Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira meldet Trojaner, Malwarebytes findet nichts (https://www.trojaner-board.de/129755-avira-meldet-trojaner-malwarebytes-findet-nichts.html)

Hauspost 18.01.2013 19:01
Avira meldet Trojaner, Malwarebytes findet nichts
 
Betriebssystem XP Prof SP3, Browser: IE8

Ich arbeite i.d.R. als User, nicht als Admin.

Am 7.1. meldete Avira einen TR/Rogue.kdv.816675. Ab in die Quarantäne! Danach kam ich nicht mehr auf bestimmte Seiten, z.B. auf die Online-Banking-Seite meiner Bank hxxp://https://internetbanking.gad.de/ptlweb/WebPortal?bankid=5103.

Vom Admin aus läuft noch alles.

Am 13.1. meldete Avira einen TR/Crypt.ZPACK.Gen2, am 17.1. einen TR/Kryptik.VN.

Ich machte darauf am 17.1. mit Avira einen Suchlauf über die das gesamte System, der vier Treffer brachte (s. Log).

Der 18. brachte wieder Meldungen über einen TR/Crypt.ZPACK.Gen2 und danach über einen TR/Agent. (Beide Logs liegen bei.)

Ich habe dann vom Admin aus den kompletten Scan mit Malwarebytes bei ausgeschaltetem Avira gemacht. Der findet aber nur einen infizierten Registrierungsschlüssel. (s. Log)

Heute habe ich noch bemerkt, dass vom User aus die Adresse Antivirus Software für mehr Virenschutz im Internet unter Windows und Unix - Avira AntiVir nicht geht, vom Admin hingegen schon.

Vielleicht könnt Ihr mir ja helfen.

Hans-Friedrich

markusg 18.01.2013 19:11
hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Hauspost 19.01.2013 09:04
Hallo Markus,

vielen Dank für die rasche Antwort.

OTL.txtOTL Logfile:
Code:
OTL logfile created on: 19.01.2013 08:38:38 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Dumrese\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,23% Memory free
3,35 Gb Paging File | 2,76 Gb Available in Paging File | 82,48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 164,14 Gb Free Space | 70,48% Space Free | Partition Type: NTFS
 
Computer Name: DUMRESE-PC1 | User Name: Dumrese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.19 08:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dumrese\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 19:36:42 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 19:36:12 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.12.11 19:36:08 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.11 19:36:07 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.18 07:46:01 | 001,989,120 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe
PRC - [2009.12.06 10:22:52 | 000,066,048 | ---- | M] (Blue Onion Software) -- C:\Programme\Desk Drive\DeskDrive.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.29 20:45:08 | 000,815,104 | ---- | M] (DOSPRN) -- C:\Programme\DOSPRN\DOSprn.exe
PRC - [2005.11.05 13:10:06 | 000,480,256 | ---- | M] (Excode Software) -- C:\Programme\Analog Clock\AnalogClock.exe
PRC - [2005.06.02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2005.05.27 09:24:52 | 000,147,456 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003.06.17 08:44:56 | 000,045,056 | ---- | M] (EllSoft Software Development & Design                                  ) -- C:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe
PRC - [2003.04.07 17:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2003.01.03 09:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) -- C:\Programme\Dantz\Retrospect\retrorun.exe
PRC - [1999.06.27 20:38:02 | 000,794,112 | R--- | M] (Fred's Software) -- C:\Programme\Printkey 2000\PRINTKEY2000.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.05.18 07:46:01 | 001,989,120 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe
MOD - [2010.04.02 04:01:27 | 000,569,344 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\ssb3mdu.dll
MOD - [2009.11.19 13:10:25 | 001,384,520 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\SCX3200\SSOle.dll
MOD - [2009.11.19 10:17:59 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssb3ml3.dll
MOD - [2005.01.06 16:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.08.07 14:17:18 | 000,024,576 | ---- | M] () -- C:\Programme\Hewlett-Packard\Precisionscan Pro 3.1\hpgihps.dll
MOD - [2000.04.14 15:50:02 | 000,343,040 | ---- | M] () -- C:\WINDOWS\system32\Lffpx7.dll
MOD - [1998.06.11 13:08:06 | 000,095,232 | ---- | M] () -- C:\WINDOWS\system32\Lfkodak.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.11 19:36:42 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 19:36:08 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.06.02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004.10.26 08:11:10 | 000,327,680 | ---- | M] (Siemens) [On_Demand | Stopped] -- C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe -- (xControlCOM)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003.01.03 09:20:48 | 000,057,344 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Programme\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2003.01.03 09:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Programme\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] --  -- (DXSOFTIO)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.11 19:36:52 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 19:36:52 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.18 09:28:22 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.10.04 12:10:40 | 000,188,160 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2011.10.04 12:10:40 | 000,033,536 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2011.08.13 17:53:31 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2011.08.11 06:46:46 | 000,606,440 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.23 12:40:40 | 000,091,728 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010.11.23 12:40:30 | 000,131,664 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009.10.29 09:45:35 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.01.12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005.02.23 03:36:04 | 000,986,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.11.17 12:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.10.26 08:12:14 | 000,053,632 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Gigusb.sys -- (Gigusb)
DRV - [2004.10.26 08:03:52 | 000,008,448 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DectEnum.sys -- (DectEnum)
DRV - [2004.10.26 08:02:14 | 000,113,408 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\siellif.sys -- (siellif)
DRV - [2004.09.08 15:22:04 | 000,050,759 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys -- (IUAPIWDM)
DRV - [2004.09.08 15:22:02 | 000,263,751 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hrcmpa.sys -- (HRCMPA)
DRV - [2004.09.08 15:21:58 | 000,041,037 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ndiscapi.sys -- (NDISCAPI)
DRV - [2004.09.08 15:21:54 | 000,028,740 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\capi.sys -- (CAPI)
DRV - [2003.12.23 05:32:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003.08.21 16:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003.04.14 15:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX)
DRV - [1999.09.10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {794B1FED-3A3B-4308-B326-FB64D9D29373}
IE - HKCU\..\SearchScopes\{2126646D-2AA2-4F2D-B51F-0F5455629CC9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{794B1FED-3A3B-4308-B326-FB64D9D29373}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{89140C6F-A6F8-4A59-B101-8976C2D3368B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Programme\Mozilla Firefox\Components [2007.11.23 15:24:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Programme\Mozilla Firefox\Plugins [2011.07.02 16:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Programme\Mobile Master\ext\1\ [2012.12.22 16:15:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Programme\Mozilla Firefox\Components [2007.11.23 15:24:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Programme\Mozilla Firefox\Plugins [2011.07.02 16:00:35 | 000,000,000 | ---D | M]
 
