| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner mit HitmannPro entfernt - ist das System rein?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.05.2013, 14:17
| #1 |
 |  GVU-Trojaner mit HitmannPro entfernt - ist das System rein? Hallo und vorab vielen Dank für die Hinweise von ryder im Forum, zur Bereinigung mittels HitmannPro.Kickstart. siehe: http://www.trojaner-board.de/131327-...owsxp-sp3.html Das Tool habe ich ausgeführt und erfolgreich mit folgendem Logfile beendet. ----------------------------------------------------------------------------------------- Code:
ATTFilter HitmanPro 3.7.3.194
www.hitmanpro.com
Computer name . . . . : LAPTOP
Windows . . . . . . . : 5.1.3.2600.X86/1
User name . . . . . . : NT-AUTORITÄT\SYSTEM
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-05-07 12:59:48
Scan mode . . . . . . : Normal
Scan duration . . . . : 13m 53s
Disk access mode . . : Direct disk access (API)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 2
Traces . . . . . . . : 12
Objects scanned . . . : 1.195.116
Files scanned . . . . : 46.278
Remnants scanned . . : 143.919 files / 1.004.919 keys
Malware _____________________________________________________________________
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FTOA7.DAT -> PendingDelete
Size . . . . . . . : 163.840 bytes
Age . . . . . . . : 0.1 days (2013-05-07 09:40:24)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 76349A9E514C78F908767233F0FFC4A518B22EB3FD7015854BAAC92CEA580639
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : azroles Module
Version . . . . . : 5.2.3790.2729
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : winmgmt
> Emsisoft . . . . . : Trojan.Win32.Agent.amn!A2
Fuzzy . . . . . . : 148.0
One or more antivirus vendors have indicated that the file is malicious.
The file name extension of this program is not common.
This file was most recently added as automatic startup.
Uses the Startup folder in the Start Menu to run each time the user logs on.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
Startup
C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\msconfig.lnk
HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\
C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Temp\PCyJs8t.exe -> Quarantined
Size . . . . . . . : 163.840 bytes
Age . . . . . . . : 0.1 days (2013-05-07 09:40:18)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 76349A9E514C78F908767233F0FFC4A518B22EB3FD7015854BAAC92CEA580639
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : azroles Module
Version . . . . . : 5.2.3790.2729
Copyright . . . . : © Microsoft Corporation. All rights reserved.
> Emsisoft . . . . . : Trojan.Win32.Agent.amn!A2
Fuzzy . . . . . . : 102.0
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-1482476501-1303643608-682003330-1004\Software\Softonic\ (Softonic)
Anschliessend habe ich defogger (ohne Fehlermeldung) und OTL, nach der Anleitung für das Erstellen neuer Themen, ausgeführt. ----------------------------------------------------------------------------------------- Logfiles OTL: OTL logfile created on: 07.05.2013 13:29:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 34,13% Memory free 2,58 Gb Paging File | 1,43 Gb Available in Paging File | 55,46% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 0,93 Gb Free Space | 2,38% Space Free | Partition Type: FAT32 Drive E: | 426,69 Gb Total Space | 178,11 Gb Free Space | 41,74% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.07 13:29:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe PRC - [2013.04.08 16:40:58 | 000,879,456 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe PRC - [2013.02.20 11:36:02 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.02.13 11:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 11:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.02.13 11:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2013.02.05 09:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2012.12.03 08:35:30 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.07.30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.29 21:12:30 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Programme\a-squared Free\a2service.exe PRC - [2011.05.31 09:31:10 | 000,424,088 | ---- | M] (Sage Software) -- C:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe PRC - [2009.08.19 10:48:52 | 000,202,168 | ---- | M] (KONICA MINOLTA) -- C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Programme\RealVNC\VNC4\winvnc4.