\System32\DRIVERS\blbdrive.sys () DRV - (HidBatt) -- C:\windows\System32\drivers\HidBatt.sys () DRV - (ErrDev) -- C:\windows\System32\drivers\errdev.sys () DRV - (CmBatt) -- C:\windows\System32\DRIVERS\CmBatt.sys () DRV - (WmiAcpi) -- C:\windows\System32\drivers\wmiacpi.sys () DRV - (luafv) -- C:\windows\System32\drivers\luafv.sys () DRV - (Filetrace) -- C:\windows\System32\drivers\filetrace.sys () DRV - (exfat) -- C:\windows\System32\drivers\exfat.sys () DRV - (fastfat) -- C:\windows\System32\drivers\fastfat.sys () DRV - (nsiproxy) -- C:\windows\System32\drivers\nsiproxy.sys () DRV - (Npfs) -- C:\windows\System32\drivers\npfs.sys () DRV - (Msfs) -- C:\windows\System32\drivers\msfs.sys () DRV - (i8042prt) -- C:\windows\System32\DRIVERS\i8042prt.sys () DRV - (cdfs) -- C:\windows\System32\DRIVERS\cdfs.sys () DRV - (Null) -- C:\windows\System32\drivers\null.sys () DRV - (intelppm) -- C:\windows\System32\DRIVERS\intelppm.sys () DRV - (ViaC7) -- C:\windows\System32\drivers\viac7.sys () DRV - (Processor) -- C:\windows\System32\drivers\processr.sys () DRV - (FPCIBASE) -- C:\windows\System32\DRIVERS\fpcibase.sys () DRV - (AVMCOWAN) -- C:\windows\System32\DRIVERS\AVMCOWAN.sys () DRV - (IntcHdmiAddService) -- C:\windows\System32\drivers\IntcHdmi.sys () DRV - (enecir) -- C:\windows\System32\drivers\enecir.sys () DRV - (nvsmu) -- C:\windows\System32\drivers\nvsmu.sys () DRV - (e1express) -- C:\windows\System32\DRIVERS\e1e6232.sys () DRV - (e1kexpress) -- C:\windows\System32\DRIVERS\e1k6232.sys () DRV - (enecirhid) -- C:\windows\System32\drivers\enecirhid.sys () DRV - (OxSer) -- C:\windows\System32\drivers\OxSer.sys () DRV - (FscGabi) -- C:\windows\System32\drivers\FscGabi.sys () DRV - (PciSPorts) -- C:\windows\System32\drivers\PciSPorts.sys () DRV - (PciIsaSerial) -- C:\windows\System32\drivers\PciIsaSerial.sys () DRV - (OxPPort) -- C:\Windows\System32\drivers\OxPPort.sys (OEM) DRV - (ITESerial) -- C:\windows\System32\drivers\ITEserial.sys () DRV - (ISASerial) -- C:\windows\System32\drivers\ISASerial.sys () DRV - (enecirhidma) -- C:\windows\System32\drivers\enecirhidma.sys () DRV - (OxPCIeSer) -- C:\windows\System32\drivers\OxPCIeSer.sys () DRV - (oxpar) -- C:\windows\System32\drivers\oxpar.sys () DRV - (FUJ02E3) -- C:\windows\System32\DRIVERS\FUJ02E3.sys () DRV - (FUJ02B1) -- C:\windows\System32\DRIVERS\FUJ02B1.sys () DRV - (PosDrv2K) -- C:\windows\System32\Drivers\PosDrv2K.sys () DRV - (DWCOM) -- C:\windows\System32\drivers\dwcom.sys () DRV - (NmPar) -- C:\windows\System32\drivers\NmPar.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.Awinta.de IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Awinta.de IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\..\SearchScopes\{E9B86382-528A-4111-9381-D66EBD0E7833}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.01.15 09:47:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.12.14 08:47:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.22 11:07:28 | 000,000,000 | ---D | M] [2012.06.25 20:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBK23\AppData\Roaming\mozilla\Extensions [2012.06.25 20:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBK23\AppData\Roaming\mozilla\Extensions\home2@tomtom.com O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20120810161336.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files\NCP\SecureClient\NcpBudgetGui.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpMonitor] C:\Program Files\NCP\SecureClient\ncpmon.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpPopup] C:\Program Files\NCP\SecureClient\ncppopup.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpRsuGui] C:\Program Files\NCP\SecureClient\rwsrsu.exe (NCP engineering GmbH) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059..\Run: [PicPick Start] C:\Programme\PicPick\picpick.exe () O4 - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Apothekenadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBK13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBK23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBR11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBR5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found O4 - Startup: C:\Users\DBR6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBR7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBR8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBR9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\DBRX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EBC4DCF-4FAF-433F-9A5E-E7B168D875A7}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DB67676-4E0B-4250-AA26-2A83136FCC82}: DhcpNameServer = 10.44.212.2 10.44.212.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8115A055-32A8-4D6B-ACF8-14C902308A9B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{778493c1-3f30-11e0-9873-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{778493c1-3f30-11e0-9873-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe O33 - MountPoints2\{cd80cbe0-c181-11df-a737-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cd80cbe0-c181-11df-a737-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{da91cc4f-ca61-11e1-b8ec-4c8093563d98}\Shell - "" = AutoRun O33 - MountPoints2\{da91cc4f-ca61-11e1-b8ec-4c8093563d98}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-1119278486-3806077164-1662528105-1059..