| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.10.2010, 17:48
| #1 |
 |  Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Hallo, auch ich habe ein Problem beim Online-Banking mit der Deutschen Bank. Direkt nach dem Einloggen erscheint ein aufgesetztes Fenster, das in einem 4x7-Tableau nach TANs fragt. Im Hintergrund ist der Login-Bereich mit aktuell korrektem Kontostand zu sehen, auf den man aber keinen Zugriff hat, so lange man das Tableau nicht ausgefüllt hat. Da ich hier im Forum noch kein Thema mit einer 28-TAN-Abfrage gefunden habe, hänge ich einen Screen-Shot an. Ich habe Malwarebytes und OTL scannen lassen, Berichte hängen an. Inzwischen - nach der Bereinigung durch Malwarebytes - ist das Problem (optisch) behoben. D.h. ich kann mich wieder problemlos bei der Deutschen Bank einloggen. Ist mein Rechner damit sauer? Was kann/sollte ich noch tun? Für eine Prüfung und weitere Ratschläge wäre ich sehr dankbar. Luhh Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4934
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.10.2010 17:29:50
mbam-log-2010-10-24 (17-29-50).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 234060
Laufzeit: 1 Stunde(n), 7 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9fdddd30-cacb-3743-e0a1-ad637a385e86} (Trojan.ZbotR.Gen) -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\WINDOWS\system32\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Jens und Selina\Anwendungsdaten\Licoan\mocua.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACguatpwrc.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 24.10.2010 17:43:27 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = D:\Laptop\Software Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 362,00 Mb Available Physical Memory | 35,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,41 Gb Total Space | 61,95 Gb Free Space | 53,21% Space Free | Partition Type: NTFS Drive D: | 109,63 Gb Total Space | 100,52 Gb Free Space | 91,69% Space Free | Partition Type: NTFS Drive E: | 6,83 Gb Total Space | 0,55 Gb Free Space | 7,99% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Laptop\Software\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe (market maker Software AG) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) PRC - C:\WINDOWS\system32\CmUCREye.exe () PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe () PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe () PRC - C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\CNYHKey.exe (Chicony) PRC - C:\Programme\WISO\Börse2006\bin\dptimersvc.exe (market maker Software AG) PRC - C:\WINDOWS\mHotkey.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) ========== Modules (SafeList) ========== MOD - D:\Laptop\Software\OTL.exe (OldTimer Tools) MOD - C:\Programme\Norton 360\Engine\4.3.0.5\asoehook.dll (Symantec Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation) MOD - C:\Programme\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. ) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (N360) -- C:\Programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation) SRV - (WB10WatchDog) -- C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe (market maker Software AG) SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe () SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe () SRV - (CyberLink Media Library Service) -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (DPTIMER_WB) -- C:\Programme\WISO\Börse2006\bin\dptimersvc.exe (market maker Software AG) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (vasjy) -- C:\WINDOWS\System32\drivers\jrjepo.sys File not found DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101021.003\IDSXpx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation) DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (RT2500USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (CMISTOR) -- C:\WINDOWS\system32\drivers\cmiucr.SYS (C-Media Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech) DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.2.1 FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:5.6.4.9 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5006 [2010.10.18 18:52:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010.10.19 15:21:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010.10.18 19:34:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 14:52:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 14:52:53 | 000,000,000 | ---D | M] [2008.09.01 17:41:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.10.23 18:23:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions [2010.09.27 10:23:16 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2006.05.19 19:13:46 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2) [2010.10.13 17:03:28 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.07.29 22:46:41 | 000,000,000 | ---D | M] (Tradesignal Web Edition) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2010.08.19 23:04:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.22 15:38:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.16 16:08:30 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2007.02.25 10:26:54 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010.08.18 23:10:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.30 18:12:27 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2006.05.19 19:13:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2) [2010.02.24 17:05:22 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.02.14 15:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.03.09 16:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\toolbar_extras@de.yahoo.com [2010.10.23 18:23:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.05.02 00:46:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.03.09 16:09:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2010.04.23 20:58:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.23 20:58:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.23 20:58:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.23 20:58:14 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.23 20:58:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O2 - BHO: (no name) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - No CLSID value found. O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdmcks.dll () O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe () O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe () O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe () O4 - HKCU..\Run: [ProfiDialer] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download all with Free Download Manager - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.10.09 14:46:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.24 17:37:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2010.10.24 17:31:41 | 000,000,000 | ---D | C] -- C:\Avenger [2010.10.24 16:19:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.10.24 16:19:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.24 16:19:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.24 16:19:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.24 16:19:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.19 15:22:45 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys [2010.10.19 15:22:45 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys [2010.10.19 15:22:45 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys [2010.10.19 15:22:44 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys [2010.10.19 15:22:44 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys [2010.10.19 15:22:43 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys [2010.10.19 15:22:43 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys [2010.10.19 15:22:42 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys [2010.10.19 15:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005 [2010.10.18 22:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs [2010.10.18 19:34:19 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2010.10.18 19:33:53 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2010.10.18 19:33:53 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2010.10.18 19:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Symantec Shared [2010.10.18 19:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Symantec [2010.10.18 19:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360 [2010.10.18 19:33:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Sidebar [2010.10.18 19:33:30 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360 [2010.10.18 19:33:15 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.10.18 19:33:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller [2010.10.18 19:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Norton [2010.10.18 19:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2010.10.18 18:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5006 [2010.10.18 18:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cock [2010.10.14 17:18:33 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.14 17:18:32 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.14 17:18:16 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2005.10.09 12:04:35 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.24 17:36:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.24 17:36:04 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.10.24 17:35:59 | 000,087,724 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.10.24 17:35:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.24 17:35:46 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2010.10.23 19:38:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.10.23 19:27:20 | 000,215,552 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.23 17:54:35 | 000,000,031 | ---- | M] () -- C:\WINDOWS\iltwain.ini [2010.10.22 17:29:20 | 000,000,218 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat [2010.10.20 15:13:09 | 000,001,871 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360 Online.LNK [2010.10.20 15:12:36 | 000,697,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB [2010.10.18 19:33:53 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2010.10.18 19:33:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2010.10.18 19:33:53 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2010.10.18 19:33:53 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2010.10.18 18:59:02 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.15 16:29:03 | 001,595,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.14 19:35:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.08 19:06:33 | 000,454,302 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.08 19:06:33 | 000,436,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.08 19:06:33 | 000,083,334 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.08 