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.23 01:03:28 | 000,916,240 | ---- | M] (The Eraser Project) -- E:\SYSTEM (F)\Programme\Eraser\Eraser.exe PRC - [2006.02.07 02:42:00 | 000,316,416 | ---- | M] ((C) Michael Schiel) -- E:\DATEN\Privat\Ralf\Tools\trbackup\traybackup.exe PRC - [2006.01.20 19:53:22 | 000,991,232 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe PRC - [2006.01.05 13:02:24 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe PRC - [2005.06.08 09:20:32 | 000,069,632 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2005.05.18 15:57:36 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Programme\ltmoh\ltmoh.exe PRC - [2005.03.24 14:44:28 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Application Panel\QuickTouch.exe PRC - [2005.03.24 14:41:56 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe PRC - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe PRC - [2003.12.22 10:06:40 | 000,110,592 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\PfuSsSct.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2003.04.29 13:55:06 | 000,626,688 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe PRC - [2003.04.29 13:54:48 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe PRC - [2002.11.14 17:23:10 | 000,590,336 | ---- | M] () -- C:\Programme\Trojancheck 6\tcguard.exe PRC - [1999.06.27 20:38:02 | 000,794,112 | R--- | M] (Fred's Software) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PRINTKEY2000.EXE ========== Modules (No Company Name) ========== MOD - [2013.04.08 16:41:12 | 000,835,584 | ---- | M] () -- C:\Programme\Opera\gstreamer\gstreamer.dll MOD - [2013.04.08 16:41:12 | 000,312,832 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013.04.08 16:41:12 | 000,158,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013.04.08 16:41:12 | 000,101,888 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013.04.08 16:41:12 | 000,096,256 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013.04.08 16:41:12 | 000,094,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013.04.08 16:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013.04.08 16:41:12 | 000,073,728 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013.04.08 16:41:12 | 000,067,072 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013.04.08 16:41:12 | 000,062,976 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013.04.08 16:41:12 | 000,057,344 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013.04.08 16:41:12 | 000,038,912 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2013.03.12 22:36:58 | 014,717,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.03.10 17:31:44 | 017,357,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\596a69ff169802c3d6ba5972eb438bd8\Kies.Theme.ni.dll MOD - [2013.03.10 17:31:40 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\9604cf54d8c4c695b2a739737f6a2fec\DummyStorePlugin.ni.dll MOD - [2013.03.10 17:31:38 | 000,614,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\10f20b2e225e18072ba3345057d5eafe\DevicePodcast.ni.dll MOD - [2013.03.10 17:31:36 | 000,353,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\f2d7efd1d5dd355105c8733bc0213fd9\DevicePhoto.ni.dll MOD - [2013.03.10 17:31:36 | 000,299,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\8745e04646403351d11a453d728d76ed\DeviceVideo.ni.dll MOD - [2013.03.10 17:31:34 | 000,305,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\3db8d305ec8a6fe0c6f7d1756227f2da\DeviceMusic.ni.dll MOD - [2013.03.10 17:31:32 | 000,473,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\4ea1d83a359b4c8b536bacd33d2ab6a4\VideoManager.ni.dll MOD - [2013.03.10 17:31:30 | 000,776,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\405e394e21fed70fbb4ba93c5efc6e4c\PhotoManager.ni.dll MOD - [2013.03.10 17:31:28 | 001,929,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\df1906aa3909c27d7a1b9ba7428bea8a\Phonebook.ni.dll MOD - [2013.03.10 17:31:24 | 000,944,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\abadc350eacd7be29412a48d50406202\MusicManager.ni.dll MOD - [2013.03.10 17:31:22 | 000,402,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\8183714f892f289884d419a0ac5ce15e\BATPlugin.ni.dll MOD - [2013.03.10 17:31:20 | 000,515,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\06c3ecdaa45dcaed03382759b043674b\Kies.Common.MediaDB.ni.dll MOD - [2013.03.10 17:31:20 | 000,029,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\93e33c2b2b473ceda085698d9e369ad8\Kies.Common.StoreManager.ni.dll MOD - [2013.03.10 17:31:18 | 000,063,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\65edfaa098511ec6039225edce5b2add\Kies.Common.AllShare.ni.dll MOD - [2013.03.10 17:31:16 | 000,205,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\ef6195af9bbeb25dcd314db5651214e3\Kies.Common.MainUI.ni.dll MOD - [2013.03.10 17:31:16 | 000,109,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\40e1a12d16e08bfda04d7ea8e6fc52e4\Kies.Common.CRMManager.ni.dll MOD - [2013.03.10 17:31:16 | 000,066,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2221c0a6a9e0e4ad585440ce9f834148\Kies.Common.DBManager.ni.dll MOD - [2013.03.10 17:31:14 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0235e3cf2458bc2011bddda8a1031761\Kies.Common.DeviceServiceLib.FirmwareUpdate.Commo n.ni.dll MOD - [2013.03.10 17:31:12 | 000,189,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\af20558e03515baa0d0ce1c5830ffbc6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downl oader.ni.dll MOD - [2013.03.10 17:31:12 | 000,175,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\fa06b799153f9c28c1866319b3db5580\Interop.DevFileServiceLib.ni.dll MOD - [2013.03.10 17:31:10 | 000,571,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\af65625621d451e06086f6fe209094b4\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.03.10 17:31:08 | 001,097,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\959c60546ef2ac01f7ac72706734ca25\Kies.Common.DeviceService.ni.dll MOD - [2013.03.10 17:31:04 | 001,138,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\d185218cf1d501563e2eedb9d282e361\Podcaster.ni.dll MOD - [2013.03.10 17:31:00 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\914ddcc160a0db66d805114fde4560ea\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.03.10 17:30:46 | 000,040,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d77da7b6668e27f63af7da941e221304\Kies.Common.DeviceServiceLib.FirmwareUpdate.Firmw areUpdateAgentHelper.ni.dll MOD - [2013.03.10 17:30:44 | 000,926,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c1724b3468766ed8864ead0b360bae9d\Kies.Common.DeviceServiceLib.DeviceManagement.ni. dll MOD - [2013.03.10 17:30:42 | 002,206,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\b76727b6ae4d99b12562763d98f664d7\Kies.Common.Multimedia.ni.dll MOD - [2013.03.10 17:30:42 | 000,030,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\29e8db641e3708219f13d2a3b7528278\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.03.10 17:30:36 | 000,628,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a899b62334c0b88843485f1d2aaeca75\Kies.Common.DeviceServiceLib.DeviceDataService.ni .dll MOD - [2013.03.10 17:30:36 | 000,184,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a37ec43c4eb1688817450e43c9f27e0\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.03.10 17:30:20 | 006,797,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\896d4a8b4d7684b1f487770f22e0b681\DeviceHost.ni.dll MOD - [2013.03.10 17:30:06 | 000,280,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\31ba4774d6cece7be65ae784942df26a\Kies.Common.Util.ni.dll MOD - [2013.03.10 17:30:04 | 001,599,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7e9340a60d502630db1e4933ec40e725\Kies.Locale.ni.dll MOD - [2013.03.10 17:30:04 | 000,079,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\713f01a9f055f22f7c1ee148e5373922\Kies.MVVM.ni.dll MOD - [2013.03.10 17:30:02 | 001,928,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\92d7dcc8565846c5f8a7a47b9b6428c9\Kies.UI.ni.dll MOD - [2013.03.10 17:29:58 | 001,246,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\f48310f84c60edd8d4ad109ea062817c\Kies.Interface.ni.dll MOD - [2013.03.10 17:29:56 | 002,114,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\271ce0d4a8a728f353397eee74817f77\Kies.ni.exe MOD - [2013.02.19 13:19:30 | 000,160,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\83bf0a1846e2477fc62f4bb4c3408127\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.02.19 13:19:26 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\81c0ff81b2ad570ee85d6cd7ce751bba\System.ServiceProcess.ni.dll MOD - [2013.01.29 16:26:06 | 000,232,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\779a065e9d217d3a3aeeb354f9fce387\ASF_cSharpAPI.ni.dll MOD - [2013.01.29 16:24:40 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll MOD - [2013.01.29 14:45:48 | 000,171,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.01.29 14:45:48 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.01.29 14:45:48 | 000,032,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.01.29 14:45:38 | 000,395,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll MOD - [2013.01.29 14:45:36 | 000,530,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\cee3130da39eea6bfeccfe33eae98b0a\ICSharpCode.SharpZipLib.ni.dll MOD - [2013.01.29 14:44:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1818a0dcd8e00ef24981eb52acf3f6bd\System.Runtime.Remoting.ni.dll MOD - [2013.01.29 14:44:36 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\25732130189e8f468a7d98647edffe8e\System.Xaml.ni.dll MOD - [2013.01.29 13:37:18 | 018,019,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7de7ccd4d0e5a6fda2187aff3d5c4ee8\PresentationFramework.ni.dll MOD - [2013.01.29 13:36:44 | 011,522,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\608b2aa3ab5dfc3986285304a95a6dbf\PresentationCore.ni.dll MOD - [2013.01.29 13:36:26 | 003,880,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\639dacb8fc8d07719bdb5742940b4c33\WindowsBase.ni.dll MOD - [2013.01.29 13:36:12 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll MOD - [2013.01.29 13:36:06 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\947b4fe468a1a03516ee26d9b3f4240a\System.Configuration.ni.dll