Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: 20 Tan Trojaner Sparkasse + Dr Web Cure It fehler

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 01.02.2011, 17:09   #1
bairah
 
20 Tan Trojaner Sparkasse + Dr Web Cure It fehler - Standard

20 Tan Trojaner Sparkasse + Dr Web Cure It fehler



Hallo Trojaner Team,

mich belästigt zur Zeit ein lästiger Trojaner der mich auffordert 20 Tans einzugeben. Diesen habe ich allerdings soweit ich denke entfernen können mit Malwarebytes combofix usw.. jedoch glaube ich das nicht alles weg ist denn wenn ich versuche Dr. Web cure it zu starten wird es direkt wieder geschlossen. Dieser effekt tritt allerdings nicht im Abgesicherten Modus auf.

Betriebssystem Windows 7

Hier ein paar Logs:

GMER:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-01 16:41:56
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80
Running: s9zxcfmn.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\kwtyapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwAllocateVirtualMemory [0xAA0BE088]
SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwCreateThread [0xAA0BF1E0]
SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwCreateThreadEx [0xAA0BF2B6]
SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwFreeVirtualMemory [0xAA0BE306]
SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwQueueApcThread [0xAA0BF2E2]
SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwQueueApcThreadEx [0xAA0BF308]
SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwSetContextThread [0xAA0BF32E]
SSDT            \SystemRoot\system32\drivers\dwprot.sys                                                         ZwWriteVirtualMemory [0xAA0BE416]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                 82E4A599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82E6EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                             82E7674C 4 Bytes  [88, E0, 0B, AA]
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                             82E7685C 8 Bytes  [E0, F1, 0B, AA, B6, F2, 0B, ...] {LOOPNZ 0xfffffffffffffff3; OR EBP, [EDX-0x55f40d4a]}
.text           ntkrnlpa.exe!RtlSidHashLookup + 3FC                                                             82E7690C 4 Bytes  [06, E3, 0B, AA] {PUSH ES; JECXZ 0xe; STOSB }
.text           ntkrnlpa.exe!RtlSidHashLookup + 624                                                             82E76B34 8 Bytes  [E2, F2, 0B, AA, 08, F3, 0B, ...] {LOOP 0xfffffffffffffff4; OR EBP, [EDX-0x55f40cf8]}
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                             82E76BF0 4 Bytes  [2E, F3, 0B, AA]
.text           ...                                                                                             
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                        section is writeable [0x91E1F000, 0x349D76, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                             AA054000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                             AA054123 629 Bytes  [F5, 04, AA, FE, 05, 34, F5, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                             AA054399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                             AA0543FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                             AA0544AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                             
?               system32\drivers\dwprot.sys                                                                     Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Users\Anwender\Desktop\Tools\974trq45.exe[888] USER32.dll!NotifyWinEvent + 48B               76D5F724 4 Bytes  [C2, 0C, 0E, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress]           [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free]                 [66E411EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]   [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [74FB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                          dwprot.sys
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy2                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy2                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy3                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy3                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy4                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy4                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy5                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy5                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy6                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy6                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy7                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy7                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy8                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy8                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy9                                               tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy9                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                         dwprot.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy10                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy10                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy11                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy11                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy12                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy12                                              snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\ACPI_HAL \Device\0000004c                                                               halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy13                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy13                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy20                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy20                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy14                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy14                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy21                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy21                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy15                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy15                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy22                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy22                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy16                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy16                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy23                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy23                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\tdx \Device\Udp                                                                         dwprot.sys
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy17                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy17                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy24                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy24                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy30                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy30                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                       dwprot.sys
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy18                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy18                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy25                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy25                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy31                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy31                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy19                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy19                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy26                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy26                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy32                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy32                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy27                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy27                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy33                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy33                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy40                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy40                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy28                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy28                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy34                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy34                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy41                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy41                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy29                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy29                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy35                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy35                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy42                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy42                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy36                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy36                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy43                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy43                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy37                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy37                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy44                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy44                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy38                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy38                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy45                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy45                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy39                                              tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy39                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \FileSystem\fastfat \Fat                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                        dwprot.sys

---- Threads - GMER 1.0.15 ----

Thread          System [4:2496]                                                                                 AA061F2E

---- EOF - GMER 1.0.15 ----
         
OTL:
Code:
ATTFilter
OTL logfile created on: 01.02.2011 16:42:53 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Anwender\Desktop\Tools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 439,45 Gb Total Space | 329,67 Gb Free Space | 75,02% Space Free | Partition Type: NTFS
Drive D: | 492,06 Gb Total Space | 484,50 Gb Free Space | 98,46% Space Free | Partition Type: NTFS
Drive E: | 112,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 995,70 Mb Total Space | 942,23 Mb Free Space | 94,63% Space Free | Partition Type: FAT
 