[2011.01.18 21:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Extensions
[2011.01.18 21:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
[2012.04.30 14:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions
[2012.04.30 14:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.04.01 15:48:17 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}
[2012.04.30 14:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\staged-xpis
[2009.03.18 13:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2012.04.30 14:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.29 04:53:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.29 04:53:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006.10.12 06:31:01 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll
[2006.10.12 06:31:02 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll
[2006.10.12 06:31:01 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll
[2012.04.29 04:53:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2004.06.09 16:03:02 | 000,832,728 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NPSWF32.dll
[2006.10.12 06:31:05 | 000,000,680 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-de.png
[2006.10.12 06:31:05 | 000,000,804 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-de.src
[2006.10.12 06:31:05 | 000,000,210 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.gif
[2006.10.12 06:31:05 | 000,001,075 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.src
[2006.10.12 06:31:05 | 000,001,076 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-de.gif
[2006.10.12 06:31:05 | 000,000,879 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-de.src
[2006.10.12 06:31:05 | 000,000,232 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.png
[2006.10.12 06:31:05 | 000,001,157 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.src
[2006.10.12 06:31:05 | 000,000,088 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.gif
[2006.10.12 06:31:05 | 000,001,147 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.src
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WRShell.BHO) - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()
O3 - HKLM\..\Toolbar: (Web-Recherche-Bearbeitungsleiste) - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O3 - HKLM\..\Toolbar: (Web-Recherche-Symbolleiste) - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [3200 Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [Samsung PanelMgr] d:\Application\SPanel\PanelMgr\SSMMgr.exe /autorun File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [AnalogClock] C:\Programme\Analog Clock\AnalogClock.exe (Excode Software)
O4 - HKCU..\Run: [DeskDriveStartup] C:\Programme\Desk Drive\DeskDrive.exe (Blue Onion Software)
O4 - Startup: C:\Dokumente und Einstellungen\Dumrese\Startmenü\Programme\Autostart\CAPI - Monitor.lnk = C:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe (EllSoft Software Development & Design                                  )
O4 - Startup: C:\Dokumente und Einstellungen\Dumrese\Startmenü\Programme\Autostart\DOSPRN.lnk = C:\Programme\DOSPRN\DOSprn.exe (DOSPRN)
O4 - Startup: C:\Dokumente und Einstellungen\Dumrese\Startmenü\Programme\Autostart\PRINTKEY2000.lnk = C:\Programme\Printkey 2000\PRINTKEY2000.EXE (Fred's Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Web-Recherche: Bild speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Bild speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Link-Adresse speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Markierte Ziele speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Markierung speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Markierung speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Ziel speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: Web-Recherche: Ziel speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()
O15 - HKCU\..Trusted Domains: dumrese-pc1 ([]file in Vertrauenswürdige Sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147504594645 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218482213968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{257DA1AF-4336-48B3-8040-D63390A71D88}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25C1761-DA32-400B-9A41-E0482D923924}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.03 10:42:47 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b3db3db9-1601-11e1-be2d-000fea387047}\Shell - "" = AutoRun
O33 - MountPoints2\{b3db3db9-1601-11e1-be2d-000fea387047}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3db3db9-1601-11e1-be2d-000fea387047}\Shell\AutoRun\command - "" = F:\SafeStick.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Dumrese^Startmenü^Programme^Autostart^CAPI - Monitor.lnk - C:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe - (EllSoft Software Development & Design                                  )
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.19 08:36:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dumrese\Desktop\OTL.exe
[2013.01.18 14:19:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Malwarebytes
[2013.01.18 14:19:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.18 14:19:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.18 14:19:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.12.28 13:00:54 | 000,000,000 | ---D | C] -- C:\Programme\dvd43
[2012.12.28 12:17:36 | 000,246,784 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\ActiveSkin.ocx
[2012.12.22 18:40:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\GetRightToGo
[2012.12.22 18:40:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dumrese\Eigene Dateien\Downloads
[2012.12.22 16:15:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Jumping Bytes
[2012.12.20 11:21:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MHST
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.19 08:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dumrese\Desktop\OTL.exe
[2013.01.19 08:22:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.19 08:17:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.19 08:17:37 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.18 20:54:05 | 000,009,271 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2013.01.18 14:19:25 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.18 07:32:37 | 000,002,349 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\Desktop\Retrospect 6.0.lnk
[2013.01.09 07:45:10 | 000,467,608 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 07:45:10 | 000,448,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 07:45:10 | 000,088,464 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 07:45:10 | 000,074,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.12.21 11:36:47 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.20 11:18:42 | 000,131,948 | -H-- | M] () -- C:\treeinfo.wc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.18 14:19:25 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.28 12:17:36 | 000,162,304 | ---- | C] () -- C:\UNWISE.EXE
[2012.12.28 12:17:36 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2012.11.18 18:45:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2012.11.18 18:45:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2012.11.18 18:44:53 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\$_hpcst$.hpc
[2012.11.08 15:06:07 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012.09.15 15:07:52 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2012.09.15 15:07:52 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2012.09.15 15:07:52 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2012.09.13 06:04:41 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012.09.12 20:04:37 | 000,000,022 | -HS- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Sys6925.Config Collection.sys
[2012.09.12 19:32:51 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin
[2012.07.13 06:04:00 | 000,000,022 | -HS- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Windows1569_SettingsRepository.bin
[2012.02.16 09:53:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.10 12:35:28 | 000,012,617 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\SmarThruOptions.xml
[2012.01.10 12:34:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2012.01.10 12:34:54 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2012.01.10 12:30:43 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2012.01.10 12:30:03 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2012.01.07 11:41:09 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssb3ml3.dll
[2012.01.07 11:37:20 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2012.01.07 11:37:20 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2012.01.07 11:37:20 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2012.01.07 11:37:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2012.01.07 11:37:19 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2012.01.05 17:03:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012.01.04 06:27:56 | 000,000,471 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011.07.02 15:44:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.07.02 15:44:02 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.07.02 15:44:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.07.02 15:44:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.07.02 15:44:02 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.07.02 15:44:02 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.07.02 15:44:02 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.07.02 15:44:02 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.07.02 15:44:02 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.07.02 15:44:02 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.07.02 15:44:02 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.07.02 15:44:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.07.02 15:44:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.07.02 15:44:02 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.07.02 15:44:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.07.02 15:44:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.07.02 15:44:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.07.02 15:44:02 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.07.02 15:44:02 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.04.15 04:30:00 | 000,079,296 | ---- | C] () -- C:\WINDOWS\System32\wr4zlib.dll
[2009.06.29 05:38:12 | 000,007,264 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2008.04.09 16:17:33 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.06 07:42:53 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.06.09 17:21:21 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\.java.policy
[2006.06.02 17:46:24 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\cntp.ini
[2006.05.13 08:40:11 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.05.13 08:23:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007.01.03 07:52:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2012.04.04 19:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2007.12.09 21:31:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2011.05.07 15:29:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FilerFrog
[2012.02.11 17:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2009.02.22 12:19:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2012.12.20 11:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MHST
[2012.11.18 18:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Master
[2013.01.18 07:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Retrospect
[2012.11.18 18:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2007.07.30 18:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2006.06.03 11:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sokoban++
[2012.09.12 19:26:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.09.12 19:26:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{527EE0A6-618B-4814-8449-DB8C2DBEE577}
[2012.02.11 17:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Buhl Data Service
[2012.01.03 10:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\eM Client for SoftMaker
[2012.12.22 18:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\GetRightToGo
[2012.12.22 16:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Jumping Bytes
[2006.05.26 14:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Leadertech
[2008.12.31 10:29:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Lexware
[2012.11.30 11:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\ML
[2012.12.22 16:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mobile Master
[2009.05.21 12:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\NoteTab Pro
[2006.10.15 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Ordner HP Share-to-Web
[2008.07.29 09:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\PC Suite
[2012.11.18 18:44:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Samsung
[2007.07.30 18:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\ScanSoft
[2009.07.18 14:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\SmartTools
[2012.09.12 19:24:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\SoftMaker
[2006.06.03 11:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Sokoban++
[2012.01.04 06:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\TeamViewer
[2011.02.13 14:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\TotalRecorder
[2009.12.06 10:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\TweakNow PowerPack 2009
[2011.11.12 15:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Web-Recherche
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.01.09 07:45:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.09.16 17:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.09.21 21:11:47 | 000,000,000 | ---D | M] -- C:\PMAIL
[2012.01.10 12:31:55 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.01.18 14:19:22 | 000,000,000 | R--D | M] -- C:\Programme
[2012.06.09 08:21:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013.01.17 21:32:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.18 07:30:34 | 000,000,000 | ---D | M] -- C:\Temp
[2013.01.18 13:02:43 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 06:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 06:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2004.10.26 08:11:42 | 000,122,880 | ---- | M] (Siemens AG) -- C:\Windows\system32\homertsp.tsp
[2008.04.14 06:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 06:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 06:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 06:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 06:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[13 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.05.13 07:57:24 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.05.13 08:06:13 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.05.13 09:47:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.05.13 09:47:41 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.05.13 09:47:41 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[1 C:\WINDOWS\System32\config\*.tmp files -> C:\WINDOWS\System32\config\*.tmp -> ]
 