19:06:33 | 000,070,058 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.20 15:12:17 | 000,697,238 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB [2010.10.19 15:22:45 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat [2010.10.19 15:22:45 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat [2010.10.19 15:22:45 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf [2010.10.19 15:22:45 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf [2010.10.19 15:22:44 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat [2010.10.19 15:22:44 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat [2010.10.19 15:22:44 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf [2010.10.19 15:22:44 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf [2010.10.19 15:22:43 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat [2010.10.19 15:22:43 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat [2010.10.19 15:22:43 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat [2010.10.19 15:22:43 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf [2010.10.19 15:22:43 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf [2010.10.19 15:22:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf [2010.10.19 15:22:42 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat [2010.10.19 15:22:42 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf [2010.10.19 15:21:55 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini [2010.10.18 19:33:53 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2010.10.18 19:33:53 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2010.10.18 19:33:49 | 000,001,871 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360 Online.LNK [2010.10.18 19:13:48 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2009.04.14 21:46:02 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007.08.20 14:06:03 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL [2007.08.20 14:06:03 | 000,000,468 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini [2007.08.20 12:13:54 | 000,003,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mpauth.dat [2007.05.27 20:55:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007.05.27 20:55:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2007.05.02 01:06:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007.05.02 01:03:21 | 000,000,230 | ---- | C] () -- C:\WINDOWS\BUHL.INI [2007.04.16 18:43:12 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.06.12 15:29:13 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI [2006.04.28 15:11:01 | 000,019,822 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.04.23 15:51:03 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.04.22 23:13:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006.04.22 21:49:37 | 000,215,552 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.04.22 21:49:37 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.03.01 15:01:44 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.03.01 15:01:44 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2006.02.28 18:07:24 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.02.28 15:52:15 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2006.02.28 15:52:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll [2006.02.28 15:52:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2006.02.28 15:52:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll [2006.02.28 15:52:15 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll [2006.02.28 15:52:15 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini [2006.02.28 13:18:15 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.02.28 13:18:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.02.28 13:18:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.02.28 13:18:14 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.02.28 13:18:14 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.01.30 13:15:04 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005.10.18 15:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2005.10.16 16:35:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.10.16 14:47:59 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2005.10.12 11:48:49 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll [2005.10.12 08:39:03 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005.10.09 14:55:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.10.09 14:27:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.10.09 13:48:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.10.09 12:25:40 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005.10.09 12:25:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\A3DA537E26.sys [2005.10.09 12:04:35 | 000,730,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys [2005.10.09 12:04:35 | 000,041,243 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll [2005.10.09 12:04:35 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys [2005.10.09 12:04:35 | 000,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll [2005.10.09 11:53:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll [2005.10.09 11:53:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll [2005.10.09 07:47:00 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.10.08 23:52:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.10.08 15:40:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll [2005.10.08 15:40:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI [2005.10.08 15:30:55 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.10.08 15:18:30 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LoopyMusic.wav:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BuzzingBee.wav:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db:KAVICHS @Alternate Data Stream - 68 bytes -> C:\AUTOEXEC.BAT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotek.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\VFDUtil.UNI:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsrv32.rll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Retten.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTimeVR.qtx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qts:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi007.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd007.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PC-Gebrauchsanweisung.pdf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OemLink.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OEM-Eula.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvdisp.nvu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MLED___J.PRN:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mgxcdr.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ksc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_04-b05.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InstallUtil.InstallLog:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpude.qm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\xjis.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unicode.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srframe.mmf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sortkey.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\secupd.sig:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\secupd.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.spd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.sdf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\r1033tts.lxa:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prcp.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.sig:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.bin:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mlang.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltts1033.lxa:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\l_intl.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\l_except.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ksc.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gm.dls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\geo.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctype.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_950.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_932.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_875.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_874.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_870.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_869.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_865.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_864.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_863.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_862.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_861.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_860.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_858.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_857.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_855.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_852.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_850.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_775.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_737.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_720.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_708.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_500.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_437.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28605.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28603.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28599.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28598.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28597.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28596.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28595.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28594.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28593.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28592.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_28591.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_21866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_21027.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_21025.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20932.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20924.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20905.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20880.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20871.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20838.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20833.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20424.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20423.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20420.