MOD - [2013.01.29 13:36:04 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\e773b94cc3f3fc25509904acb76cfe08\System.Core.ni.dll MOD - [2013.01.29 13:35:46 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll MOD - [2013.01.29 13:35:34 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.01.03 22:51:10 | 008,671,232 | ---- | M] () -- c:\Programme\Adobe\Acrobat 9.0\Acrobat\ExLang32.DEU MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\EScript.DEU MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\updater.DEU MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.02.27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\Annots.DEU MOD - [2009.02.27 16:39:30 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009.02.27 16:32:28 | 000,020,480 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2009.02.27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\sqlite.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2005.10.24 04:21:28 | 000,090,112 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\PfuSsPCapPI\PfuSsPCapPI.api MOD - [2005.07.08 11:36:40 | 000,094,208 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\f5bdkedr.dll MOD - [2005.06.26 12:03:36 | 000,045,056 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuUpdater0407.dll MOD - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe MOD - [2005.01.19 18:48:00 | 000,028,672 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardPath.dll MOD - [2004.12.10 12:55:08 | 000,036,864 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuUpdater.dll MOD - [2004.05.24 20:48:26 | 000,258,116 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\SSSecurity\SSSecurity.api MOD - [2003.11.20 20:56:18 | 000,294,912 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\ssIplA6.dll MOD - [2003.11.20 20:56:16 | 000,020,480 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\ssIpl.dll MOD - [2003.04.26 01:16:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll MOD - [2003.03.26 17:46:36 | 000,135,168 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll MOD - [2002.11.14 17:23:10 | 000,590,336 | ---- | M] () -- C:\Programme\Trojancheck 6\tcguard.exe MOD - [1996.12.19 13:24:26 | 000,068,608 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\F5BDKAKU.DLL ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- F:\HitmanPro.exe /crusader:boot -- (HitmanPro37CrusaderBoot) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.03.12 22:37:02 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.20 11:36:02 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.02.05 09:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.01.29 21:12:30 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\a-squared Free\a2service.exe -- (a2free) SRV - [2011.05.31 09:31:10 | 000,424,088 | ---- | M] (Sage Software) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe -- (SageDeploymentService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.05.26 21:58:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4) SRV - [2008.01.22 11:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2003.04.29 13:55:06 | 000,626,688 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server) SRV - [2003.04.29 13:54:48 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmnsusbser.sys -- (cmnsusbser) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.02.05 09:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.07.30 14:16:16 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.10.18 10:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010.10.18 10:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS -- (NAVENG) DRV - [2009.05.26 19:02:58 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2008.07.10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2005.08.03 17:21:38 | 001,094,853 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.07.13 17:26:52 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2005.04.25 09:52:40 | 000,132,352 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005.03.24 14:41:56 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd) DRV - [2005.03.16 06:47:32 | 000,023,200 | ---- | M] (O2 Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2004.10.29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.01.17 21:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2003.04.15 17:17:10 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL) DRV - [2003.04.15 17:17:08 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001.08.01 21:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bmw-werk-leipzig.de/leipzig/deutsch/lowband/com/de/index.html IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_deDE332 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2013.02.19 10:35:04 | 000,445,731 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15308 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (BrowseToolE0191 Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin1.