Computer Name: PCMERTENS | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Anwender\Desktop\Tools\974trq45.exe ()
PRC - C:\Users\Anwender\Desktop\Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Anwender\Desktop\Tools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe ()
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (APUpdService) -- C:\Windows\System32\APUpdService.exe (cobra GmbH)
SRV - (McAfeeFramework) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (DwProt) --  File not found
DRV - (MxlW2k) -- C:\Windows\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (arusb_win7) -- C:\Windows\System32\drivers\arusb_win7.sys (Atheros Communications, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\Windows\System32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\Windows\System32\drivers\Ambfilt.sys (Creative)
DRV - (ati2mtag) -- C:\Windows\System32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AFS2K) -- C:\Windows\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\System32\drivers\A3AB.sys (D-Link Corporation)
DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\Windows\System32\drivers\LKbdFlt2.sys (Logitech)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.17 09:06:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.20 12:06:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.20 12:06:36 | 000,000,000 | ---D | M]
 
[2010.12.04 16:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2010.11.02 15:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.12.04 16:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\r79v0m5j.default\extensions
[2010.12.04 16:29:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\r79v0m5j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.04 16:29:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\r79v0m5j.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.12.20 12:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.04 15:52:45 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.01 15:50:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.11.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.01 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.01 16:01:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.02.01 16:01:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.02.01 15:55:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.01 15:01:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.01 15:01:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.01 15:01:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.01 15:01:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.01 11:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.01 11:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.01 10:45:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.31 19:32:17 | 000,000,000 | ---D | C] -- C:\Users\Anwender\DoctorWeb
[2011.01.31 17:33:24 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Tools
[2011.01.31 17:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.01.31 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Visd3d
[2011.01.28 18:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.01.28 18:24:42 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.18 14:57:11 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Local\ApplicationHistory
[2011.01.18 13:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2011.01.12 09:21:20 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 09:21:02 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 09:21:02 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 09:21:02 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 09:21:02 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 09:21:02 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 09:21:01 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 09:21:01 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 09:21:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 09:21:01 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 09:21:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.12 09:21:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.12 09:21:01 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.08 12:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011.01.06 18:38:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.01.05 12:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.01.05 12:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.07.26 09:41:18 | 000,822,296 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayerSP115_de.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.01 16:43:59 | 000,684,182 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.01 16:43:59 | 000,641,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.01 16:43:59 | 000,143,110 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.01 16:43:59 | 000,117,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.01 16:19:34 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 16:19:34 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 16:18:55 | 000,007,597 | ---- | M] () -- C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg
[2011.02.01 16:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.01 16:12:08 | 276,947,333 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.01 16:12:05 | 2408,931,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.01 15:50:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.02.01 11:48:10 | 000,001,182 | ---- | M] () -- C:\Users\Anwender\Desktop\Spybot - Search & Destroy.lnk
[2011.01.31 17:41:35 | 000,000,921 | ---- | M] () -- C:\Users\Anwender\Desktop\CCleaner.lnk
[2011.01.31 13:50:00 | 000,054,272 | ---- | M] () -- C:\Users\Anwender\Desktop\Bestandsliste Bikes alt.xls
[2011.01.28 18:26:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.01.26 10:56:00 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2011.01.18 14:57:11 | 000,000,096 | ---- | M] () -- C:\Users\Anwender\AppData\Local\fusioncache.dat
[2011.01.18 13:47:48 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.01.11 14:29:59 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk
[2011.01.10 16:04:23 | 000,025,088 | ---- | M] () -- C:\Users\Anwender\Desktop\PRIVATVERKAUF.doc