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.31 18:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.01.31 15:54:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DBK23\Desktop\OTL.exe [2013.01.28 19:51:00 | 000,000,000 | ---D | C] -- C:\Users\DBK23\AppData\Roaming\Malwarebytes [2013.01.28 19:50:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013.01.28 19:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.28 19:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.28 19:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.28 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\DBK23\AppData\Local\Programs [2013.01.28 19:20:28 | 000,000,000 | ---D | C] -- C:\Users\DBK23\AppData\Local\FixItCenter [2013.01.28 19:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2013.01.28 19:17:33 | 000,000,000 | ---D | C] -- C:\windows\MATS [2013.01.24 09:36:49 | 000,000,000 | ---D | C] -- C:\Users\DBK23\Documents\Oktober 2012 [2013.01.24 09:36:48 | 000,000,000 | ---D | C] -- C:\Users\DBK23\Documents\November 2012 [2013.01.15 11:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6 [2013.01.15 11:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6 [2013.01.11 08:32:42 | 000,000,000 | ---D | C] -- C:\Users\DBK23\Documents\Buchhaltung [2013.01.09 09:04:52 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe [2013.01.09 09:04:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2013.01.09 09:04:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.01.09 09:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 09:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 09:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 09:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 09:04:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 09:04:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 09:04:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 09:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 09:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 09:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 09:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 09:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.01.09 09:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 09:04:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.01.09 09:04:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 09:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 09:04:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 09:04:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 09:04:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.01.09 09:04:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\System32\fpb.rs [2013.01.09 09:04:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\System32\oflc-nz.rs [2013.01.09 09:04:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\System32\csrr.rs [2013.01.09 09:04:12 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\System32\cob-au.rs [2013.01.09 09:04:11 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll [2013.01.09 09:04:11 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wpc.dll [2013.01.09 09:04:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\System32\pegibbfc.rs [2013.01.09 09:04:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\System32\usk.rs [2013.01.09 09:04:11 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\System32\grb.rs [2013.01.09 09:04:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-pt.rs [2013.01.09 09:04:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi.rs [2013.01.09 09:04:11 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\System32\djctq.rs [2013.01.09 09:04:08 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\System32\esrb.rs [2013.01.09 09:04:07 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\System32\cero.rs [2013.01.09 09:04:07 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\System32\oflc.rs [2013.01.09 09:04:07 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-fi.rs [2013.01.09 09:03:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2013.01.09 09:03:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe [2013.01.07 08:11:10 | 000,000,000 | ---D | C] -- C:\Users\DBK23\Documents\PHARMA TEAM [1 C:\Users\DBK23\Documents\*.tmp files -> C:\Users\DBK23\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.31 20:06:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.31 20:06:49 | 2751,426,560 | -HS- | M] () -- C:\hiberfil.sys [2013.01.31 18:15:35 | 000,019,616 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.31 18:15:35 | 000,019,616 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.31 18:12:52 | 000,657,676 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.01.31 18:12:52 | 000,618,912 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.01.31 18:12:52 | 000,131,016 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.01.31 18:12:52 | 000,107,232 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.01.31 17:47:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.01.31 17:28:17 | 000,000,000 | ---- | M] () -- C:\Users\DBK23\defogger_reenable [2013.01.31 15:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DBK23\Desktop\OTL.exe [2013.01.31 08:38:17 | 005,152,319 | ---- | M] () -- C:\Users\DBK23\Documents\1112.zip [2013.01.31 08:37:06 | 000,248,417 | ---- | M] () -- C:\Users\DBK23\Documents\13_01_31_Apotheke_am_Brudertor_59494_Soest.pdf [2013.01.29 11:06:53 | 000,016,176 | ---- | M] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_2012_Sued.pdf [2013.01.29 11:06:53 | 000,015,473 | ---- | M] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_1212_sued.pdf [2013.01.29 11:01:14 | 000,015,851 | ---- | M] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_2012_HANSA.pdf [2013.01.29 11:01:14 | 000,015,486 | ---- | M] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_1212_HANSA.pdf [2013.01.29 10:57:44 | 000,006,422 | ---- | M] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_2012_Hellweg.pdf [2013.01.29 10:57:44 | 000,006,062 | ---- | M] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_DEZ12_Hellweg.pdf [2013.01.29 10:28:00 | 000,013,570 | ---- | M] () -- C:\Users\DBK23\Documents\TAGESABSCHLUSS_2012_BRUEDERTOR.pdf [2013.01.29 10:25:42 | 000,012,753 | ---- | M] () -- C:\Users\DBK23\Documents\TAGESABSCHLUSS_DEZ_BRUEDERTOR.pdf [2013.01.28 19:50:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.28 19:17:33 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk [2013.01.23 21:33:10 | 000,072,165 | ---- | M] () -- C:\Users\DBK23\Desktop\Protokoll Meeting Filialleiter Apotheken Herrn Hufnagels 10.1.2013.pdf [2013.01.22 20:47:07 | 000,779,365 | ---- | M] () -- C:\Users\DBK23\Desktop\BTM-im-Altersheim.pdf.xunvixk.partial [2013.01.21 12:19:50 | 000,216,701 | ---- | M] () -- C:\DEVK.pdf [2013.01.17 13:53:41 | 000,000,031 | ---- | M] () -- C:\DLGGLOB.DAT [2013.01.15 07:58:30 | 000,060,288 | ---- | M] () -- C:\windows\System32\drivers\67cf29f3c2300003.sys [2013.01.14 11:32:47 | 000,027,988 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.14 11:32:46 | 000,027,988 | -HS- | M] () -- C:\Users\DBK23\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.14 09:41:57 | 000,527,752 | ---- | M] () -- C:\dru.dat [2013.01.10 14:42:54 | 000,001,842 | ---- | M] () -- C:\Users\DBK23\Desktop\packshot-internet-calcium-d3-stada-1000-mg880-i-e-brausetabletten - Verknüpfung.lnk [2013.01.10 14:40:08 | 000,085,813 | ---- | M] () -- C:\Users\DBK23\Documents\calciumd3stada.jpg [2013.01.10 14:39:40 | 000,115,369 | ---- | M] () -- C:\Users\DBK23\Documents\packshot-internet-ginkgo-stada-tropfen.jpg [2013.01.10 14:39:14 | 000,059,290 | ---- | M] () -- C:\Users\DBK23\Documents\packshot-internet-amorolfin-stada-5%-wirkstoffhaltiger-nagellack.jpg [2013.01.10 14:38:56 | 000,032,968 | ---- | M] () -- C:\Users\DBK23\Documents\packshot-internet-silymarin-stada-167-mg-hartkapseln.jpg [2013.01.10 14:02:20 | 000,005,691 | ---- | M] () -- C:\result.xml [2013.01.09 15:49:05 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.01.09 15:49:05 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.01.09 11:08:23 | 000,392,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.01.08 10:04:29 | 001,754,323 | ---- | M] () -- C:\Users\DBK23\Documents\2012_07_Ueberweiser_ElacElysee_Selbstausdruck.pdf [1 C:\Users\DBK23\Documents\*.tmp files -> C:\Users\DBK23\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.31 17:28:17 | 000,000,000 | ---- | C] () -- C:\Users\DBK23\defogger_reenable [2013.01.31 08:38:16 | 005,152,319 | ---- | C] () -- C:\Users\DBK23\Documents\1112.zip [2013.01.31 08:37:06 | 000,248,417 | ---- | C] () -- C:\Users\DBK23\Documents\13_01_31_Apotheke_am_Brudertor_59494_Soest.pdf [2013.01.29 11:06:53 | 000,016,176 | ---- | C] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_2012_Sued.pdf [2013.01.29 11:06:53 | 000,015,473 | ---- | C] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_1212_sued.pdf [2013.01.29 11:01:14 | 000,015,851 | ---- | C] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_2012_HANSA.pdf [2013.01.29 11:01:14 | 000,015,486 | ---- | C] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_1212_HANSA.pdf [2013.01.29 10:57:44 | 000,006,422 | ---- | C] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_2012_Hellweg.pdf [2013.01.29 10:57:44 | 000,006,062 | ---- | C] () -- C:\Users\DBK23\Documents\Druck Tagesabschluss_DEZ12_Hellweg.pdf [2013.01.29 10:28:00 | 000,013,570 | ---- | C] () -- C:\Users\DBK23\Documents\TAGESABSCHLUSS_2012_BRUEDERTOR.pdf [2013.01.29 10:25:40 | 000,012,753 | ---- | C] () -- C:\Users\DBK23\Documents\TAGESABSCHLUSS_DEZ_BRUEDERTOR.pdf [2013.01.28 19:50:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.28 19:17:33 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk [2013.01.28 19:17:33 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk [2013.01.23 21:33:10 | 000,072,165 | ---- | C] () -- C:\Users\DBK23\Desktop\Protokoll Meeting Filialleiter Apotheken Herrn Hufnagels 10.1.2013.pdf [2013.01.22 20:47:07 | 000,779,365 | ---- | C] () -- C:\Users\DBK23\Desktop\BTM-im-Altersheim.pdf.xunvixk.partial [2013.01.21 12:19:50 | 000,216,701 | ---- | C] () -- C:\DEVK.pdf [2013.01.15 07:58:30 | 000,060,288 | ---- | C] () -- C:\windows\System32\drivers\67cf29f3c2300003.sys [2013.01.14 11:30:20 | 000,027,988 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.14 11:30:19 | 000,027,988 | -HS- | C] () -- C:\Users\DBK23\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.10 14:42:54 | 000,001,842 | ---- | C] () -- C:\Users\DBK23\Desktop\packshot-internet-calcium-d3-stada-1000-mg880-i-e-brausetabletten - Verknüpfung.lnk [2013.01.10 14:40:08 | 000,085,813 | ---- | C] () -- C:\Users\DBK23\Documents\calciumd3stada.jpg [2013.01.10 14:39:40 | 000,115,369 | ---- | C] () -- C:\Users\DBK23\Documents\packshot-internet-ginkgo-stada-tropfen.jpg [2013.01.10 14:39:14 | 000,059,290 | ---- | C] () -- C:\Users\DBK23\Documents\packshot-internet-amorolfin-stada-5%-wirkstoffhaltiger-nagellack.jpg [2013.01.10 14:38:55 | 000,032,968 | ---- | C] () -- C:\Users\DBK23\Documents\packshot-internet-silymarin-stada-167-mg-hartkapseln.jpg [2013.01.09 09:05:17 | 002,345,984 | ---- | C] () -- C:\windows\System32\win32k.sys [2013.01.08 10:04:25 | 001,754,323 | ---- | C] () -- C:\Users\DBK23\Documents\2012_07_Ueberweiser_ElacElysee_Selbstausdruck.pdf [2012.12.21 15:00:32 | 000,295,424 | ---- | C] () -- C:\windows\System32\atmfd.dll [2012.11.28 16:46:29 | 000,146,872 | ---- | C] () -- C:\windows\System32\drivers\HipShieldK.sys [2012.11.15 11:35:49 | 000,014,848 | ---- | C] () -- C:\windows\System32\drivers\rdpvideominiport.sys [2012.11.15 11:35:48 | 000,049,664 | ---- | C] () -- C:\windows\System32\drivers\TsUsbFlt.sys [2012.11.15 11:35:48 | 000,027,136 | ---- | C] () -- C:\windows\System32\drivers\TsUsbGD.sys [2012.11.15 11:35:47 | 000,221,184 | ---- | C] () -- C:\windows\System32\rdpudd.dll [2012.11.15 11:28:28 | 000,526,952 | ---- | C] () -- C:\windows\System32\drivers\Wdf01000.sys [2012.11.15 11:28:28 | 000,047,720 | ---- | C] () -- C:\windows\System32\drivers\WdfLdr.sys [2012.11.15 11:27:56 | 000,155,136 | ---- | C] () -- C:\windows\System32\drivers\WUDFRd.sys [2012.11.15 11:27:56 | 000,066,560 | ---- | C] () -- C:\windows\System32\drivers\WUDFPf.sys [2012.11.15 08:51:02 | 001,293,680 | ---- | C] () -- C:\windows\System32\drivers\tcpip.sys [2012.11.15 08:50:59 | 000,035,328 | ---- | C] () -- C:\windows\System32\drivers\tcpipreg.sys [2012.11.15 08:50:39 | 000,136,560 | ---- | C] () -- C:\windows\System32\drivers\ksecpkg.sys [2012.11.15 08:50:38 | 000,369,856 | ---- | C] () -- C:\windows\System32\drivers\cng.sys [2012.10.10 08:09:37 | 001,211,760 | ---- | C] () -- C:\windows\System32\drivers\ntfs.sys [2012.10.10 08:09:32 | 003,968,880 | ---- | C] () -- C:\windows\System32\ntkrnlpa.exe [2012.09.28 10:32:56 | 000,044,544 | ---- | C] () -- C:\windows\System32\drivers\usbaapl.sys [2012.09.13 14:07:51 | 000,712,048 | ---- | C] () -- C:\windows\System32\drivers\ndis.sys [2012.09.13 14:07:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\RNDISMP.sys [2012.09.13 14:07:48 | 000,240,496 | ---- | C] () -- C:\windows\System32\drivers\netio.sys [2012.09.13 14:07:48 | 000,187,760 | ---- | C] () -- C:\windows\System32\drivers\FWPKCLNT.SYS [2012.09.11 09:32:13 | 000,082,960 | ---- | C] () -- C:\windows\System32\drivers\ncplelhp.sys [2012.09.05 09:37:35 | 000,019,824 | ---- | C] () -- C:\windows\System32\drivers\fs_rec.sys [2012.09.05 09:09:29 | 000,024,576 | ---- | C] () -- C:\windows\System32\drivers\tdtcp.sys [2012.09.05 08:57:53 | 000,000,170 | ---- | C] () -- C:\windows\ODBCINST.INI [2012.09.05 08:53:24 | 000,434,240 | ---- | C] () -- C:\windows\System32\LIBIPF32.DLL [2012.09.05 08:53:24 | 000,032,256 | ---- | C] () -- C:\windows\System32\IPF32.DLL [2012.09.05 08:44:21 | 000,000,111 | ---- | C] () -- C:\windows\VsaInstall.ini [2012.07.12 12:40:50 | 000,067,440 | ---- | C] () -- C:\windows\System32\drivers\ksecdd.sys [2012.07.10 09:34:13 | 000,120,320 | ---- | C] () -- C:\windows\System32\drivers\cmntnet.sys [2012.07.10 09:34:13 | 000,112,640 | ---- | C] () -- C:\windows\System32\drivers\cm_net32.sys [2012.07.10 09:34:13 | 000,103,424 | ---- | C] () -- C:\windows\System32\drivers\cmnsusbser.sys [2012.07.05 13:11:24 | 000,183,808 | ---- | C] () -- C:\windows\System32\drivers\rdpwd.sys [2012.06.26 19:02:56 | 000,145,112 | -H-- | C] () -- C:\windows\System32\mlfcache.dat [2012.05.15 10:19:20 | 000,000,112 | ---- | C] () -- C:\windows\ODBC.INI [2012.05.15 09:53:55 | 000,056,176 | ---- | C] () -- C:\windows\System32\drivers\partmgr.sys [2012.05.15 09:51:08 | 000,007,605 | ---- | C] () -- C:\Users\DBK23\AppData\Local\Resmon.ResmonCfg [2012.01.17 10:13:01 | 000,282,792 | ---- | C] () -- C:\windows\System32\drivers\e1c6232.sys [2011.12.21 13:11:35 | 000,414,824 | ---- | C] () -- C:\windows\System32\drivers\Rt86win7.sys [2011.12.21 13:11:35 | 000,086,392 | ---- | C] () -- C:\windows\System32\drivers\snxppalx.sys [2011.12.21 13:11:35 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2011.12.21 13:11:35 | 000,078,712 | ---- | C] () -- C:\windows\System32\drivers\snxpserx.sys [2011.12.21 13:11:32 | 003,546,664 | ---- | C] () -- C:\windows\System32\drivers\RTKVHDA.sys [2011.12.21 13:11:30 | 000,150,996 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT [2011.12.21 13:11:23 | 000,120,320 | ---- | C] () -- C:\windows\System32\drivers\StnSport.sys [2011.12.21 13:11:23 | 000,083,456 | ---- | C] () -- C:\windows\System32\drivers\StnPport.sys [2011.12.21 13:11:23 | 000,022,774 | ---- | C] () -- C:\windows\System32\StnLang.ini [2011.12.21 13:11:23 | 000,019,456 | ---- | C] () -- C:\windows\System32\StnCoInst.dll [2011.12.21 13:11:22 | 000,103,512 | ---- | C] () -- C:\windows\System32\drivers\jraid.sys [2011.12.21 13:11:21 | 000,265,384 | ---- | C] () -- C:\windows\System32\drivers\e1q6232.sys [2011.12.21 13:11:17 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin [2011.12.21 13:11:15 | 000,217,536 | ---- | C] () -- C:\windows\System32\igfcg600m.bin [2011.12.21 13:11:15 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll [2011.12.21 13:11:14 | 010,858,496 | ---- | C] () -- C:\windows\System32\drivers\igdkmd32.sys [2011.12.21 13:11:14 | 000,056,832 | ---- | C] () -- C:\windows\System32\igdde32.dll [2011.12.21 13:11:13 | 013,903,872 | ---- | C] () -- C:\windows\System32\ig4icd32.dll [2011.12.21 13:11:11 | 000,462,104 | ---- | C] () -- C:\windows\System32\drivers\iaStor.sys [2011.12.21 13:11:11 | 000,270,336 | ---- | C] () -- C:\windows\System32\drivers\IntcDAud.sys [2011.12.21 13:11:11 | 000,073,096 | ---- | C] () -- C:\windows\System32\drivers\ftser2k.sys [2011.12.21 13:11:11 | 000,060,552 | ---- | C] () -- C:\windows\System32\drivers\ftdibus.sys [2011.12.21 13:11:11 | 000,041,088 | ---- | C] () -- C:\windows\System32\drivers\HECI.sys [2011.12.21 13:11:10 | 000,315,880 | ---- | C] () -- C:\windows\System32\drivers\asmtxhci.sys [2011.12.21 13:11:10 | 000,101,352 | ---- | C] () -- C:\windows\System32\drivers\asmthub3.sys [2011.12.20 13:43:39 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011.12.20 13:30:21 | 000,038,912 | ---- | C] () -- C:\windows\System32\csrsrv.dll [2011.10.28 10:08:19 | 000,338,944 | ---- | C] () -- C:\windows\System32\drivers\afd.sys [2011.10.28 10:08:16 | 000,311,808 | ---- | C] () -- C:\windows\System32\drivers\srv.sys [2011.10.28 10:08:16 | 000,310,272 | ---- | C] () -- C:\windows\System32\drivers\srv2.sys [2011.10.28 10:08:16 | 000,223,744 | ---- | C] () -- C:\windows\System32\drivers\mrxsmb10.sys [2011.10.28 10:08:16 | 000,123,904 | ---- | C] () -- C:\windows\System32\drivers\mrxsmb.sys [2011.10.28 10:08:16 | 000,114,688 | ---- | C] () -- C:\windows\System32\drivers\srvnet.sys [2011.10.28 10:08:16 | 000,096,768 | ---- | C] () -- C:\windows\System32\drivers\mrxsmb20.sys [2011.08.02 15:38:44 | 000,018,432 | ---- | C] () -- C:\windows\System32\drivers\netaapl.sys [2011.06.03 12:26:43 | 000,027,008 | ---- | C] () -- C:\windows\System32\drivers\Diskdump.sys [2011.06.03 12:02:18 | 007,435,264 | ---- | C] () -- C:\windows\System32\drivers\NETwNs32.sys [2011.06.03 11:49:56 | 000,332,160 | ---- | C] () -- C:\windows\System32\drivers\iaStorV.sys [2011.06.03 11:49:56 | 000,148,864 | ---- | C] () -- C:\windows\System32\drivers\storport.sys [2011.06.03 11:49:56 | 000,143,744 | ---- | C] () -- C:\windows\System32\drivers\nvstor.sys [2011.06.03 11:49:56 | 000,117,120 | ---- | C] () -- C:\windows\System32\drivers\nvraid.sys [2011.06.03 11:49:56 | 000,080,256 | ---- | C] () -- C:\windows\System32\drivers\amdsata.sys [2011.06.03 11:49:56 | 000,076,288 | ---- | C] () -- C:\windows\System32\drivers\USBSTOR.SYS [2011.06.03 11:49:56 | 000,022,400 | ---- | C] () -- C:\windows\System32\drivers\amdxata.sys [2011.06.03 11:49:55 | 000,284,672 | ---- | C] () -- C:\windows\System32\drivers\usbport.sys [2011.06.03 11:49:55 | 000,258,560 | ---- | C] () -- C:\windows\System32\drivers\usbhub.sys [2011.06.03 11:49:55 | 000,075,776 | ---- | C] () -- C:\windows\System32\drivers\usbccgp.sys [2011.06.03 11:49:55 | 000,043,008 | ---- | C] () -- C:\windows\System32\drivers\usbehci.sys [2011.06.03 11:49:55 | 000,024,064 | ---- | C] () -- C:\windows\System32\drivers\usbuhci.sys [2011.06.03 11:49:55 | 000,020,480 | ---- | C] () -- C:\windows\System32\drivers\usbohci.sys [2011.06.03 11:49:55 | 000,005,888 | ---- | C] () -- C:\windows\System32\drivers\usbd.sys [2011.04.13 13:16:52 | 000,069,632 | ---- | C] () -- C:\windows\System32\drivers\bowser.sys [2011.02.23 13:27:45 | 000,867,020 | ---- | C] () -- C:\windows\System32\igkrng575.bin [2011.02.23 13:27:44 | 000,128,204 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin [2011.02.23 13:27:44 | 000,105,420 | ---- | C] () -- C:\windows\System32\igfcg575m.bin [2011.02.23 11:09:58 | 000,021,318 | ---- | C] () -- C:\windows\Ascd_tmp.ini [2011.02.23 11:09:19 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini [2011.02.22 22:47:01 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin [2011.02.22 22:47:01 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll [2011.02.22 17:45:21 | 000,219,008 | ---- | C] () -- C:\windows\System32\drivers\dxgmms1.sys [2011.02.22 17:01:53 | 000,190,976 | ---- | C] () -- C:\windows\System32\drivers\ks.sys [2011.02.22 17:01:53 | 000,115,712 | ---- | C] () -- C:\windows\System32\drivers\mrxdav.sys [2011.02.22 17:01:53 | 000,078,208 | ---- | C] () -- C:\windows\System32\drivers\mountmgr.sys [2011.02.22 17:01:53 | 000,048,640 | ---- | C] () -- C:\windows\System32\drivers\ndproxy.sys [2011.02.22 17:01:53 | 000,028,032 | ---- | C] () -- C:\windows\System32\drivers\msahci.sys [2011.02.22 17:01:53 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDPO.DLL [2011.02.22 17:01:53 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDINBEN.DLL [2011.02.22 17:01:53 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDUS.DLL [2011.02.22 17:01:53 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDINTEL.DLL [2011.02.22 17:01:53 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDBULG.DLL [2011.02.22 17:01:52 | 000,274,304 | ---- | C] () -- C:\windows\System32\drivers\acpi.sys [2011.02.22 17:01:52 | 000,194,432 | ---- | C] () -- C:\windows\System32\halmacpi.dll [2011.02.22 17:01:52 | 000,194,432 | ---- | C] () -- C:\windows\System32\hal.dll [2011.02.22 17:01:52 | 000,164,864 | ---- | C] () -- C:\windows\System32\drivers\1394ohci.sys [2011.02.22 17:01:52 | 000,137,088 | ---- | C] () -- C:\windows\System32\halacpi.dll [2011.02.22 17:01:52 | 000,132,992 | ---- | C] () -- C:\windows\System32\drivers\ataport.sys [2011.02.22 17:01:52 | 000,065,536 | ---- | C] () -- C:\windows\System32\drivers\IPMIDrv.sys [2011.02.22 17:01:52 | 000,062,464 | ---- | C] () -- C:\windows\System32\drivers\dmvsc.sys [2011.02.22 17:01:51 | 000,173,440 | ---- | C] () -- C:\windows\System32\drivers\rdyboost.sys [2011.02.22 17:01:51 | 000,121,856 | ---- | C] () -- C:\windows\System32\RDPENCDD.dll [2011.02.22 17:01:51 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe [2011.02.22 17:01:51 | 000,063,488 | ---- | C] () -- C:\windows\System32\drivers\wanarp.sys [2011.02.22 17:01:51 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\vms3cap.sys [2011.02.22 17:01:50 | 000,085,376 | ---- | C] () -- C:\windows\System32\drivers\sbp2port.sys [2011.02.22 17:01:50 | 000,012,800 | ---- | C] () -- C:\windows\System32\drivers\sffp_sd.sys [2011.02.22 17:01:48 | 000,520,064 | ---- | C] () -- C:\windows\System32\mcupdate_GenuineIntel.dll [2011.02.22 17:01:48 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDTUQ.DLL [2011.02.22 17:01:48 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDTUF.DLL [2011.02.22 17:01:48 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDNEPR.DLL [2011.02.22 17:01:48 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDBLR.DLL [2011.02.22 17:01:48 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDBASH.DLL [2011.02.22 17:01:47 | 000,118,784 | ---- | C] () -- C:\windows\System32\drivers\ndiswan.sys [2011.02.22 17:01:44 | 000,245,632 | ---- | C] () -- C:\windows\System32\drivers\volsnap.sys [2011.02.22 17:01:44 | 000,006,656 | ---- | C] () -- C:\windows\System32\drivers\RDPCDD.sys [2011.02.22 17:01:43 | 000,026,624 | ---- | C] () -- C:\windows\System32\drivers\scfilter.sys [2011.02.22 17:01:42 | 000,690,680 | ---- | C] () -- C:\windows\System32\ci.dll [2011.02.22 17:01:42 | 000,242,688 | ---- | C] () -- C:\windows\System32\drivers\rdbss.sys [2011.02.22 17:01:42 | 000,233,344 | ---- | C] () -- C:\windows\System32\drivers\msiscsi.sys [2011.02.22 17:01:42 | 000,130,432 | ---- | C] () -- C:\windows\System32\drivers\mpio.sys [2011.02.22 17:01:42 | 000,116,096 | ---- | C] () -- C:\windows\System32\drivers\msdsm.sys [2011.02.22 17:01:42 | 000,107,520 | ---- | C] () -- C:\windows\System32\cdd.dll [2011.02.22 17:01:42 | 000,046,080 | ---- | C] () -- C:\windows\System32\drivers\ndisuio.sys [2011.02.22 17:01:42 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\kbdhid.sys [2011.02.22 17:01:42 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDGR1.DLL [2011.02.22 17:01:42 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDUGHR1.DLL [2011.02.22 17:01:42 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDTAJIK.DLL [2011.02.22 17:01:42 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDMON.DLL [2011.02.22 17:01:42 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDMAORI.DLL [2011.02.22 17:01:42 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDINORI.DLL [2011.02.22 17:01:41 | 000,728,448 | ---- | C] () -- C:\windows\System32\drivers\dxgkrnl.sys [2011.02.22 17:01:41 | 000,513,536 | ---- | C] () -- C:\windows\System32\drivers\http.sys [2011.02.22 17:01:41 | 000,194,800 | ---- | C] () -- C:\windows\System32\drivers\fvevol.sys [2011.02.22 17:01:41 | 000,078,336 | ---- | C] () -- C:\windows\System32\drivers\dfsc.sys [2011.02.22 17:01:41 | 000,050,176 | ---- | C] () -- C:\windows\System32\drivers\appid.sys [2011.02.22 17:01:41 | 000,039,936 | ---- | C] () -- C:\windows\System32\drivers\umbus.sys [2011.02.22 17:01:41 | 000,031,232 | ---- | C] () -- C:\windows\System32\drivers\tssecsrv.sys [2011.02.22 17:01:41 | 000,014,208 | ---- | C] () -- C:\windows\System32\drivers\hwpolicy.sys [2011.02.22 17:01:40 | 000,074,752 | ---- | C] () -- C:\windows\System32\drivers\tdx.sys [2011.02.22 17:01:39 | 000,021,504 | ---- | C] () -- C:\windows\System32\drivers\tdi.sys [2011.02.22 17:01:38 | 000,040,704 | ---- | C] () -- C:\windows\System32\drivers\vmstorfl.sys [2011.02.22 17:01:37 | 000,140,160 | ---- | C] () -- C:\windows\System32\drivers\scsiport.sys [2011.02.22 17:01:37 | 000,028,032 | ---- | C] () -- C:\windows\System32\drivers\storvsc.sys [2011.02.22 17:01:37 | 000,026,624 | ---- | C] () -- C:\windows\System32\RDPREFDD.dll [2011.02.22 17:01:36 | 000,213,504 | ---- | C] () -- C:\windows\System32\rdpdd.dll [2011.02.22 17:01:36 | 000,133,632 | ---- | C] () -- C:\windows\System32\drivers\rdpdr.sys [2011.02.22 17:01:35 | 000,117,760 | ---- | C] () -- C:\windows\System32\drivers\rmcast.sys [2011.02.22 17:01:34 | 000,187,904 | ---- | C] () -- C:\windows\System32\drivers\netbt.sys [2011.02.22 17:01:34 | 000,175,360 | ---- | C] () -- C:\windows\System32\drivers\vmbus.sys [2011.02.22 17:01:34 | 000,153,984 | ---- | C] () -- C:\windows\System32\drivers\pci.sys [2011.02.22 17:01:34 | 000,017,920 | ---- | C] () -- C:\windows\System32\drivers\VMBusHID.sys [2011.02.22 17:01:33 | 000,246,784 | ---- | C] () -- C:\windows\System32\drivers\udfs.sys [2011.02.22 17:01:33 | 000,160,128 | ---- | C] () -- C:\windows\System32\drivers\vhdmp.sys [2011.02.22 17:01:33 | 000,108,544 | ---- | C] () -- C:\windows\System32\drivers\tunnel.sys [2011.02.22 17:01:33 | 000,053,120 | ---- | C] () -- C:\windows\System32\drivers\volmgr.sys [2011.02.22 17:01:32 | 000,508,904 | ---- | C] () -- C:\windows\System32\winload.exe [2011.02.22 17:01:31 | 000,053,120 | ---- | C] () -- C:\windows\System32\drivers\termdd.sys [2011.02.22 17:01:31 | 000,035,968 | ---- | C] () -- C:\windows\System32\drivers\winusb.sys [2011.02.22 17:01:31 | 000,024,064 | ---- | C] () -- C:\windows\System32\drivers\hidusb.sys [2011.02.22 17:01:31 | 000,018,432 | ---- | C] () -- C:\windows\System32\drivers\tdpipe.sys [2011.02.22 17:01:30 | 000,388,096 | ---- | C] () -- C:\windows\System32\drivers\csc.sys [2011.02.22 17:01:30 | 000,108,544 | ---- | C] () -- C:\windows\System32\drivers\hdaudbus.sys [2011.02.22 17:01:30 | 000,108,544 | ---- | C] () -- C:\windows\System32\drivers\cdrom.sys [2011.02.22 17:01:30 | 000,055,808 | ---- | C] () -- C:\windows\System32\drivers\hidclass.sys [2011.02.22 17:01:30 | 000,031,232 | ---- | C] () -- C:\windows\System32\drivers\CompositeBus.sys [2011.02.22 17:01:30 | 000,010,240 | ---- | C] () -- C:\windows\System32\drivers\acpipmi.sys [2011.02.22 17:01:30 | 000,007,168 | ---- | C] () -- C:\windows\System32\KBDSG.DLL [2011.02.22 17:01:30 | 000,007,168 | ---- | C] () -- C:\windows\System32\kbdlk41a.dll [2011.02.22 17:01:30 | 000,007,168 | ---- | C] () -- C:\windows\System32\KBDCZ1.DLL [2011.02.22 17:01:30 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDSF.DLL [2011.02.22 17:01:30 | 000,006,656 | ---- | C] () -- C:\windows\System32\KBDGKL.DLL [2011.02.22 17:01:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDTURME.DLL [2011.02.22 17:01:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDLT1.DLL [2011.02.22 17:01:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDINTAM.DLL [2011.02.22 17:01:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDINMAR.DLL [2011.02.22 17:01:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDINKAN.DLL [2011.02.22 17:01:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\KBDINHIN.DLL [2011.02.22 17:01:30 | 000,005,632 | ---- | C] () -- C:\windows\System32\KBDGEO.DLL [2011.02.16 15:52:46 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\wdcsam.sys [2010.05.21 09:28:01 | 000,000,498 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.01.2013 20:08:18 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DBK23\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,42 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 73,52% Memory free
7,42 Gb Paging File | 6,47 Gb Available in Paging File | 87,20% Paging File free
Paging file location(s): c:\pagefile.sys 4095 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,27 Gb Total Space | 380,40 Gb Free Space | 81,76% Space Free | Partition Type: NTFS
Computer Name: PRODBK23 | User Name: DBK23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DosHere] -- C:\WINDOWS\System32\cmd.exe /k cd /d "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15CB706D-19E4-44B1-88F9-C691864C5E15}" = StarMoney 8.0 apoEdition
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69261DCF-9029-40F4-A42C-EC83BB7788F2}_is1" = Able2Extract 7.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"DB2Uninst" = DB2
"DFÜ-Speed" = DFÜ-Speed
"EBay Datev Schnittstelle_is1" = EBay Datev Schnittstelle Version 1.06.4
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MSC" = McAfee Internet Security Suite
"NCP RWS/GA" = NCP Secure Entry Client
"NetMos Technology" = NetMos Multi-IO Controller
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PicPick" = PicPick
"Ravensburger tiptoi" = Ravensburger tiptoi
"TomTom HOME" = TomTom HOME 2.8.4.2596
"Trojancheck_is1" = Trojancheck 6