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20297.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20290.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20285.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20284.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20280.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20278.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20277.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20273.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20269.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20261.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20127.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20108.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20107.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20106.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20105.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20005.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20004.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20003.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20002.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20001.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_20000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1361.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1258.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1257.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1256.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1255.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1254.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1253.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1252.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1251.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1250.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1149.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1148.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1147.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1146.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1145.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1144.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1143.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1142.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1141.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1140.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1047.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_1026.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10082.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10081.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10079.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10029.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10021.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10017.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10010.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10008.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10007.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10006.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10005.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10004.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10003.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10002.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10001.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_10000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_037.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bopomofo.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\big5.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520850.cpx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520437.cpx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DLLAV32.lib:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3d9caps.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.rll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Channels anzeigen.scf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Seifenblase.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe-Stuck.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Präriewind.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\MREADM_J.TXT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\mozver.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\LavaLamp.avi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Kaffeetasse.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Granit.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\filespecrtrt2500USB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Feder.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Fächer.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\comwarn.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blaue Spitzen 16.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Angler.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\ntuser.dat.LOG:KAVICHS < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.10.2010 17:43:27 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = D:\Laptop\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 362,00 Mb Available Physical Memory | 35,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 61,95 Gb Free Space | 53,21% Space Free | Partition Type: NTFS
Drive D: | 109,63 Gb Total Space | 100,52 Gb Free Space | 91,69% Space Free | Partition Type: NTFS
Drive E: | 6,83 Gb Total Space | 0,55 Gb Free Space | 7,99% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\AOL.exe" = %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%ProgramFiles%\Skype\Phone\Skype.exe" = %ProgramFiles%\Skype\Phone\Skype.exe:*:enabled:Skype -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\AOL.exe" = %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found
"C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe" = C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\Home Cinema\PowerCinema\PCMService.exe" = C:\Programme\Home Cinema\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat:*:Enabled:patchgrabber -- File not found
"C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- File not found
"C:\Programme\EA Games\Command and Conquer Generäle\game.dat" = C:\Programme\EA Games\Command and Conquer Generäle\game.dat:*:Enabled:game -- File not found
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{0D93041A-03EC-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{0E3E8CBE-C112-4754-B447-83F3E4C381C6}" = WISO Börse 2010
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1929A791-0773-4C6E-99DA-E5988CE4B46C}" = WISO Börse 2006
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .2
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Foto 2006 Standard Edition Editor
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FEBD11-E587-4C41-AD33-0CD90D26A964}" = Client für die Windows-Rechteverwaltung mit Service Pack 2
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.8
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAF88B432344413595BB2DED98385684}" = DivX User Guide
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = PowerCineama MakeDVD Module
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"CCleaner" = CCleaner (remove only)
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem
"Easy-WebPrint" = Easy-WebPrint
"Free Download Manager_is1" = Free Download Manager 2.1
"GMX Internet Manager" = GMX Internet Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"LetsTrade" = LetsTrade Komponenten
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"medionmusic-manager gold" = medionmusic-manager gold
"medionmusic-Suite" = medionmusic-Suite
"MedionVFD" = Medion Info Display
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v11" = Microsoft Foto 2006 Standard Edition
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Macromedia Flash Player 8
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2009 17:32:34 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes
Modul js3250.dll, Version 4.0.0.0, Fehleradresse 0x000290dc.
Error - 30.11.2009 19:33:42 | Computer Name = ***-PC | Source = WISO Börse | ID = 1009
Description = Bei der Datenaktualisierung ist während der Ausführung der Aufgabe
"Import neuer Kursdaten" der folgende Fehler aufgetreten: "Der Vorgang wurde durch
den Benutzer abgebrochen - Fehler 1223(0x4C7)"
Error - 29.01.2010 14:52:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes
Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00019cfa.
Error - 16.02.2010 12:15:23 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes
Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00006781.
Error - 19.02.2010 12:38:53 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5145, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010a19.
Error - 19.02.2010 12:38:55 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010a19.
Error - 19.02.2010 12:39:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Error - 14.03.2010 13:29:38 | Computer Name = ***-PC | Source = WISO Börse 2010 | ID = 600
Description =
Error - 07.04.2010 12:46:46 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes
Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00086cf7.
Error - 07.04.2010 12:48:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mozilla.exe, Version 1.7.20060.41421, fehlgeschlagenes
Modul gklayout.dll, Version 1.7.20060.41421, Fehleradresse 0x00086cf7.
[ System Events ]
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 20.10.2010 13:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.10.2010 13:26:55 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = Der Server "{959BA0A4-0893-48B4-8B02-BA0DA0A401FE}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
|
|
24.10.2010, 21:02
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
__________________ |
|
25.10.2010, 15:17
| #3 | |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
Hatte zuletzt Avira Antivir und Zonealarm (je die kostenlose Version) installiert, seit Kurzem jetzt Norton 360. Im Zuge der Phishing-Attacke hatte ich zudem versucht, die BOT-CD von Computerbild laufen zu lassen, habe das aber abgebrochen, weil von dort keine Verbindung zum Internet hergestellt werden konnte und es somit nicht die aktuellste Version war. Ansonsten ist der CCleaner bei mir installiert, den ich aber noch nicht benutzt habe. luhh |
|
25.10.2010, 16:31
| #4 |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Habe gerade gesehen, dass Avenger auch ein Logfile erstellt, siehe unten. Zeitlich liegt es genau zwischen den Scans mit Malwarebytes und OTL. Ich habe aber zwischen diesen beiden Scans definitiv nichts anderes laufen lassen, sondern strikt Eure Anweisung abgearbeitet. Luhh Code:
ATTFilter Logfile of The Avenger version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: file "C:\WINDOWS\system32\AcroIEHelpe.dll" not found!