< %systemroot%\system32\*.dll /lockedfiles >
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2006.06.09 17:21:21 | 000,000,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\.java.policy
[2013.01.18 20:54:16 | 003,670,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\ntuser.dat
[2012.02.03 07:34:09 | 003,670,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\NTUSER.DAT.bak_jv16pt
[2013.01.19 08:38:40 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Dumrese\ntuser.dat.LOG
[2009.07.30 21:17:21 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Dumrese\NTUSER.DAT.tmp.LOG
[2013.01.18 20:54:16 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Dumrese\ntuser.ini
[2012.11.08 15:19:38 | 000,000,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\results.txt
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
--- --- ---


Extras.txtOTL Logfile:
Code:
OTL Extras logfile created on: 19.01.2013 08:38:38 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Dumrese\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,23% Memory free
3,35 Gb Paging File | 2,76 Gb Available in Paging File | 82,48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 164,14 Gb Free Space | 70,48% Space Free | Partition Type: NTFS
 
Computer Name: DUMRESE-PC1 | User Name: Dumrese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.txt [@ = ntpfile] -- C:\Programme\NoteTab Pro 6\NotePro.exe (Fookes Holding Ltd)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\FAZ\xsearch\XWeb.exe" = D:\FAZ\xsearch\XWeb.exe:*:Enabled:X-Web WWW Server
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Programme\Steuer 2011\on4u3\bdmsc.exe" = C:\Programme\Steuer 2011\on4u3\bdmsc.exe:*:Enabled:bdmsc.exe -- (Buhl Data Service GmbH)
"C:\Programme\Steuer 2011\stman2012.exe" = C:\Programme\Steuer 2011\stman2012.exe:*:Enabled:Steuermanager -- ()
"C:\Programme\Steuer 2011\on4u3\bdrm.dll" = C:\Programme\Steuer 2011\on4u3\bdrm.dll:*:Enabled:bdrm.dll -- (Buhl Data Service GmbH)
"C:\Programme\Steuer 2011\wmain12.dll" = C:\Programme\Steuer 2011\wmain12.dll:*:Enabled:wmain12.dll -- ()
"C:\Programme\Wireless LAN Utility\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Programme\Wireless LAN Utility\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Audacity\audacity.exe" = C:\Programme\Audacity\audacity.exe:*:Enabled:Audacity -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06C265CF-F924-491E-8E6C-288460CB5E30}" = Desk Drive
"{0821727B-B0EF-4F2A-AD52-4998BC0CAEE4}" = Mobile Master
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210E1E65-8A23-43ED-8043-D51C655B97D3}" = MP3-Tag-Editor
"{23236FC2-648D-4ACF-AD16-68492D0F0AC9}" = FileBox eXtender
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AAFCB5F-5166-46EC-A521-E363C6950A94}" = Steuer Update 15.01
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"{4160BDED-8EB9-47E1-8348-750F58C5E351}" = Intel® Integrated Performance Primitives RTI 4.1 for Windows* on Intel® Pentium® processors
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5D05BF5C-C548-4901-81B8-E2BDDCA39D0B}" = talk&surf 6.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87001C85-FF5F-42F9-B78A-114A7ED373BE}" = ScanSoft PDF Converter
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012
"{8F3AA869-0769-4336-A1C1-3832D764EE29}" = ScanSoft OmniPage Pro 14.0
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{93973C6B-F862-4C16-84D1-7B675D650103}" = CANON iMAGE GATEWAY Task
"{99E67091-D392-4031-AD2A-E9547F3615F8}" = Minolta DiMAGE Webcam Treiber
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BC481-AE76-49D3-913C-D901D8CFDFCA}" = ScanSoft PDF Printer
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A30B27FF-8C79-424A-89B4-43AD712A41ED}" = Steuer 2005
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{AC76BA86-7AD7-1031-7B44-A70700000002}" = Adobe Reader 7.0.7 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C081C7BF-86B9-453D-A91B-1DDC8204E9FA}" = Web-Recherche 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (G)
"{C4354214-B919-4C8F-84EB-4F9B84ACC02C}" = Retrospect 6.0
"{C9246F7F-0BA3-45C7-8B49-A69F0273FA69}" = NOXON DAB MediaPlayer
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E443A61D-26C7-43AA-A2C1-36CAE266B883}" = eM Client
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{ECA1A439-7CED-4F32-8551-AD7999306C4A}" = talk&surf CAPI
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1ACA630-D5A9-45BC-961F-0CFF5CE3DBD0}" = Gigaset SX2x5isdn / 417x / 307x
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Analog Clock_is1" = Analog Clock 2.2 FREEWARE
"ANNO1602" = Anno 1602
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CUEcards 2000" = CUEcards 2000
"Cyber-D's Autodelete" = Cyber-D's Autodelete 1.01
"Defraggler" = Defraggler (remove only)
"DOSPRN_is1" = DOSPRN 1.79
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"Euro-Wörterbuch 2001" = Euro-Wörterbuch 2001
"FileBox eXtender" = FileBox eXtender
"FixFoto Erweiterungen_is1" = FixFoto Erweiterungen 2.79
"FixFoto Masken_is1" = FixFoto Masken 3.00
"FixFoto Objektiv-Korrekturdaten_is1" = FixFoto Objektiv-Korrekturdaten 2.79
"FixFoto Power Modul_is1" = FixFoto Power Modul 2.79
"FixFoto_is1" = FixFoto 3.00
"FixFoto-CD_is1" = FixFoto 3.00
"FreePDF_XP" = FreePDF XP (Remove only)
"GEKKO Mahjongg" = Gekko Mahjongg
"Horlands Scan2Pdf_is1" = Horland's Scan2Pdf
"HoverIP_is1" = HoverIP v1.0 beta
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{93973C6B-F862-4C16-84D1-7B675D650103}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools 2011" = jv16 PowerTools 2012
"Kalua Cocktails 98" = Kalua Cocktails 98
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Master" = Mobile Master 8.5.9
"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MXOFX" = USB Storage Adapter FX (MXO)
"Nero - Burning Rom!UninstallKey" = Nero 6
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NoteTab Pro 6_is1" = NoteTab Pro 6 (Remove only)
"NOXON DAB Stick" = NOXON DAB Stick V86.001.0930.2011
"Passage 3" = PASSAGE 3
"PDFrizator_is1" = PDFrizator 0.5.0.3
"pdfsam" = pdfsam
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"Pegasus Mail" = Pegasus Mail
"Picasa 3" = Picasa 3
"PrintFile" = PrintFile
"ProgDVB" = ProgDVB
"QIP2005" = QIP 2005 Uninstall
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RegScanner" = RegScanner
"s25atonce_is1" = s25atonce 3.0.1
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Shockwave" = Shockwave
"Shutdown Element 2007_is1" = Shutdown Element 2007
"SokobanPP" = Sokoban++ (remove only)
"Spectrum Lab_is1" = Spectrum Lab V2.76
"Sprüche- und Zitate-Lexikon 4.0" = Sprüche- und Zitate-Lexikon 4.0
"Streamripper.Plugin" = Streamripper Plugin 1.61.27 (Remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TotalRecorder" = Total Recorder 8.2
"Tweak UI 2.10" = Tweak UI
"TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy
"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Xaldon WebSpider 2" = Xaldon WebSpider 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"QUICKMEDIACONVERTER" = Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.01.2013 08:55:08 | Computer Name = DUMRESE-PC1 | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 18.01.2013 09:18:32 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 18.01.2013 10:54:33 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 18.01.2013 12:29:33 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 18.01.2013 14:42:42 | Computer Name = DUMRESE-PC1 | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
 hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
 oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
 