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (BrowseToolE0191 Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (BrowseToolE0191 Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Corel Reminder] File not found O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [KM Status] C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.EXE (KONICA MINOLTA) O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PfuSsSct.exe] C:\Programme\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe () O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe File not found O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [Eraser] E:\SYSTEM (F)\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKCU..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [muzA1.tmp] C:\WINDOWS\system32\muzA1.tmp File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TrayBackup] E:\DATEN\Privat\Ralf\Tools\trbackup\traybackup.exe ((C) Michael Schiel) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (PFU Limited.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PRINTKEY2000.EXE (Fred's Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: fbzibzqxchzrqlbvoknbTaskMgr = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243358402406 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243358478187 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB2C0958-3975-4EAD-B1EE-9EFEA56EA2C2}: NameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\fa_1024d.BMP O24 - Desktop BackupWallPaper: C:\WINDOWS\fa_1024d.BMP O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.26 17:48:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{09c474bc-edf3-11e1-a8c0-000b5dc7f9b5}\Shell - "" = AutoRun O33 - MountPoints2\{09c474bc-edf3-11e1-a8c0-000b5dc7f9b5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{09c474bc-edf3-11e1-a8c0-000b5dc7f9b5}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 13:29:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe [2013.05.07 13:15:03 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013.05.07 12:42:42 | 000,000,000 | -HSD | C] -- C:\FOUND.002 [2013.05.07 12:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro [2013.05.07 12:16:54 | 000,000,000 | -HSD | C] -- C:\FOUND.001 [2013.05.07 09:43:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\PriceGong [2013.05.07 09:40:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hvljm.dat [2013.05.07 09:40:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe [2013.05.01 23:35:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump [2013.04.28 09:25:18 | 000,000,000 | -HSD | C] -- C:\FOUND.000 [2009.10.09 21:59:17 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Comdlg32.ocx [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.07 13:36:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.07 13:29:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe [2013.05.07 13:28:36 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\defogger_reenable [2013.05.07 13:27:44 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Defogger.exe [2013.05.07 13:19:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.07 13:17:10 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7ecefeefde4.job [2013.05.07 13:16:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.07 13:15:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013.05.07 13:15:04 | 000,001,062 | ---- | M] () -- C:\WINDOWS\System32\.crusader [2013.05.07 13:14:44 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.pad [2013.05.07 10:50:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.07 09:41:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.05.07 09:41:24 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlvh.pad [2013.05.07 09:40:50 | 000,003,036 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.js [2013.05.07 09:40:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hvljm.dat [2013.05.07 09:40:22 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe [2013.04.28 14:46:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2013.04.28 09:25:40 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\20101002_210700_USER.job [2013.04.15 09:56:06 | 000,000,687 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2013.04.14 22:01:40 | 000,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.11 21:52:14 | 000,001,687 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.04.10 20:23:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.04.09 23:39:42 | 001,331,297 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Sterbeurkunde_Paul_Friedrich_Trompter.pdf [2013.04.09 23:06:34 | 001,248,510 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\img103.jpg [2013.04.09 22:39:10 | 014,843,556 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\img103.tif [2013.04.09 22:37:22 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.07 