Deletion of file "C:\WINDOWS\system32\AcroIEHelpe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\uacinit.dll" not found!
Deletion of file "C:\WINDOWS\system32\uacinit.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Licoan\mocua.exe" not found!
Deletion of file "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Licoan\mocua.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\UACguatpwrc.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\UACguatpwrc.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: folder "C:\WINDOWS\system32\xmldm" not found!
Deletion of folder "C:\WINDOWS\system32\xmldm" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exis
|
|
25.10.2010, 18:47
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
 Naja, meine bescheidene Meinung dazu  Ich hab übrigens gerade eine Idee warum der Avenger ausgeführt wurde....denn der Autor von Avenger ist jetzt im Team von Malwarebytes, gut möglich, dass bestimmte Löschprozesse, die einen Neustart benötigen, vom Avenger ausgeführt werden. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (vasjy) -- C:\WINDOWS\System32\drivers\jrjepo.sys File not found
O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKCU..\Run: [ProfiDialer] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
[2010.10.24 17:37:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2010.10.18 22:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2010.10.18 18:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5006
[2010.10.18 18:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cock
[2010.10.23 17:54:35 | 000,000,031 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010.10.22 17:29:20 | 000,000,218 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.10.2010, 19:12
| #6 | |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
Luhh Code:
ATTFilter All processes killed
========== OTL ==========
Service vasjy stopped successfully!
Service vasjy deleted successfully!
File C:\WINDOWS\System32\drivers\jrjepo.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Showwnd deleted successfully.
C:\WINDOWS\ShowWnd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ProfiDialer deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk moved successfully.
C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe moved successfully.
C:\WINDOWS\System32\xmldm folder moved successfully.
C:\WINDOWS\System32\UAs folder moved successfully.
C:\WINDOWS\System32\5006\components folder moved successfully.
C:\WINDOWS\System32\5006 folder moved successfully.
C:\WINDOWS\System32\cock folder moved successfully.
C:\WINDOWS\iltwain.ini moved successfully.
C:\WINDOWS\system32\urhtps.dat moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 348 bytes
User: ***
->Temp folder emptied: 1440 bytes
->Temporary Internet Files folder emptied: 10753230 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71736632 bytes
->Flash cache emptied: 100231 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3976695 bytes
%systemroot%\System32\dllcache .tmp files removed: 1300480 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1621368 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 86,00 mb
OTL by OldTimer - Version 3.2.17.1 log created on 10252010_195144
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_68c.dat not found!
Registry entries deleted on Reboot...
|
|
25.10.2010, 19:43
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
 Du kannst es wiederherstellen aus dem C:\_OTL Ordner, an die Originalstelle zurückkopieren. Notfalls Acrobat neu installieren. Aber das erstmal später. Erstmal bitte CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 20:22
| #8 | |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
Code:
ATTFilter ComboFix 10-10-24.06 - *** 25.10.2010 21:08:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.403 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85C3FB64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85DDEDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85E509FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FB112-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C588C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85CF13EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D6D5C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D6DBFC-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D6F65C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D705C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D71DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D765C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7729C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7C7A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7EDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D7F3EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D813B4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D81BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D8ADDC-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D8E65C-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D8E83C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D90BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D95DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9ADDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9B3EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9D664-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9EDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DA46E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DAB7D4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB3B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB7DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB8A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DB8DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DC4714-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DD183C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DD4B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DDC3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE35CC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE4A34-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE6A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE73BC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE85C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DE983C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DF8DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E03B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E05BCC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85ED1A24-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EF629C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EFCDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F13BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F1DA1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F37A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FA7054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FA9DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FAADDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE970C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86002A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86077A24-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8608447C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860C861C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860CCBFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860CF054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860D1BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860F565C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860F6BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861453E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86147DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615CA1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615CDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861CB404-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D2874-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86299DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8629B46C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8629DB64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A2B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A9BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862AB7A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862BDDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862BE504-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C1DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C55C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862CEB64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D2DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D865C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D93E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DD83C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DEDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862E07BC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862E165C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862E5BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862EA3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F03DC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F1BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F73E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F77A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F883C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862F9A1C-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630029C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86300984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630245C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630F6E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631083C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863114B4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631164C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631C3EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631E054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8631F744-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86320984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86320B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86320C1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863233E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86326BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86327984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86329BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632C3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632C984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632E3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632E7A