[2011.01.05 13:58:29 | 000,002,687 | ---- | M] () -- C:\Users\Anwender\Desktop\Lexware buchh.2011.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.01 16:12:08 | 276,947,333 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.01 15:01:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.01 15:01:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.01 15:01:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.01 15:01:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.01 15:01:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.01 11:48:10 | 000,001,182 | ---- | C] () -- C:\Users\Anwender\Desktop\Spybot - Search & Destroy.lnk
[2011.01.31 17:41:34 | 000,000,921 | ---- | C] () -- C:\Users\Anwender\Desktop\CCleaner.lnk
[2011.01.31 17:27:46 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.01.31 13:50:00 | 000,054,272 | ---- | C] () -- C:\Users\Anwender\Desktop\Bestandsliste Bikes alt.xls
[2011.01.28 18:26:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.01.18 14:57:11 | 000,000,096 | ---- | C] () -- C:\Users\Anwender\AppData\Local\fusioncache.dat
[2011.01.18 13:47:48 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.01.10 16:04:22 | 000,025,088 | ---- | C] () -- C:\Users\Anwender\Desktop\PRIVATVERKAUF.doc
[2011.01.05 13:58:29 | 000,002,687 | ---- | C] () -- C:\Users\Anwender\Desktop\Lexware buchh.2011.lnk
[2011.01.05 12:43:42 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk
[2010.12.19 15:07:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.19 15:07:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.12.19 14:58:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.12.19 14:55:55 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.12.12 13:22:05 | 000,003,584 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 15:36:24 | 000,007,597 | ---- | C] () -- C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg
[2010.12.07 11:34:13 | 000,000,031 | ---- | C] () -- C:\Windows\warhead.ini
[2010.11.03 09:32:42 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.10.21 14:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.08.26 15:37:53 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.08.24 16:48:40 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009.12.30 20:38:13 | 000,000,031 | ---- | C] () -- C:\Windows\APSqlServerUI.INI
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.07.23 15:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\BH_DATA110VC8.dll
[2008.03.03 17:31:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.02.05 22:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Anwender\AppData\Local\setup.txt
[2007.11.15 08:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007.10.26 08:43:37 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2007.03.07 21:28:32 | 000,000,126 | ---- | C] () -- C:\Windows\APDatabaseUI.INI
[2007.01.20 10:27:33 | 000,000,064 | ---- | C] () -- C:\Windows\RestorePath.ini
[2006.11.04 23:16:26 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll
[2006.10.25 10:00:19 | 000,016,384 | ---- | C] () -- C:\Windows\System32\WINKRNME.DLL
[2006.10.25 09:34:23 | 000,000,087 | ---- | C] () -- C:\Windows\VSWizard.ini
[2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2006.01.15 16:06:03 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll
[2006.01.15 16:06:02 | 000,303,104 | ---- | C] () -- C:\Windows\System32\LxImport50VC7.dll
[2006.01.15 16:06:02 | 000,217,088 | ---- | C] () -- C:\Windows\System32\LxImport40VC7.dll
[2006.01.15 16:06:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PXTToolVC7.dll
[2006.01.12 11:05:15 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2006.01.12 11:05:15 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll
[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll
[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll
[2005.04.16 08:22:20 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2005.01.22 12:41:44 | 000,000,021 | ---- | C] () -- C:\Windows\Pcbh32.INI
[2005.01.22 12:07:34 | 000,000,019 | ---- | C] () -- C:\Windows\LxRegi.INI
[2005.01.20 16:31:07 | 000,003,306 | ---- | C] () -- C:\Windows\tm.ini
[2005.01.16 16:48:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL
[2005.01.16 16:48:43 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll
[2005.01.16 16:48:43 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll
[2005.01.16 16:48:43 | 000,015,627 | ---- | C] () -- C:\Windows\System32\WBROLLRS.DLL
[2005.01.16 16:48:42 | 000,237,623 | ---- | C] () -- C:\Windows\System32\dnt26.dll
[2005.01.16 16:48:42 | 000,233,527 | ---- | C] () -- C:\Windows\System32\dnt25.dll
[2005.01.16 16:48:42 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
[2005.01.16 16:48:42 | 000,221,239 | ---- | C] () -- C:\Windows\System32\dnt24.dll
[2005.01.16 16:48:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll
[2005.01.16 16:48:42 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc26.dll
[2005.01.16 16:48:42 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc25.dll
[2005.01.16 16:48:42 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc24.dll
[2005.01.16 16:48:42 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2005.01.16 16:48:42 | 000,073,785 | ---- | C] () -- C:\Windows\System32\dntvm26.dll
[2005.01.16 16:48:42 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm25.dll
[2005.01.16 16:48:42 | 000,069,689 | ---- | C] () -- C:\Windows\System32\dntvm24.dll
[2005.01.16 16:48:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PXTTool.dll
[2005.01.16 16:48:42 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2005.01.16 16:48:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\FKStampPainter.dll
[2005.01.16 16:48:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2005.01.16 16:48:40 | 000,196,688 | ---- | C] () -- C:\Windows\System32\LxImport40.dll
[2005.01.16 16:48:40 | 000,102,458 | ---- | C] () -- C:\Windows\System32\LXDasi20.dll
[2005.01.08 11:42:29 | 000,561,152 | R--- | C] () -- C:\Windows\System32\hpotscl.dll
[2005.01.06 18:49:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2004.12.23 14:33:27 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2004.12.23 09:24:08 | 000,000,831 | ---- | C] () -- C:\Windows\wincmd.ini
[2004.12.22 19:15:08 | 000,003,258 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2004.12.22 19:15:05 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004.12.22 18:38:05 | 000,004,359 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2004.05.06 14:07:32 | 000,241,664 | ---- | C] () -- C:\Windows\System32\dnt26VC7.dll
[2004.05.06 14:05:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc26VC7.dll
[2004.05.06 14:04:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dntvm26VC7.dll
[2001.02.14 16:09:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CHFXGer.dll
 