Error - 18.01.2013 14:42:42 | Computer Name = DUMRESE-PC1 | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 18.01.2013 15:31:37 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 19.01.2013 03:18:31 | Computer Name = DUMRESE-PC1 | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
 hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
 oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
 
Error - 19.01.2013 03:18:31 | Computer Name = DUMRESE-PC1 | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 19.01.2013 03:22:13 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
[ System Events ]
Error - 08.01.2013 17:54:11 | Computer Name = DUMRESE-PC1 | Source = DCOM | ID = 10010
Description = Der Server "{B801CA65-A1FC-11D0-85AD-444553540000}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 14.01.2013 09:11:30 | Computer Name = DUMRESE-PC1 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
 Bibliothek USB 2.0 USB Flash Drive USB Device nicht laden.
 
Error - 14.01.2013 09:11:31 | Computer Name = DUMRESE-PC1 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
 Bibliothek USB 2.0 USB Flash Drive USB Device nicht laden.
 
 
< End of report >
--- --- ---

Hans-Friedrich

markusg 19.01.2013 20:23
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Hauspost 20.01.2013 10:49
Markus,


zwei Bemerkungen vorab:

1. Der Virus steckt im User-Konto. Ich führe die von Dir genannten Programme immer als Admin aus. Ich hoffe, das ist ok.

2. Eben habe ich mit Regseeker meine Autostart-Einträge auf dem User-Konto untersicht. Regseeker meldet im Schlüssel "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" einen Eintrag namens "Avektum" mit dem Wert "C:\Dokumente und Einstellungen\Hans-Friedrich\Anwendungsdaten\Cizime\ucgyt.exe".

Das Verzeichnis ...\Anwendungsdaten\Cizime ist vom 7.1.2013 17:28. Avira meldete den ersten Trojaner lt. Logdatei um 17:29! "ucgyt.exe" hat eine Größe von 262.656 und das Datum 07.03.2011 00:45.

Daneben befinden sich in Verzeichnis "Anwendungsdaten" noch zwei andere verdächtige Verzeichnisse
  • Akly vom 19.01.2013 12:44, leer
  • Tuefys vom 07.01.2013 17:28, darin qapaa.ixg 221.293 07.01.2013 17:28

und eine Datei $_hpcst$.hpc 2.528 18.11.2012 20:36.


Jetzt aber zur TDSSKiller.2.8.15.0_20.01.2013_10.19.36_log.txt:


10:19:36.0546 0552 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:19:38.0546 0552 ============================================================
10:19:38.0546 0552 Current date / time: 2013/01/20 10:19:38.0546
10:19:38.0546 0552 SystemInfo:
10:19:38.0546 0552
10:19:38.0546 0552 OS Version: 5.1.2600 ServicePack: 3.0
10:19:38.0546 0552 Product type: Workstation
10:19:38.0546 0552 ComputerName: DUMRESE-PC1
10:19:38.0546 0552 UserName: Dumrese
10:19:38.0546 0552 Windows directory: C:\WINDOWS
10:19:38.0546 0552 System windows directory: C:\WINDOWS
10:19:38.0546 0552 Processor architecture: Intel x86
10:19:38.0546 0552 Number of processors: 2
10:19:38.0546 0552 Page size: 0x1000
10:19:38.0546 0552 Boot type: Normal boot
10:19:38.0546 0552 ============================================================
10:19:39.0171 0552 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:19:39.0171 0552 ============================================================
10:19:39.0171 0552 \Device\Harddisk0\DR0:
10:19:39.0171 0552 MBR partitions:
10:19:39.0171 0552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
10:19:39.0171 0552 ============================================================
10:19:39.0218 0552 C: <-> \Device\Harddisk0\DR0\Partition1
10:19:39.0218 0552 ============================================================
10:19:39.0218 0552 Initialize success
10:19:39.0218 0552 ============================================================
10:19:58.0703 3996 ============================================================
10:19:58.0703 3996 Scan started
10:19:58.0703 3996 Mode: Manual; SigCheck; TDLFS;
10:19:58.0703 3996 ============================================================
10:19:58.0968 3996 ================ Scan system memory ========================
10:19:58.0984 3996 System memory - ok
10:19:58.0984 3996 ================ Scan services =============================
10:19:59.0171 3996 Abiosdsk - ok
10:19:59.0187 3996 abp480n5 - ok
10:19:59.0218 3996 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:20:01.0843 3996 ACPI - ok
10:20:01.0890 3996 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:20:02.0093 3996 ACPIEC - ok
10:20:02.0093 3996 adpu160m - ok
10:20:02.0125 3996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:20:02.0312 3996 aec - ok
10:20:02.0359 3996 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:20:02.0390 3996 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:20:02.0390 3996 AegisP - detected UnsignedFile.Multi.Generic (1)
10:20:02.0437 3996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:20:02.0531 3996 AFD - ok
10:20:02.0578 3996 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:20:02.0718 3996 agp440 - ok
10:20:02.0718 3996 Aha154x - ok
10:20:02.0734 3996 aic78u2 - ok
10:20:02.0734 3996 aic78xx - ok
10:20:02.0859 3996 [ 933933288DF5ED26D1928215C97D05C7 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:20:03.0078 3996 ALCXWDM - ok
10:20:03.0125 3996 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:20:03.0281 3996 Alerter - ok
10:20:03.0312 3996 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
10:20:03.0406 3996 ALG - ok
10:20:03.0406 3996 AliIde - ok
10:20:03.0421 3996 amsint - ok
10:20:03.0562 3996 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:20:03.0625 3996 AntiVirSchedulerService - ok
10:20:03.0656 3996 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:20:03.0671 3996 AntiVirService - ok
10:20:03.0734 3996 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:20:03.0843 3996 AppMgmt - ok
10:20:03.0843 3996 asc - ok
10:20:03.0859 3996 asc3350p - ok
10:20:03.0859 3996 asc3550 - ok
10:20:03.0890 3996 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
10:20:03.0921 3996 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
10:20:03.0921 3996 Aspi32 - detected UnsignedFile.Multi.Generic (1)
10:20:04.0046 3996 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:20:04.0093 3996 aspnet_state - ok
10:20:04.0125 3996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:20:04.0281 3996 AsyncMac - ok
10:20:04.0328 3996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:20:04.0484 3996 atapi - ok
10:20:04.0484 3996 Atdisk - ok
10:20:04.0546 3996 [ D6C058E35B19F2999966E85433AFD760 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:20:04.0625 3996 Ati HotKey Poller - ok
10:20:04.0671 3996 [ 451D52EB47EBD597DB35B9AE2DB9BD3D ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
10:20:04.0734 3996 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
10:20:04.0734 3996 ATI Smart - detected UnsignedFile.Multi.Generic (1)
10:20:04.0781 3996 [ 56C198EC46B4AD3153AA748C89178E86 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:20:04.0859 3996 ati2mtag - ok
10:20:04.0921 3996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:20:05.0093 3996 Atmarpc - ok
10:20:05.0140 3996 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:20:05.0281 3996 AudioSrv - ok
10:20:05.0328 3996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:20:05.0453 3996 audstub - ok
10:20:05.0515 3996 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:20:05.0609 3996 avgntflt - ok
10:20:05.0656 3996 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:20:05.0703 3996 avipbb - ok
10:20:05.0718 3996 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:20:05.0750 3996 avkmgr - ok
10:20:05.0812 3996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:20:05.0968 3996 Beep - ok
10:20:06.0015 3996 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
10:20:06.0203 3996 BITS - ok
10:20:06.0250 3996 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
10:20:06.0343 3996 Browser - ok
10:20:06.0390 3996 [ C915AC58E7B49AE3CBFD88D544AC8BA1 ] CAPI C:\WINDOWS\system32\DRIVERS\capi.sys
10:20:06.0421 3996 CAPI ( UnsignedFile.Multi.Generic ) - warning
10:20:06.0421 3996 CAPI - detected UnsignedFile.Multi.Generic (1)
10:20:06.0468 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:20:06.0625 3996 cbidf2k - ok
10:20:06.0703 3996 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe
10:20:06.0734 3996 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
10:20:06.0734 3996 CCALib8 - detected UnsignedFile.Multi.Generic (1)
10:20:06.0750 3996 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:20:06.0890 3996 CCDECODE - ok
10:20:06.0906 3996 cd20xrnt - ok
10:20:06.0937 3996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:20:07.0109 3996 Cdaudio - ok
10:20:07.0156 3996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:20:07.0312 3996 Cdfs - ok
10:20:07.0343 3996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:20:07.0500 3996 Cdrom - ok
10:20:07.0515 3996 Changer - ok
10:20:07.0546 3996 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:20:07.0718 3996 CiSvc - ok
10:20:07.0734 3996 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:20:07.0906 3996 ClipSrv - ok
10:20:07.0937 3996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:20:08.0031 3996 clr_optimization_v2.0.50727_32 - ok
10:20:08.0031 3996 CmdIde - ok
10:20:08.0046 3996 COMSysApp - ok
10:20:08.0062 3996 Cpqarray - ok
10:20:08.0093 3996 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:20:08.0250 3996 CryptSvc - ok
10:20:08.0265 3996 dac2w2k - ok
10:20:08.0265 3996 dac960nt - ok
10:20:08.0328 3996 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:20:08.0390 3996 DcomLaunch - ok
10:20:08.0437 3996 [ 98658CDA02BCA0EB31097BC2858E747C ] DectEnum C:\WINDOWS\system32\Drivers\DectEnum.sys
10:20:08.0453 3996 DectEnum ( UnsignedFile.Multi.Generic ) - warning
10:20:08.0453 3996 DectEnum - detected UnsignedFile.Multi.Generic (1)
10:20:08.0515 3996 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
10:20:08.0546 3996 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
10:20:08.0546 3996 DgiVecp - detected UnsignedFile.Multi.Generic (1)
10:20:08.0593 3996 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:20:08.0750 3996 Dhcp - ok
10:20:08.0796 3996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:20:08.0968 3996 Disk - ok
10:20:08.0968 3996 dmadmin - ok
10:20:09.0015 3996 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:20:09.0218 3996 dmboot - ok
10:20:09.0234 3996 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:20:09.0375 3996 dmio - ok
10:20:09.0390 3996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:20:09.0546 3996 dmload - ok
10:20:09.0593 3996 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:20:09.0734 3996 dmserver - ok
10:20:09.0765 3996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:20:09.0937 3996 DMusic - ok
10:20:09.0984 3996 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:20:10.0109 3996 Dnscache - ok
10:20:10.0140 3996 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:20:10.0328 3996 Dot3svc - ok
10:20:10.0343 3996 dpti2o - ok
10:20:10.0375 3996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:20:10.0515 3996 drmkaud - ok
10:20:10.0515 3996 DXSOFTIO - ok
10:20:10.0546 3996 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:20:10.0718 3996 EapHost - ok
10:20:10.0765 3996 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:20:10.0906 3996 ERSvc - ok
10:20:10.0968 3996 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
10:20:11.0000 3996 Eventlog - ok
10:20:11.0062 3996 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