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86330DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86331904-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86333B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86333BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863357A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633620C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86336514-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633729C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86337A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863389A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633948C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633B83C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8633FBFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863453B4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86347DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86348DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634947C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634AA1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634C47C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634C83C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634CB64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8634D5DC-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86352A24-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863543E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86356DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863577A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86357DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86359BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635B5CC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635C984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635DA1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635EBFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863627A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863643DC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863695C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8636A7A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8636E3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8636F7A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86371344-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86377DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863787A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86381984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863828EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638C5C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638EB5C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86392B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86394DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863957A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86396DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863973E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8639A3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8639C3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8639C5C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A07A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A2DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A7BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ADA1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AE3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AE9E8-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B13E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B165C-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B1ACC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B78FC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B9344-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B983C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BC68C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BD3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BD47C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BF484-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C2A4C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C3DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C5A74-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C63E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C65C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863CFDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D13E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D2A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D4BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D4DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D55F4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D97A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DE9B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E17A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E1BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E283C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E483C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E4A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E583C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E7DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863EC5C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863EC7A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863EE47C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F2A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F35CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F3DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F45C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F45EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F6824-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F770C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F9594-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FA29C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FC9DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FCC04-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863FD204-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640147C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640283C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86402B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864047A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86405DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86407DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640951C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640A984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640AC0C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640C984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864127A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864135F4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86414A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86418BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86419204-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864193B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641965C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641A5C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641E3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641EBFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641F47C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86423A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86426B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86426DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86427A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86428204-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86429494-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864295AC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86429BFC-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642CDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642E64C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642F3E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86430A1C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86430A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86431770-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86435DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86436DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86437984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643BC44-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643E564-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643EB64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644083C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644565C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86446B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86447DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86448AB4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644CDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645CB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86461DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86463494-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646583C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86466A94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864783F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8647C834-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8648D854-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8649F674-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8649FBFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864A5DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864AEBFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864BADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864C165C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864C8DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864D33E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864DEDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E29C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E6524-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864EADDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864EE984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F0DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FF65C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86500204-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86503B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865047A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865074EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8650983C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86510A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86514B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86516D34-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