========== LOP Check ==========
 
[2010.12.04 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Acronis
[2007.11.15 08:16:24 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\DassaultSystemes
[2010.05.03 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\FinalMediaPlayer
[2010.12.04 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Haufe
[2010.12.06 21:26:37 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Leadertech
[2011.01.28 13:20:56 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Lexware
[2010.12.04 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OD2
[2010.12.04 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\PTV AG
[2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Samsung
[2010.12.19 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\ScanSoft
[2010.12.07 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\TeamViewer
[2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\TomTom
[2011.01.31 11:25:00 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Visd3d
[2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\WholeSecurity
[2010.12.04 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wireshark
[2010.12.19 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Zeon
[2009.07.14 05:53:46 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 01.02.2011 16:42:53 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Anwender\Desktop\Tools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 439,45 Gb Total Space | 329,67 Gb Free Space | 75,02% Space Free | Partition Type: NTFS
Drive D: | 492,06 Gb Total Space | 484,50 Gb Free Space | 98,46% Space Free | Partition Type: NTFS
Drive E: | 112,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 995,70 Mb Total Space | 942,23 Mb Free Space | 94,63% Space Free | Partition Type: FAT
 
Computer Name: PCMERTENS | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\PROGRA~1\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger
"C:\Programme\Haufe\iDesk\iDeskService\pythonw.exe" = C:\PROGRA~1\Haufe\iDesk\iDeskService\pythonw.exe:*:Enabled:pythonw
"C:\Programme\IncrediMail\bin\IMApp.exe" = C:\PROGRA~1\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\PROGRA~1\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\PROGRA~1\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Programme\iTunes\iTunes.exe" = C:\PROGRA~1\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\KOCH Media\Schiffe versenken\SeaWar.exe" = C:\PROGRA~1\KOCH Media\Schiffe versenken\SeaWar.exe:*:Disabled:SeaWar 2 -- (Tavex)
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\PROGRA~1\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{06604771-5346-492A-93C1-486B6CCD10AD}" = MP3 Player
"{12B09031-A7E1-43B1-AC8C-A202B676B556}" = RemoteCapture 2.7.3
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1632C6D2-EDA8-4BA3-8CA3-74742C6EE3F5}" = Lexware Elster
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18F1608A-C505-4FAC-9740-A607D02656E3}" = Radrouting 4.0
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21C1E6B6-8796-4EEE-ACF3-F318CEFC257C}" = Lexware buchhalter 2006
"{26866243-CFFE-49C8-9546-3C6918CF8AB7}" = Lexware buchhalter 2007
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31A65C5A-73BF-AEE0-082D-1B6C0B9ACF31}" = AMD Drag and Drop Transcoding
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362BFFCD-8274-11D8-97C8-000129760CBE}" = MediaLife 
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3C2DE16D-F677-4F88-8B6A-31B7F3907B23}" = Lexware buchhalter 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4449B83C-1257-4355-8F3E-71280E922B5F}" = Intel(R) Network Connections 14.7.31.0
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{641FE800-650B-4E99-A304-9D50E7235BAF}" = Topo Deutschland v2
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{6F8A93F7-40A8-486D-B9C2-545F568D50B3}" = Lexware buchhalter 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C4DAB3-F63A-498F-8645-1E8D6B3EC543}" = Lexware info service aktualisierung 2006
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{8018AD38-3EBB-A031-D4F8-EF6A5952F168}" = ATI Catalyst Install Manager
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{86C5FBB1-83D3-4E79-B60C-FB43BF003AE9}" = Lexware know how buchhaltung
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91340052-10BA-4BAC-AC37-B1C04DCE9B59}" = Rad.RoutenPlaner. 6.0
"{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}" = Haufe Formular-Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9762315F-29C6-488C-98D4-80CDE3418102}" = Lexware buchhalter 2006
"{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = File Viewer Utility 1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A5D942B1-E0C7-4AC7-8C2A-E4FD446BD3E2}" = cobra Component Update 02
"{A78119C8-BA61-4BA8-A189-5E667D781248}" = Lexware buchhalter 2005
"{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B6C39270-57A2-46F6-96A1-C73EC1503552}" = Lexware buchhalter plus 2005
"{B8464788-07B3-4760-9D5D-803080D74119}" = Lexware buchhalter 2007
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{C1C241EF-B082-405D-9DDE-12D9ADD0444D}" = .NET Utilities
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4C60C60-C284-4364-A054-89D45AC9CDAE}" = Lexware buchhalter 2005
"{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = CIG
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4877B2E-B268-46C7-9F4F-BE56EC8ED41E}" = Lexware kundenmanager 2006
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F49F760A-05DD-4424-BE2B-E084B9FDA9C0}" = Lexware buchhalter 2006
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"2E1BB806D62AF5E83453BEC215BB32B42DD4F944" = Windows-Treiberpaket - MegaWin (BULKUSB) USB 
"A70_is1" = PC Sport 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"Biketax" = Biketax
"Carrera Streckenplaner_is1" = Carrera Streckenplaner
"CCleaner" = CCleaner
"DC4B79E4E21517EFB0EEF5FE7725D0A37603406F" = Windows-Treiberpaket - VDO/PCS (BULKUSB) USB 
"FinalMediaPlayer_is1" = Final Media Player 2010
"Formular-Manager" = Haufe Formular-Manager
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HaufeReader" = HaufeReader
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{12B09031-A7E1-43B1-AC8C-A202B676B556}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{18F1608A-C505-4FAC-9740-A607D02656E3}" = Radrouting 4.0
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"khb_bh" = Lexware know how buchhaltung
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PhotoRecord" = Canon PhotoRecord
"PROSetDX" = Intel(R) Network Connections 14.7.31.0
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Schiffe versenken" = Schiffe versenken
"sp6" = Logitech SetPoint 6.20
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.0.2
"WinZip" = WinZip
"Wireshark" = Wireshark 1.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Malwarebytes und Combofix finden keine weiteren Infektionen deshalb erspare ich mir mal die Logs dazu