10:20:11.0140 3996 EventSystem - ok
10:20:11.0187 3996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:20:11.0343 3996 Fastfat - ok
10:20:11.0390 3996 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:20:11.0500 3996 FastUserSwitchingCompatibility - ok
10:20:11.0531 3996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:20:11.0671 3996 Fdc - ok
10:20:11.0687 3996 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:20:11.0843 3996 Fips - ok
10:20:11.0859 3996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:20:12.0015 3996 Flpydisk - ok
10:20:12.0062 3996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:20:12.0250 3996 FltMgr - ok
10:20:12.0312 3996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:20:12.0343 3996 FontCache3.0.0.0 - ok
10:20:12.0390 3996 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
10:20:12.0421 3996 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
10:20:12.0421 3996 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
10:20:12.0453 3996 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
10:20:12.0468 3996 FsUsbExService - ok
10:20:12.0468 3996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:20:12.0625 3996 Fs_Rec - ok
10:20:12.0640 3996 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:20:12.0781 3996 Ftdisk - ok
10:20:12.0812 3996 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
10:20:12.0953 3996 gameenum - ok
10:20:13.0015 3996 [ 3166D34B1CC23BE75D5A9BD09775EE7B ] Gigusb C:\WINDOWS\system32\Drivers\Gigusb.sys
10:20:13.0046 3996 Gigusb ( UnsignedFile.Multi.Generic ) - warning
10:20:13.0046 3996 Gigusb - detected UnsignedFile.Multi.Generic (1)
10:20:13.0093 3996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:20:13.0265 3996 Gpc - ok
10:20:13.0312 3996 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:20:13.0343 3996 gusvc - ok
10:20:13.0437 3996 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:20:13.0578 3996 helpsvc - ok
10:20:13.0625 3996 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
10:20:13.0765 3996 HidServ - ok
10:20:13.0812 3996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:20:13.0953 3996 HidUsb - ok
10:20:14.0000 3996 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:20:14.0156 3996 hkmsvc - ok
10:20:14.0171 3996 hpn - ok
10:20:14.0218 3996 [ 3CA6111453436CAF0681F343D5F0000C ] HRCMPA C:\WINDOWS\system32\DRIVERS\hrcmpa.sys
10:20:14.0265 3996 HRCMPA ( UnsignedFile.Multi.Generic ) - warning
10:20:14.0265 3996 HRCMPA - detected UnsignedFile.Multi.Generic (1)
10:20:14.0312 3996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:20:14.0375 3996 HTTP - ok
10:20:14.0390 3996 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:20:14.0546 3996 HTTPFilter - ok
10:20:14.0578 3996 [ 448BB2FE30F1DDE9EAA4F0E87B52B687 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys
10:20:14.0609 3996 hwinterface ( UnsignedFile.Multi.Generic ) - warning
10:20:14.0609 3996 hwinterface - detected UnsignedFile.Multi.Generic (1)
10:20:14.0625 3996 i2omgmt - ok
10:20:14.0625 3996 i2omp - ok
10:20:14.0656 3996 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:20:14.0812 3996 i8042prt - ok
10:20:14.0921 3996 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:20:14.0953 3996 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:20:14.0953 3996 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:20:15.0031 3996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:20:15.0125 3996 idsvc - ok
10:20:15.0203 3996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:20:15.0343 3996 Imapi - ok
10:20:15.0390 3996 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
10:20:15.0546 3996 ImapiService - ok
10:20:15.0593 3996 [ C46E8CF2BF9688D5332DD14CF42ACD61 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
10:20:15.0640 3996 incdrm ( UnsignedFile.Multi.Generic ) - warning
10:20:15.0640 3996 incdrm - detected UnsignedFile.Multi.Generic (1)
10:20:15.0640 3996 ini910u - ok
10:20:15.0671 3996 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:20:15.0828 3996 IntelIde - ok
10:20:15.0875 3996 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:20:16.0015 3996 intelppm - ok
10:20:16.0046 3996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:20:16.0234 3996 Ip6Fw - ok
10:20:16.0265 3996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:20:16.0406 3996 IpFilterDriver - ok
10:20:16.0421 3996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:20:16.0578 3996 IpInIp - ok
10:20:16.0609 3996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:20:16.0765 3996 IpNat - ok
10:20:16.0796 3996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:20:16.0937 3996 IPSec - ok
10:20:16.0968 3996 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:20:17.0062 3996 IRENUM - ok
10:20:17.0093 3996 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:20:17.0265 3996 isapnp - ok
10:20:17.0312 3996 [ BA82938F02E7DEFFD2B33C8E56348F68 ] IUAPIWDM C:\WINDOWS\system32\DRIVERS\IUAPIWDM.sys
10:20:17.0343 3996 IUAPIWDM ( UnsignedFile.Multi.Generic ) - warning
10:20:17.0343 3996 IUAPIWDM - detected UnsignedFile.Multi.Generic (1)
10:20:17.0484 3996 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
10:20:17.0500 3996 JavaQuickStarterService - ok
10:20:17.0546 3996 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:20:17.0703 3996 Kbdclass - ok
10:20:17.0734 3996 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:20:17.0890 3996 kbdhid - ok
10:20:17.0921 3996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:20:18.0093 3996 kmixer - ok
10:20:18.0156 3996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:20:18.0281 3996 KSecDD - ok
10:20:18.0312 3996 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:20:18.0359 3996 lanmanserver - ok
10:20:18.0421 3996 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:20:18.0468 3996 lanmanworkstation - ok
10:20:18.0484 3996 lbrtfdc - ok
10:20:18.0531 3996 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:20:18.0687 3996 LmHosts - ok
10:20:18.0718 3996 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:20:18.0734 3996 MBAMProtector - ok
10:20:18.0796 3996 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:20:18.0812 3996 MBAMScheduler - ok
10:20:18.0875 3996 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
10:20:18.0906 3996 MBAMService - ok
10:20:19.0000 3996 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
10:20:19.0031 3996 MDM - ok
10:20:19.0062 3996 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:20:19.0234 3996 Messenger - ok
10:20:19.0281 3996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:20:19.0421 3996 mnmdd - ok
10:20:19.0453 3996 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:20:19.0609 3996 mnmsrvc - ok
10:20:19.0656 3996 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:20:19.0812 3996 Modem - ok
10:20:19.0843 3996 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:20:20.0000 3996 Mouclass - ok
10:20:20.0015 3996 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:20:20.0171 3996 mouhid - ok
10:20:20.0218 3996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:20:20.0375 3996 MountMgr - ok
10:20:20.0406 3996 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
10:20:20.0562 3996 MPE - ok
10:20:20.0578 3996 mraid35x - ok
10:20:20.0593 3996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:20:20.0734 3996 MRxDAV - ok
10:20:20.0796 3996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:20:20.0875 3996 MRxSmb - ok
10:20:20.0906 3996 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:20:21.0062 3996 MSDTC - ok
10:20:21.0078 3996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:20:21.0234 3996 Msfs - ok
10:20:21.0250 3996 MSIServer - ok
10:20:21.0281 3996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:20:21.0437 3996 MSKSSRV - ok
10:20:21.0453 3996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:20:21.0593 3996 MSPCLOCK - ok
10:20:21.0625 3996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:20:21.0781 3996 MSPQM - ok
10:20:21.0796 3996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:20:21.0937 3996 mssmbios - ok
10:20:21.0984 3996 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:20:22.0140 3996 MSTEE - ok
10:20:22.0203 3996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:20:22.0265 3996 Mup - ok
10:20:22.0312 3996 [ 799A99D21E72023EE5ADB28AE424EFC8 ] MXOFX C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
10:20:22.0359 3996 MXOFX - ok
10:20:22.0406 3996 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:20:22.0578 3996 NABTSFEC - ok
10:20:22.0625 3996 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
10:20:22.0796 3996 napagent - ok
10:20:22.0828 3996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:20:22.0984 3996 NDIS - ok
10:20:23.0046 3996 [ 3D751F96289BD24B93A7388BD64D9682 ] NDISCAPI C:\WINDOWS\system32\DRIVERS\ndiscapi.sys
10:20:23.0062 3996 NDISCAPI ( UnsignedFile.Multi.Generic ) - warning
10:20:23.0062 3996 NDISCAPI - detected UnsignedFile.Multi.Generic (1)
10:20:23.0109 3996 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:20:23.0265 3996 NdisIP - ok
10:20:23.0312 3996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:20:23.0390 3996 NdisTapi - ok