651783C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651CDDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651E65C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865227C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86528ADC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652983C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652E7DC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653035C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86533DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86536504-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86538DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86539C24-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653F354-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86543BFC-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654752C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654A414-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654B674-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654B83C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654B984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654E234-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86555B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86558A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8656483C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86577BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8657F83C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86583B64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86583DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8658D5C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8658EBFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86597D4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659965C-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865B5DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865BB4EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865BD3EC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865C6A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865C7BFC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865CADDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865D3984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865E5A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865F4C6C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865F565C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86600934-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86601A1C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661065C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661A704-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661AD2C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8661CAC4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86621A84-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866237A4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8662CB64-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8665C984-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86687BB4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86687DDC-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8668A424-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86691C24-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86692864-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86692DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866934D4-FFA4-0111-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-0100-0D24-347CA8A3377C}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programme\mozilla\mozilla.exe
c:\windows\system32\spool\prtprocs\w32x86\CNMPD82.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP82.DLL
c:\windows\system32\UACnstymfpc.log
c:\windows\system32\uactmp.db
c:\windows\system32\UACultrknaj.dat
c:\windows\system32\UACxptyyrua.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-25 bis 2010-10-25 ))))))))))))))))))))))))))))))
.
2010-10-24 14:19 . 2010-10-24 14:19 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-10-24 14:19 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-24 14:19 . 2010-10-24 14:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-24 14:19 . 2010-10-24 14:19 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-10-24 14:19 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 17:34 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-18 17:34 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-18 17:33 . 2010-10-18 17:40 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared
2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\Symantec
2010-10-18 17:33 . 2010-10-18 17:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-18 17:33 . 2010-10-18 17:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-18 17:33 . 2010-10-20 13:13 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\Norton 360
2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\Windows Sidebar
2010-10-18 17:33 . 2010-10-18 17:33 -------- d-----w- c:\programme\NortonInstaller
2010-10-18 17:29 . 2010-10-18 17:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2010-10-14 15:18 . 2010-09-18 06:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 15:18 . 2010-09-18 06:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 15:18 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:22 . 2005-10-09 05:46 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2005-10-09 05:46 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2005-10-09 05:46 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2005-10-09 05:46 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:47 . 2005-10-09 05:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2005-10-09 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2005-10-09 05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:50 . 2005-10-09 05:46 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2005-10-09 05:46 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2005-10-09 05:46 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-10-09 05:46 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2005-10-09 05:46 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2005-10-09 05:46 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-10-09 05:46 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2005-10-09 05:46 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-09 15:23 47616 --sh--r- c:\windows\system32\appconf32.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2006-02-22 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-06-22 237568]
"ledpointer"="CNYHKey.exe" [2005-11-10 5585408]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2006-01-27 176128]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-10-04 35328]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2008-4-18 1114112]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%ProgramFiles%\\AOL 9.0\\AOL.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [19.10.2010 15:22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [19.10.2010 15:22 173104]
R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [02.10.2010 00:00 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [19.10.2010 15:22 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [19.10.2010 15:22 116784]
R2 DPTIMER_WB;WISO Börse Zeitsteuerung;c:\programme\WISO\Börse2006\bin\dptimersvc.exe [29.08.2005 07:00 396800]
R2 N360;Norton 360;c:\programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe [19.10.2010 15:22 126392]
R2 WB10WatchDog;WISO Börse 2010 Watchdog;c:\programme\Buhl\WISO Börse 2010\bin\watchdog.exe [21.09.2009 12:33 483544]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18.10.2005 15:01 826752]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [28.02.2006 15:51 86784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25.10.2010 16:03 102448]
R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101021.003\IDSXpx86.sys [19.10.2010 22:36 341880]
S0 rseb;rseb; [x]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\programme\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\programme\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\programme\Free Download Manager\dllink.htm
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/de/
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\rixl1ft8.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5we.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-{FAF88B432344413595BB2DED98385684} - c:\programme\DivX\DivXUserGuideUninstall
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-25 21:12
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\programme\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
Zeit der Fertigstellung: 2010-10-25 21:15:44
ComboFix-quarantined-files.txt 2010-10-25 19:15
Vor Suchlauf: 9 Verzeichnis(se), 66.549.514.240 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 66.572.242.944 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - C40DF065F7F1DF49C8A88D6F606C0DF1
|
|
27.10.2010, 07:39
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2010, 19:05
| #10 |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login GMER ist sowohl im normalen als auch im abgesicherten Modus abgestürzt. Danach habe ich OSAM und MBRCheck laufen lassen. Hier die Logfiles: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:52:39 on 27.10.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys "catchme" (catchme) - ? - C:\DOKUME~1\JENSUN~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101026.001\IDSxpx86.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVEX15.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "rseb" (rseb) - ? - C:\WINDOWS\system32\drivers\rseb.sys (File not found) "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMEFA.SYS "Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS "Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\1031\UNBIND.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "MedionShop" - ? - hxxp://www.medionshop.de/ (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab {02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL / hxxp://office.microsoft.com/templates/ieawsdc.cab {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - (File not found | COM-object registry key not found) {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdmcks.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\IPSBHO.DLL {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "CHotkey" - ? - mHotkey.exe "EM_EXEC" - "Logitech Inc. " - C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE "InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "ledpointer" - "Chicony" - CNYHKey.exe "MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe" "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Canon BJ Language Monitor MP180" - "CANON INC." - C:\WINDOWS\system32\CNMLM82.DLL "MLMON__J.DLL" - ? - MLMON__J.DLL (File not found) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "Norton 360" (N360) - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WISO Börse 2010 Watchdog" (WB10WatchDog) - "market maker Software AG" - C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe "WISO Börse Zeitsteuerung" (DPTIMER_WB) - "market maker Software AG" - C:\Programme\WISO\Börse2006\bin\dptimersvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7A50000 \WINDOWS\system32\KDCOM.DLL