Alt 01.02.2011, 20:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
20 Tan Trojaner Sparkasse + Dr Web Cure It fehler - Standard

20 Tan Trojaner Sparkasse + Dr Web Cure It fehler



Ein Strang reicht!!!

http://www.trojaner-board.de/95281-2...sparkasse.html

__________________

__________________

 

Themen zu 20 Tan Trojaner Sparkasse + Dr Web Cure It fehler
alles weg, bho, bonjour, combofix, corp./icp, desktop, entfernen, error, fehler, firefox, flash player, fontcache, format, google earth, homepage, kunde, location, locker, logfile, microsoft security, mozilla, mp3, nodrives, nvstor.sys, object, oldtimer, otl.exe, programdata, realtek, registry, rundll, saver, scan, searchplugins, secur, security, shell32.dll, software, staropen, start menu, starten, studio, system restore, taskhost.exe, trojaner, visual studio, windows, windows internet



Ähnliche Themen: 20 Tan Trojaner Sparkasse + Dr Web Cure It fehler


  1. Sparkasse Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.09.2014 (5)
  2. Trojaner von Sparkasse
    Log-Analyse und Auswertung - 24.10.2012 (15)
  3. Trojaner Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (6)
  4. Sparkasse Trojaner?
    Log-Analyse und Auswertung - 11.07.2012 (3)
  5. Sparkasse Trojaner TAN
    Log-Analyse und Auswertung - 16.03.2012 (4)
  6. Sparkasse TAN Trojaner - Sparkasse Allgäu - Abfrage von 25 TAN
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (45)
  7. Sparkasse TAN Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (15)
  8. Sparkasse TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (13)
  9. Sparkasse 20 TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.02.2011 (12)
  10. 20 Tan Trojaner Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 02.02.2011 (3)
  11. Sparkasse 40 TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.11.2010 (13)
  12. 20 TAN Trojaner Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (23)
  13. 20 Tan Trojaner Sparkasse usw.
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (1)
  14. Trojaner Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 26.10.2010 (1)
  15. 20 TAN Trojaner Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (19)
  16. 20 Tan Trojaner - Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (31)
  17. DR.WEB Cure-IT, verdächtig SCRIPT:Virus
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (7)

Zum Thema 20 Tan Trojaner Sparkasse + Dr Web Cure It fehler - Hallo Trojaner Team, mich belästigt zur Zeit ein lästiger Trojaner der mich auffordert 20 Tans einzugeben. Diesen habe ich allerdings soweit ich denke entfernen können mit Malwarebytes combofix usw.. jedoch - 20 Tan Trojaner Sparkasse + Dr Web Cure It fehler...
Archiv
Du betrachtest: 20 Tan Trojaner Sparkasse + Dr Web Cure It fehler auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.