10:20:23.0437 3996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:20:23.0609 3996 Ndisuio - ok
10:20:23.0625 3996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:20:23.0765 3996 NdisWan - ok
10:20:23.0812 3996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:20:23.0875 3996 NDProxy - ok
10:20:23.0890 3996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:20:24.0109 3996 NetBIOS - ok
10:20:24.0171 3996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:20:24.0343 3996 NetBT - ok
10:20:24.0390 3996 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
10:20:24.0546 3996 NetDDE - ok
10:20:24.0546 3996 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:20:24.0703 3996 NetDDEdsdm - ok
10:20:24.0750 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:20:24.0906 3996 Netlogon - ok
10:20:24.0937 3996 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
10:20:25.0078 3996 Netman - ok
10:20:25.0093 3996 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:20:25.0140 3996 NetTcpPortSharing - ok
10:20:25.0187 3996 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
10:20:25.0234 3996 Nla - ok
10:20:25.0281 3996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:20:25.0421 3996 Npfs - ok
10:20:25.0437 3996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:20:25.0625 3996 Ntfs - ok
10:20:25.0640 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:20:25.0781 3996 NtLmSsp - ok
10:20:25.0843 3996 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:20:26.0000 3996 NtmsSvc - ok
10:20:26.0015 3996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:20:26.0156 3996 Null - ok
10:20:26.0203 3996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:20:26.0359 3996 NwlnkFlt - ok
10:20:26.0375 3996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:20:26.0531 3996 NwlnkFwd - ok
10:20:26.0593 3996 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:20:26.0765 3996 Parport - ok
10:20:26.0781 3996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:20:26.0953 3996 PartMgr - ok
10:20:27.0000 3996 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:20:27.0156 3996 ParVdm - ok
10:20:27.0171 3996 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:20:27.0328 3996 PCI - ok
10:20:27.0328 3996 PCIDump - ok
10:20:27.0359 3996 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:20:27.0500 3996 PCIIde - ok
10:20:27.0546 3996 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:20:27.0703 3996 Pcmcia - ok
10:20:27.0718 3996 PDCOMP - ok
10:20:27.0734 3996 PDFRAME - ok
10:20:27.0734 3996 PDRELI - ok
10:20:27.0750 3996 PDRFRAME - ok
10:20:27.0750 3996 perc2 - ok
10:20:27.0765 3996 perc2hib - ok
10:20:27.0812 3996 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
10:20:27.0843 3996 PlugPlay - ok
10:20:27.0859 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:20:28.0000 3996 PolicyAgent - ok
10:20:28.0015 3996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:20:28.0187 3996 PptpMiniport - ok
10:20:28.0203 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:20:28.0343 3996 ProtectedStorage - ok
10:20:28.0343 3996 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:20:28.0500 3996 PSched - ok
10:20:28.0531 3996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:20:28.0687 3996 Ptilink - ok
10:20:28.0734 3996 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:20:28.0765 3996 PxHelp20 - ok
10:20:28.0781 3996 ql1080 - ok
10:20:28.0781 3996 Ql10wnt - ok
10:20:28.0796 3996 ql12160 - ok
10:20:28.0796 3996 ql1240 - ok
10:20:28.0812 3996 ql1280 - ok
10:20:28.0812 3996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:20:28.0968 3996 RasAcd - ok
10:20:29.0015 3996 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:20:29.0171 3996 RasAuto - ok
10:20:29.0203 3996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:20:29.0375 3996 Rasl2tp - ok
10:20:29.0421 3996 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:20:29.0562 3996 RasMan - ok
10:20:29.0578 3996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:20:29.0734 3996 RasPppoe - ok
10:20:29.0734 3996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:20:29.0875 3996 Raspti - ok
10:20:29.0906 3996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:20:30.0062 3996 Rdbss - ok
10:20:30.0093 3996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:20:30.0234 3996 RDPCDD - ok
10:20:30.0296 3996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:20:30.0468 3996 rdpdr - ok
10:20:30.0500 3996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:20:30.0593 3996 RDPWD - ok
10:20:30.0625 3996 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:20:30.0781 3996 RDSessMgr - ok
10:20:30.0812 3996 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:20:30.0984 3996 redbook - ok
10:20:31.0031 3996 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:20:31.0203 3996 RemoteAccess - ok
10:20:31.0234 3996 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:20:31.0390 3996 RemoteRegistry - ok
10:20:31.0453 3996 [ 20C9AD5EE73AF9E5F2F524C98E5E5F49 ] RetroLauncher C:\Programme\Dantz\Retrospect\retrorun.exe
10:20:31.0484 3996 RetroLauncher ( UnsignedFile.Multi.Generic ) - warning
10:20:31.0484 3996 RetroLauncher - detected UnsignedFile.Multi.Generic (1)
10:20:31.0515 3996 [ B4BFA84CA8368D1A69FC0835C844BBE7 ] Retrospect Helper C:\Programme\Dantz\Retrospect\rthlpsvc.exe
10:20:31.0546 3996 Retrospect Helper ( UnsignedFile.Multi.Generic ) - warning
10:20:31.0546 3996 Retrospect Helper - detected UnsignedFile.Multi.Generic (1)
10:20:31.0578 3996 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:20:31.0734 3996 RpcLocator - ok
10:20:31.0765 3996 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:20:31.0812 3996 RpcSs - ok
10:20:31.0859 3996 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:20:32.0015 3996 RSVP - ok
10:20:32.0046 3996 [ 6EA04A4370609E5E1EAEEE898A2AB6AC ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
10:20:32.0125 3996 RT73 - ok
10:20:32.0156 3996 [ F4EDD3A7AC7E89EDEAAC7B11F5B531D2 ] RTL2832UBDA C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
10:20:32.0187 3996 RTL2832UBDA - ok
10:20:32.0203 3996 [ 2B1453657AE1E2FAD33C4DE627C8F643 ] RTL2832UUSB C:\WINDOWS\system32\Drivers\RTL2832UUSB.sys
10:20:32.0218 3996 RTL2832UUSB - ok
10:20:32.0296 3996 [ B1DB1E76D94788B48D9C579F4439C71D ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
10:20:32.0343 3996 RTL8192su - ok
10:20:32.0375 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
10:20:32.0515 3996 SamSs - ok
10:20:32.0546 3996 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:20:32.0718 3996 SCardSvr - ok
10:20:32.0765 3996 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:20:32.0921 3996 Schedule - ok
10:20:32.0968 3996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:20:33.0046 3996 Secdrv - ok
10:20:33.0078 3996 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
10:20:33.0234 3996 seclogon - ok
10:20:33.0250 3996 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
10:20:33.0390 3996 SENS - ok
10:20:33.0421 3996 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:20:33.0562 3996 serenum - ok
10:20:33.0578 3996 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:20:33.0750 3996 Serial - ok
10:20:33.0812 3996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:20:33.0968 3996 Sfloppy - ok
10:20:34.0015 3996 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:20:34.0187 3996 SharedAccess - ok
10:20:34.0234 3996 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:20:34.0265 3996 ShellHWDetection - ok
10:20:34.0328 3996 [ 73AC4DF79566C74073B67FEF8D0FC6C5 ] siellif C:\WINDOWS\system32\Drivers\siellif.sys
10:20:34.0359 3996 siellif ( UnsignedFile.Multi.Generic ) - warning
10:20:34.0359 3996 siellif - detected UnsignedFile.Multi.Generic (1)
10:20:34.0375 3996 Simbad - ok
10:20:34.0406 3996 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:20:34.0546 3996 SLIP - ok
10:20:34.0562 3996 Sparrow - ok
10:20:34.0578 3996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:20:34.0734 3996 splitter - ok
10:20:34.0781 3996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:20:34.0843 3996 Spooler - ok
10:20:34.0875 3996 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:20:34.0984 3996 sr - ok
10:20:35.0015 3996 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
10:20:35.0093 3996 srservice - ok
10:20:35.0140 3996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:20:35.0187 3996 Srv - ok
10:20:35.0234 3996 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
10:20:35.0250 3996 sscdbus - ok
10:20:35.0296 3996 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
10:20:35.0328 3996 sscdmdfl - ok
10:20:35.0359 3996 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
10:20:35.0390 3996 sscdmdm - ok
10:20:35.0421 3996 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:20:35.0500 3996 SSDPSRV - ok
10:20:35.0562 3996 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:20:35.0578 3996 ssmdrv - ok
10:20:35.0578 3996 SSPORT - ok
10:20:35.0640 3996 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:20:35.0781 3996 stisvc - ok
10:20:35.0812 3996 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:20:35.0984 3996 streamip - ok
10:20:36.0031 3996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:20:36.0203 3996 swenum - ok