0xF7960000 \WINDOWS\system32\BOOTVID.dll
0xF7420000 ACPI.sys
0xF7A52000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF740F000 pci.sys
0xF7550000 isapnp.sys
0xF7B18000 pciide.sys
0xF77D0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7560000 MountMgr.sys
0xF73F0000 ftdisk.sys
0xF77D8000 PartMgr.sys
0xF7570000 VolSnap.sys
0xF73D8000 atapi.sys
0xF7580000 disk.sys
0xF7590000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B8000 fltmgr.sys
0xF7362000 SYMDS.SYS
0xF7350000 sr.sys
0xF7323000 SYMEFA.SYS
0xF730C000 KSecDD.sys
0xF727F000 Ntfs.sys
0xF7252000 NDIS.sys
0xF75A0000 ohci1394.sys
0xF75B0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7238000 Mup.sys
0xF66F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF62B1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF629D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6275000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7920000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6251000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6187000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xF6164000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A00000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xF78E8000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF604B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A5E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78F0000 \SystemRoot\System32\Drivers\Modem.SYS
0xF78F8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF66E1000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A0C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6037000 \SystemRoot\system32\DRIVERS\parport.sys
0xF66D1000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF66C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF66B1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7910000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7C52000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF66A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A18000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6020000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6691000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6681000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7928000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7930000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7938000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7660000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7940000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7948000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7ABA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5FC2000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A24000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76C0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEF92E000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEF90A000 \SystemRoot\system32\drivers\portcls.sys
0xF20A4000 \SystemRoot\system32\drivers\drmk.sys
0xF076D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A9C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEDC9B000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AA6000 \SystemRoot\System32\Drivers\Beep.SYS
0xEDCDF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEDCD7000 \SystemRoot\System32\drivers\vga.sys
0xF7ABE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AD2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEDCCF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEDCC7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xED4D9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEC22B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xED864000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xEC1B8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEC192000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEC13B000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS
0xED854000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEC116000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xED57C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xED115000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xED814000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEBB15000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101026.001\IDSxpx86.sys
0xEB004000 \SystemRoot\system32\DRIVERS\cmiucr.SYS
0xEBAED000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEBACB000 \SystemRoot\System32\drivers\afd.sys
0xF1978000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEBAAC000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0xF051A000 \SystemRoot\system32\DRIVERS\LHidFlt2.sys
0xF67C0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\LMouFlt2.sys
0xEBA71000 \SystemRoot\system32\DRIVERS\rt2500usb.sys
0xEC894000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xEFDAA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xEDB6A000 \SystemRoot\system32\DRIVERS\LKbdFlt2.sys
0xF76D0000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0xEBA46000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEB9D6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76B0000 \SystemRoot\System32\Drivers\Fips.SYS
0xEB978000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
0xEB95B000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEB8DC000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0xEB830000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
0xEB80C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEB7F4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xEF60A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF79FC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7900000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF2705000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF78A8000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEF56B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9DAB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB956E000 \SystemRoot\system32\drivers\wdmaud.sys
0xF1998000 \SystemRoot\system32\drivers\sysaudio.sys
0xB938C000 \SystemRoot\System32\Drivers\HTTP.sys
0xB92E4000 \SystemRoot\system32\DRIVERS\srv.sys
0xEFF13000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xEF260000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8ABD000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0xB8857000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVEX15.SYS
0xB881B000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101026.048\NAVENG.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 44):
0 System Idle Process
4 System
340 C:\WINDOWS\system32\smss.exe
460 csrss.exe
484 C:\WINDOWS\system32\winlogon.exe
528 C:\WINDOWS\system32\services.exe
540 C:\WINDOWS\system32\lsass.exe
700 C:\WINDOWS\system32\svchost.exe
748 svchost.exe
788 C:\WINDOWS\system32\svchost.exe
848 svchost.exe
896 svchost.exe
1124 C:\WINDOWS\system32\spoolsv.exe
1236 svchost.exe
1324 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
1372 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
1472 C:\Programme\WISO\Börse2006\bin\dptimersvc.exe
1488 C:\WINDOWS\explorer.exe
1576 C:\WINDOWS\system32\svchost.exe
1616 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
1704 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
1720 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe
1864 C:\WINDOWS\system32\nvsvc32.exe
1888 C:\Programme\CyberLink\Shared Files\RichVideo.exe
136 C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe
1328 C:\WINDOWS\RTHDCPL.exe
1332 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
1404 C:\Programme\Home Cinema\PowerCinema\PCMService.exe
1436 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
1012 C:\WINDOWS\system32\CmUCREye.exe
1780 C:\WINDOWS\CNYHKey.exe
2056 C:\Programme\Medion Info Display\MdionLCM.exe
2244 C:\WINDOWS\mHotkey.exe
2372 C:\PROGRA~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
2420 wmpnetwk.exe
2444 C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
2508 C:\Programme\Windows Media Player\wmpnscfg.exe
2948 C:\Programme\RALINK\Common\RaUI.exe
3164 wmiprvse.exe
3176 alg.exe
3412 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe
4044 C:\Programme\Mozilla Firefox\firefox.exe
4088 D:\Software\OSAM\osam.exe
3160 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1a8eb800 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32)
PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 8A043C284E07523D32F6E05E5BC7831784FB924F
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
|
|
27.10.2010, 19:27
| #11 |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Seit dem Absturz von GMER ist mein Rechner spürbar langsamer geworden, sowohl beim Hochfahren als auch beim Starten von Programmen. Außerdem erscheint beim Hochfahren, wenn ich den Windows-Modus wählen kann, u.a. die Option "do not select this [Debugger aktiviert]". Hängt das irgendwie mit dem abgebrochenen GMER-Scan zusammen und muss/kann ich diesbez. noch etwas tun? Luhh |
|
27.10.2010, 21:30
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach LoginZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2010, 16:55