13:28:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\defogger_reenable [2013.05.07 13:27:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Defogger.exe [2013.05.07 13:15:03 | 000,001,062 | ---- | C] () -- C:\WINDOWS\System32\.crusader [2013.05.07 09:40:49 | 000,003,036 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.js [2013.05.07 09:40:43 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlvh.pad [2013.05.07 09:40:30 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.pad [2013.04.09 23:08:28 | 001,331,297 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Sterbeurkunde_Paul_Friedrich_Trompter.pdf [2013.04.09 23:06:49 | 001,248,510 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\img103.jpg [2013.04.09 22:36:32 | 014,843,556 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\img103.tif [2013.03.04 23:32:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2013.03.04 23:32:51 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2013.02.19 11:19:47 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013.01.30 23:29:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.29 14:15:14 | 000,228,810 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2013.01.29 14:15:14 | 000,228,810 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1303643608-682003330-1004-0.dat [2012.07.30 14:16:20 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.02.17 06:35:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.29 11:52:05 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2009.06.28 20:02:44 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.26 22:56:10 | 000,000,087 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\default.pls [2009.05.26 18:02:16 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2009.05.26 17:50:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 18:03:14 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Extras logfile created on: 07.05.2013 13:29:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 34,13% Memory free 2,58 Gb Paging File | 1,43 Gb Available in Paging File | 55,46% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 0,93 Gb Free Space | 2,38% Space Free | Partition Type: FAT32 Drive E: | 426,69 Gb Total Space | 178,11 Gb Free Space | 41,74% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [print] -- Reg Error: Key error. http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "5985:TCP" = 5985:TCP:*  isabled:Windows-Remoteverwaltung "80:TCP" = 80:TCP:* isabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) "1433:TCP" = 1433:TCP:*:Enabled:Personal2010 "1434:UDP" = 1434:UDP:*:Enabled:SQL Server-Browser ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:enable -- (Microsoft Corporation) "C:\Programme\Return to Castle Wolfenstein\WolfMP.exe" = C:\Programme\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP -- () "C:\Programme\KONICA MINOLTA\Status Monitor\KMSMUI.EXE" = C:\Programme\KONICA MINOLTA\Status Monitor\KMSMUI.EXE:*:Enabled:KMSMUI -- (KONICA MINOLTA) "C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.exe" = C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.exe:*:Enabled:KONICA MINOLTA Status Monitor Application -- (KONICA MINOLTA) "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:* isabled:Google Earth"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled ienst "Bonjour" -- (Apple Inc.)"C:\Programme\iSpy\iSpy\iSpy.exe" = C:\Programme\iSpy\iSpy\iSpy.exe:*:Enabled:iSpy "C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper "C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled ropbox -- (Dropbox, Inc.)"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\System32\muzapp.exe" = C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{04ECD699-9F3A-4F9C-A476-EEAA4E172079}" = Fujitsu System Extension Utility "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0DD2DCC6-21AE-4678-8629-1084B17BE077}" = Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch) "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}" = Ancestry World Archives Project - Keying Tool "{143B33B7-458A-452A-8939-8B165B4B5067}" = Microsoft SQL Server 2008 Management Studio "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D960387-76B3-4758-BAF7-D156B14A032F}" = Ulead PhotoImpact 8 SE "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5E5DBCAC-EE56-4C78-8B39-1CC3E912B771}" = Microsoft SQL Server 2008 Setup Support Files (English) "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{695E67B6-8B95-4160-9650-92974980CDC1}" = Microsoft SQL Server 2008-Richtlinien "{6D7BD40C-3628-4C7C-BA46-CE8733450D5E}" = Lifebook Application Panel "{6EAE15E7-FD7A-45ED-8EC4-003363ADDB31}" = Personalwirtschaft "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76D1AA2B-A434-4D63-BE2C-80286F23C223}" = Microsoft Interop Forms Redistributable Package 2.0a "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010 "{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1) "{90140000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (German) 2010 "{90140000-001C-0407-0000-0000000FF1CE}_Office14.AccessRT_{264417E7-E622-456E-9666-3298344AF72C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.AccessRT_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A433AE09-2126-4dad-9CBD-C1B05DC42787}" = Windows Messenger 5.1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules "{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch "{AC76BA86-1033-F400-BA7E-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708 "{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1857284-FD34-4321-9C8F-201215D565D9}" = KONICA MINOLTA Status Monitor "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.0 "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Premium "{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch) "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Album Art Downloader XUI" = Album Art Downloader XUI 0.37.1 "a-squared Free_is1" = a-squared Free 4.5 "CorelDRAW 10" = CorelDRAW 10 "DivX Player" = DivX Player "DVD Shrink_is1" = DVD Shrink 3.2 "Endless Slideshow Screensaver_is1" = Endless Slideshow Screensaver 1.1 "EPSON Printer and Utilities" = EPSON-Drucker-Software "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.2 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "InstallShield_{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver "InstallShield_{6EAE15E7-FD7A-45ED-8EC4-003363ADDB31}" = Sage Personalwirtschaft 2011.2+ "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver "KONICA MINOLTA magicolor 1650 Installer" = KONICA MINOLTA magicolor 1650 "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Norton Commander" = Norton Commander "Office14.AccessRT" = Microsoft Access Runtime 2010 "Opera 12.15.1748" = Opera 12.15 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0 "RealVNC_is1" = VNC Free Edition 4.1.3 "Return to Castle Wolfenstein" = Return to Castle Wolfenstein "SynTPDeinstKey" = Synaptics Pointing Device Driver "Totalcmd" = Total Commander (Remove or Repair) "Trackplanner_is1" = Trackplanner 1.1.9 "Trojancheck_is1" = Trojancheck 6 "VLC media player" = VLC media player 1.1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "Winload Toolbar" = Winload Toolbar "WinRail 7.0 Demo version" = WinRail 7.0 Demo version "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MyFreeCodec" = MyFreeCodec "PlanetWerks" = PlanetWerks ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.05.2013 03:17:13 | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 25533500 Error - 07.05.2013 03:17:18 | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 07.05.2013 03:17:18 | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 25537813 Error - 07.05.2013 03:17:18 | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 25537813 Error - 07.05.2013 06:03:21 | Computer Name = LAPTOP | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 07.05.2013 06:23:13 | Computer Name = LAPTOP | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 07.05.2013 06:44:41 | Computer Name = LAPTOP | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 07.05.2013 06:58:17 | Computer Name = LAPTOP | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 07.05.2013 07:18:04 | Computer Name = LAPTOP | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 07.05.2013 07:18:29 | Computer Name = LAPTOP | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 07.05.2013 07:11:45 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:12:15 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:12:45 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:13:15 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:13:45 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:14:15 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:14:45 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:15:15 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:15:45 | Computer Name = LAPTOP | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.05.2013 07:19:01 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > ----------------------------------------------------------------------------------------- Beim Scan mit GMER erschien ein BlueScreen. Nun weiß ich nicht mehr weiter und bin mir unsicher was die Sicherheit meines Systems betrifft. Was kann ich weiter tun? Ich bitte um Hilfe! Danke vorab. |
| Themen zu GVU-Trojaner mit HitmannPro entfernt - ist das System rein? |
| antivirus, bho, bonjour, browser, cloud, computer, emsisoft, error, firefox, flash player, format, hdaudio.sys, hijack, hijackthis, homepage, hängen, iexplore.exe, internet browser, logfile, plug-in, realtek, registry, rundll, safer networking, scan, security, server, software, symantec, system, total commander, traces, visual studio, windows internet, winload toolbar, wrapper |
Baum-Darstellung