"TVWiz" = Intel(R) TV Wizard
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1119278486-3806077164-1662528105-1059\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.0_b7" = ActiveTrader 5.4.0_b7
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.12.2012 03:47:24 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xb90 Startzeit der fehlerhaften Anwendung: 0x01cdd9ceef8a0c44 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
7f71e4e2-45c2-11e2-a4b9-4c8093563d98
Error - 14.12.2012 05:44:33 | Computer Name = PRODBK23 | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1fe0 Startzeit: 01cdd9da3e5e73a7 Endzeit: 40 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 15.12.2012 04:59:24 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xb48 Startzeit der fehlerhaften Anwendung: 0x01cddaa214bb6ae1 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
b8d59630-4695-11e2-bbaa-4c8093563d98
Error - 15.12.2012 05:27:37 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xc68 Startzeit der fehlerhaften Anwendung: 0x01cddaa659fa82e9 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
a9a3d8d0-4699-11e2-bc2e-4c8093563d98
Error - 16.12.2012 06:10:36 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xf14 Startzeit der fehlerhaften Anwendung: 0x01cddb74d9cad0f9 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
d51eeefa-4768-11e2-bd8d-4c8093563d98
Error - 16.12.2012 15:39:18 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xc30 Startzeit der fehlerhaften Anwendung: 0x01cddbc502e36155 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
474c9ef2-47b8-11e2-bdde-4c8093563d98
Error - 17.12.2012 03:21:41 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xc38 Startzeit der fehlerhaften Anwendung: 0x01cddc27177448a0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
66dbce7f-481a-11e2-be52-4c8093563d98
Error - 17.12.2012 04:21:42 | Computer Name = PRODBK23 | Source = Application Hang | ID = 1002
Description = Programm EBay2Datev.exe, Version 1.6.4.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1308 Startzeit:
01cddc2f17ecc542 Endzeit: 23 Anwendungspfad: C:\Program Files\EBay2Datev\EBay2Datev.exe
Berichts-ID:
c6796008-4822-11e2-be52-4c8093563d98
Error - 17.12.2012 09:58:13 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xb44 Startzeit der fehlerhaften Anwendung: 0x01cddc5e4796d602 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
cbaa4f44-4851-11e2-884f-4c8093563d98
Error - 18.12.2012 04:48:43 | Computer Name = PRODBK23 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.5.43.3,
Zeitstempel: 0x502db3a4 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00014500 ID des fehlerhaften
Prozesses: 0xc68 Startzeit der fehlerhaften Anwendung: 0x01cddcfc6d818f7e Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
b992d791-48ef-11e2-99f0-4c8093563d98
[ System Events ]
Error - 31.01.2013 15:06:59 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 31.01.2013 15:07:03 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 31.01.2013 15:07:03 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 31.01.2013 15:07:03 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst
"McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 31.01.2013 15:07:12 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust
Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error - 31.01.2013 15:07:12 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation
Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1068
Error - 31.01.2013 15:07:12 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfehidk mfewfpk
Error - 31.01.2013 15:07:37 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 31.01.2013 15:07:37 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 31.01.2013 15:09:14 | Computer Name = PRODBK23 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%5
< End of report >
|
|
01.02.2013, 00:38
| #4 |
| /// Helfer-Team | Malwarebyte findet exploit drop gs !Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - (67cf29f3c2300003) -- C:\windows\System32\drivers\67cf29f3c2300003.sys ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
[2013.01.14 11:32:47 | 000,027,988 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013.01.14 11:32:46 | 000,027,988 | -HS- | M] () -- C:\Users\DBK23\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\DBK23\*.tmp
C:\Users\DBK23\AppData\Local\Temp\*.exe
C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
01.02.2013, 13:04
| #5 |
| | Malwarebyte findet exploit drop gs ! All processes killed ========== OTL ========== Error: No service named 67cf29f3c2300003 was found to stop! Service\Driver key 67cf29f3c2300003 not found. File C:\windows\System32\drivers\67cf29f3c2300003.sys not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully. C:\Users\DBK23\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\DBK23\*.tmp not found. File\Folder C:\Users\DBK23\AppData\Local\Temp\*.exe not found. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\DBK23\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\DBK23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\DBK23\Desktop\cmd.bat deleted successfully. C:\Users\DBK23\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Apothekenadmin ->Temp folder emptied: 165626 bytes ->Temporary Internet Files folder emptied: 1147250 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBK13 ->Temp folder emptied: 53116 bytes ->Temporary Internet Files folder emptied: 1913677 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBK23 ->Temp folder emptied: 220009758 bytes ->Temporary Internet Files folder emptied: 463358114 bytes ->Flash cache emptied: 2668 bytes User: DBR11 ->Temp folder emptied: 84065 bytes ->Temporary Internet Files folder emptied: 888314 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBR5 ->Temp folder emptied: 684 bytes ->Temporary Internet Files folder emptied: 888240 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBR6 ->Temp folder emptied: 684 bytes ->Temporary Internet Files folder emptied: 888240 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBR7 ->Temp folder emptied: 684 bytes ->Temporary Internet Files folder emptied: 888240 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBR8 ->Temp folder emptied: 684 bytes ->Temporary Internet Files folder emptied: 888240 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBR9 ->Temp folder emptied: 684 bytes ->Temporary Internet Files folder emptied: 888240 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: DBRX ->Temp folder emptied: 684 bytes ->Temporary Internet Files folder emptied: 888240 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: Default ->Temp folder emptied: 684 bytes ->Temporary Internet Files folder emptied: 888240 bytes ->Java cache emptied: 19563682 bytes ->Flash cache emptied: 456 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4479408 bytes Session Manager Temp folder emptied: 8512829705 bytes Session Manager Tmp folder emptied: 31125442 bytes RecycleBin emptied: 1119288004 bytes Total Files Cleaned = 10.068,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02012013_080815 Files\Folders moved on Reboot... C:\Users\DBK23\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\TEMP\{7FCD9351-B22C-418C-95E9-EFC78AB7802C}\fpi.tmp not found! File\Folder C:\TEMP\{5E2923A3-04F7-4761-B3D4-8AACDBEE188D}\fpi.tmp not found! File\Folder C:\TEMP\vso_dat_extract\avvclean.dat not found! File\Folder C:\TEMP\vso_dat_extract\avvnames.dat not found! File\Folder C:\TEMP\vso_dat_extract\avvscan.dat not found! File\Folder C:\TEMP\mcafee\vtpfix\mfehidin.log not found! File\Folder C:\TEMP\mca935.tmp\gdeltaavv.ini not found! File\Folder C:\TEMP\mca2F7C.tmp\avvclean.dat not found! File\Folder C:\TEMP\mca2F7C.tmp\avvnames.dat not found! File\Folder C:\TEMP\mca2F7C.tmp\avvscan.dat not found! C:\TEMP\etilqs_0BUU76SPWGCYfXezwvai moved successfully. C:\TEMP\etilqs_ltqPV0ybUpkKtN232cOU moved successfully. C:\TEMP\etilqs_oOEE4eGnjcz7iD0XXSuK moved successfully. C:\TEMP\etilqs_qkfMJXdNPQICdhM9GQJX moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.01.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DBK23 :: PRODBK23 [administrator]
01.02.2013 10:12:51
mbar-log-2013-02-01 (10-12-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30735
Time elapsed: 28 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 30
C:\windows\system32\drivers\67cf29f3c2300003.sys (Rootkit.Necurs) -> Delete on reboot.
c:\Windows\Installer\{DBC8E755-D889-6A10-5735-A6653713F68B}\syshost.exe (Trojan.Lameshield.124) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\apothekenadmin\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk13\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk23\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr11\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr5\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr6\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr7\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr8\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr9\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbrx\appdata\local\temp\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\apothekenadmin\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk13\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbk23\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr11\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr5\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr6\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr7\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr8\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbr9\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\dbrx\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\users\public\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\windows\system32\config\systemprofile\syshost.exe (Exploit.Drop.GS) -> Delete on reboot.
c:\Users\DBK23\AppData\Roaming\Microsoft\AddIns\ProkasXL.exe (Trojan.Agent) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.01.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DBK23 :: PRODBK23 [administrator]
01.02.2013 11:27:12
mbar-log-2013-02-01 (11-27-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30907
Time elapsed: 22 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.109 - Datei am 01/02/2013 um 11:48:38 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : DBK23 - PRODBK23
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\DBK23\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Apothekenadmin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBK13\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBK23\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR11\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR5\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR6\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR7\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR8\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBR9\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\DBRX\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1824 octets] - [01/02/2013 11:47:33]
AdwCleaner[R2].txt - [1884 octets] - [01/02/2013 11:48:13]
AdwCleaner[S1].txt - [1655 octets] - [01/02/2013 11:48:38]
########## EOF - C:\AdwCleaner[S1].txt - [1715 octets] ##########
|
|
01.02.2013, 17:34
| #6 |
| /// Helfer-Team | Malwarebyte findet exploit drop gs ! Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ --> Malwarebyte findet exploit drop gs ! |
|
30.03.2013, 08:45
| #7 |
| /// Helfer-Team | Malwarebyte findet exploit drop gs ! Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Malwarebyte findet exploit drop gs ! |
| exploit, exploit.drop.gs, exploit.drop.gslad, malwarebyte, rootkit.necurs, troja, trojan.agent, trojan.downloader, trojan.lameshield.124, trojaner |
Linear-Darstellung