| #13 |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login rsep-Löschung durchgeführt. Allerdings hat sich kein Report nach der Löschaktion (und anschließendem Neustart) geöffnet. Anbei das neueste Logfile vom OSAM-Scan. Luhh Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:49:19 on 28.10.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys "catchme" (catchme) - ? - C:\DOKUME~1\JENSUN~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101027.001\IDSxpx86.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101027.050\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101027.050\NAVEX15.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\N360\0403000.005\SYMEFA.SYS "Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS "Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\1031\UNBIND.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "MedionShop" - ? - hxxp://www.medionshop.de/ (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab {02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL / hxxp://office.microsoft.com/templates/ieawsdc.cab {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - (File not found | COM-object registry key not found) {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdmcks.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\IPSBHO.DLL {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\coIEPlg.dll {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "CHotkey" - ? - mHotkey.exe "EM_EXEC" - "Logitech Inc. " - C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE "InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "ledpointer" - "Chicony" - CNYHKey.exe "MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe" "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Canon BJ Language Monitor MP180" - "CANON INC." - C:\WINDOWS\system32\CNMLM82.DLL "MLMON__J.DLL" - ? - MLMON__J.DLL (File not found) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "Norton 360" (N360) - "Symantec Corporation" - C:\Programme\Norton 360\Engine\4.3.0.5\ccSvcHst.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WISO Börse 2010 Watchdog" (WB10WatchDog) - "market maker Software AG" - C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe "WISO Börse Zeitsteuerung" (DPTIMER_WB) - "market maker Software AG" - C:\Programme\WISO\Börse2006\bin\dptimersvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
28.10.2010, 19:40
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus. Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen) Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus den mbrcheck nochmals aus und poste das neue Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.10.2010, 14:15
| #15 |
| | Deutsche Bank 28-TAN-Tableau-Abfrage nach Login Erledigt! Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7A50000 \WINDOWS\system32\KDCOM.DLL
0xF7960000 \WINDOWS\system32\BOOTVID.dll
0xF7420000 ACPI.sys
0xF7A52000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF740F000 pci.sys
0xF7550000 isapnp.sys
0xF7B18000 pciide.sys
0xF77D0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7560000 MountMgr.sys
0xF73F0000 ftdisk.sys
0xF77D8000 PartMgr.sys
0xF7570000 VolSnap.sys
0xF73D8000 atapi.sys
0xF7580000 disk.sys
0xF7590000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B8000 fltmgr.sys
0xF7362000 SYMDS.SYS
0xF7350000 sr.sys
0xF7323000 SYMEFA.SYS
0xF730C000 KSecDD.sys
0xF727F000 Ntfs.sys
0xF7252000 NDIS.sys
0xF75A0000 ohci1394.sys
0xF75B0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7238000 Mup.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6120000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF610C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF60E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF60C0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5FF6000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xF5FD3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF71FC000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xF78F0000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF5EBA000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A6C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78F8000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7900000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\serial.sys
0xF71F0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5EA6000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76E0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7908000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7C8F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7700000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5E8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7710000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7720000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7910000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7918000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7920000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7670000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7928000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7930000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A6E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5E31000 \SystemRoot\system32\DRIVERS\update.sys
0xF79F8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6520000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3573000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF354F000 \SystemRoot\system32\drivers\portcls.sys
0xF7790000 \SystemRoot\system32\drivers\drmk.sys
0xF75E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7ADC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B6D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADE000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7860000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7858000 \SystemRoot\System32\drivers\vga.sys
0xF7AE0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AE2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7898000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7888000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6623000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2155000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7640000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF20FC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF20A5000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS
0xF7730000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF207F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF205A000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF2002000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101028.001\IDSxpx86.sys
0xF1FDA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF1FB8000 \SystemRoot\System32\drivers\afd.sys
0xF344D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF1F99000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0xF7828000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF25DF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF33FD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF1F83000 \SystemRoot\system32\DRIVERS\cmiucr.SYS
0xF33ED000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0xF1F58000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF1EE8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF33DD000 \SystemRoot\System32\Drivers\Fips.SYS
0xF1E8A000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
0xF1E6D000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF1DEE000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0xF1D42000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
0xF78E8000 \SystemRoot\system32\DRIVERS\LHidFlt2.sys
0xF39FB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF2268000 \SystemRoot\system32\DRIVERS\LMouFlt2.sys
0xF1CDF000 \SystemRoot\system32\DRIVERS\rt2500usb.sys
0xF7958000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xF39FF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7AF0000 \SystemRoot\system32\DRIVERS\LKbdFlt2.sys
0xF1CBB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF1CA3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A56000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF39F7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78B8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B7C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9FF6B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF1D36000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E1AA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9D945000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6500000 \SystemRoot\system32\drivers\sysaudio.sys
0x9D79C000 \SystemRoot\System32\Drivers\HTTP.sys
0x9D6CC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF2248000 \SystemRoot\system32\DRIVERS\secdrv.sys
0x9D69C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9CD15000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0x9CB9F000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101028.041\NAVEX15.SYS
0x9CB8B000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101028.041\NAVENG.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 46):
0 System Idle Process
4 System
328 C:\WINDOWS\system32\smss.exe
448 csrss.exe
480 C:\WINDOWS\system32\winlogon.exe
524 C:\WINDOWS\system32\services.exe
536 C:\WINDOWS\system32\lsass.exe
700 C:\WINDOWS\system32\svchost.exe
744 svchost.exe
784 C:\WINDOWS\system32\svchost.exe
864 svchost.exe
892 svchost.exe
1108 C:\WINDOWS\system32\spoolsv.exe
1228 svchost.exe
1312 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
1432 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
1452 C:\Programme\WISO\Börse2006\bin\dptimersvc.exe
1484 C:\WINDOWS\explorer.exe
1612 C:\WINDOWS\system32\svchost.exe
1636 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
1688 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
1728 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe
1852 C:\WINDOWS\system32\nvsvc32.exe
1884 C:\Programme\CyberLink\Shared Files\RichVideo.exe
2028 C:\Programme\Buhl\WISO Börse 2010\bin\watchdog.exe
2016 C:\WINDOWS\RTHDCPL.exe
264 C:\Programme\Home Cinema\PowerCinema\PCMService.exe
456 C:\WINDOWS\system32\CmUCREye.exe
676 C:\WINDOWS\CNYHKey.exe
960 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
904 C:\WINDOWS\system32\wuauclt.exe
1176 C:\Programme\Medion Info Display\MdionLCM.exe
1260 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
380 C:\WINDOWS\mHotkey.exe
1004 C:\PROGRA~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
1896 C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
2076 wmpnetwk.exe
2128 C:\Programme\Windows Media Player\wmpnscfg.exe
2596 C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
2612 C:\Programme\RALINK\Common\RaUI.exe
2848 wmiprvse.exe
2988 alg.exe
3620 C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe
2116 C:\Programme\Mozilla Firefox\firefox.exe
3368 C:\Programme\Mozilla Firefox\plugin-container.exe
2448 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1a8eb800 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32)
PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
|
|
| Themen zu Deutsche Bank 28-TAN-Tableau-Abfrage nach Login |
| 0x00000001, acroiehelpe.dll, adblock, alternate, appconf32.exe, bonjour, browser, components, desktop, deutsche bank, e-banking, error, firefox, firefox.exe, flash player, format, free download, google, helper, home, hängen, install.exe, installation, intrusion prevention, location, logfile, mozilla, msvcp90.dll, nach login, oldtimer, otl logfile, otl scan, otl.exe, plug-in, problem, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, skype.exe, software, stolen.data, symantec, system, system restore, trojan.zbotr.gen, usb, windows internet, wireless lan, wiso, xmldm |
Linear-Darstellung