10:20:36.0234 3996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:20:36.0390 3996 swmidi - ok
10:20:36.0390 3996 SwPrv - ok
10:20:36.0406 3996 symc810 - ok
10:20:36.0406 3996 symc8xx - ok
10:20:36.0421 3996 sym_hi - ok
10:20:36.0421 3996 sym_u3 - ok
10:20:36.0468 3996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:20:36.0593 3996 sysaudio - ok
10:20:36.0640 3996 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:20:36.0796 3996 SysmonLog - ok
10:20:36.0828 3996 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:20:36.0984 3996 TapiSrv - ok
10:20:37.0046 3996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:20:37.0093 3996 Tcpip - ok
10:20:37.0156 3996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:20:37.0296 3996 TDPIPE - ok
10:20:37.0328 3996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:20:37.0500 3996 TDTCP - ok
10:20:37.0546 3996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:20:37.0703 3996 TermDD - ok
10:20:37.0765 3996 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
10:20:37.0906 3996 TermService - ok
10:20:37.0937 3996 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:20:37.0953 3996 Themes - ok
10:20:38.0000 3996 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:20:38.0109 3996 TlntSvr - ok
10:20:38.0109 3996 TosIde - ok
10:20:38.0171 3996 [ 1840772747E1F3CDD822328AC6DE0A43 ] TotRec7 C:\WINDOWS\system32\drivers\TotRec7.sys
10:20:38.0203 3996 TotRec7 - ok
10:20:38.0203 3996 [ A0D67ABC7A8CDA2E000E63C0F648B93A ] TotRec8 C:\WINDOWS\system32\drivers\TotRec8.sys
10:20:38.0234 3996 TotRec8 - ok
10:20:38.0250 3996 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:20:38.0406 3996 TrkWks - ok
10:20:38.0437 3996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:20:38.0593 3996 Udfs - ok
10:20:38.0593 3996 ultra - ok
10:20:38.0625 3996 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
10:20:38.0671 3996 UMWdf - ok
10:20:38.0734 3996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:20:38.0890 3996 Update - ok
10:20:38.0953 3996 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Programme\UPHClean\uphclean.exe
10:20:38.0984 3996 UPHClean ( UnsignedFile.Multi.Generic ) - warning
10:20:38.0984 3996 UPHClean - detected UnsignedFile.Multi.Generic (1)
10:20:39.0015 3996 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:20:39.0140 3996 upnphost - ok
10:20:39.0171 3996 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
10:20:39.0343 3996 UPS - ok
10:20:39.0390 3996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:20:39.0531 3996 usbccgp - ok
10:20:39.0562 3996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:20:39.0703 3996 usbehci - ok
10:20:39.0734 3996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:20:39.0875 3996 usbhub - ok
10:20:39.0906 3996 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:20:40.0062 3996 usbprint - ok
10:20:40.0093 3996 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:20:40.0250 3996 usbscan - ok
10:20:40.0312 3996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:20:40.0468 3996 USBSTOR - ok
10:20:40.0500 3996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:20:40.0640 3996 usbuhci - ok
10:20:40.0640 3996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:20:40.0796 3996 VgaSave - ok
10:20:40.0812 3996 ViaIde - ok
10:20:40.0843 3996 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:20:40.0984 3996 VolSnap - ok
10:20:41.0031 3996 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
10:20:41.0156 3996 VSS - ok
10:20:41.0187 3996 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
10:20:41.0328 3996 W32Time - ok
10:20:41.0375 3996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:20:41.0515 3996 Wanarp - ok
10:20:41.0531 3996 WDICA - ok
10:20:41.0546 3996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:20:41.0703 3996 wdmaud - ok
10:20:41.0734 3996 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:20:41.0859 3996 WebClient - ok
10:20:41.0968 3996 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:20:42.0109 3996 winmgmt - ok
10:20:42.0171 3996 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:20:42.0234 3996 WmdmPmSN - ok
10:20:42.0296 3996 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:20:42.0328 3996 Wmi - ok
10:20:42.0375 3996 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:20:42.0531 3996 WmiApSrv - ok
10:20:42.0546 3996 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
10:20:42.0578 3996 WpdUsb - ok
10:20:42.0640 3996 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:20:42.0765 3996 wscsvc - ok
10:20:42.0812 3996 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:20:42.0968 3996 WSTCODEC - ok
10:20:43.0015 3996 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:20:43.0171 3996 wuauserv - ok
10:20:43.0234 3996 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:20:43.0406 3996 WZCSVC - ok
10:20:43.0500 3996 [ 8F0D73F36340843B07E564C7357A65D0 ] xControlCOM C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe
10:20:43.0546 3996 xControlCOM ( UnsignedFile.Multi.Generic ) - warning
10:20:43.0546 3996 xControlCOM - detected UnsignedFile.Multi.Generic (1)
10:20:43.0578 3996 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:20:43.0718 3996 xmlprov - ok
10:20:43.0750 3996 [ 265B882E0501AC6D06F083B04AF488A8 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
10:20:43.0796 3996 yukonwxp - ok
10:20:43.0828 3996 ================ Scan global ===============================
10:20:43.0859 3996 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:20:43.0921 3996 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:20:43.0953 3996 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:20:43.0968 3996 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
10:20:43.0968 3996 [Global] - ok
10:20:43.0968 3996 ================ Scan MBR ==================================
10:20:44.0000 3996 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:20:44.0234 3996 \Device\Harddisk0\DR0 - ok
10:20:44.0234 3996 ================ Scan VBR ==================================
10:20:44.0234 3996 [ 7123382085202763C6671FF43D534E2A ] \Device\Harddisk0\DR0\Partition1
10:20:44.0234 3996 \Device\Harddisk0\DR0\Partition1 - ok
10:20:44.0250 3996 ============================================================
10:20:44.0250 3996 Scan finished
10:20:44.0250 3996 ============================================================
10:20:44.0359 0440 Detected object count: 20
10:20:44.0359 0440 Actual detected object count: 20
10:21:35.0921 0440 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0921 0440 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0921 0440 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0921 0440 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0921 0440 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0921 0440 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0921 0440 CAPI ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0921 0440 CAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0921 0440 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0921 0440 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0937 0440 DectEnum ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0937 0440 DectEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0937 0440 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0937 0440 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0937 0440 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0937 0440 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0937 0440 Gigusb ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0937 0440 Gigusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0937 0440 HRCMPA ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0937 0440 HRCMPA ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0937 0440 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0937 0440 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0937 0440 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0937 0440 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0953 0440 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0953 0440 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0953 0440 IUAPIWDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0953 0440 IUAPIWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0953 0440 NDISCAPI ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0953 0440 NDISCAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0953 0440 RetroLauncher ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0953 0440 RetroLauncher ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0968 0440 Retrospect Helper ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0968 0440 Retrospect Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0968 0440 siellif ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0968 0440 siellif ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0968 0440 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0968 0440 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:21:35.0968 0440 xControlCOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:21:35.0968 0440 xControlCOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:22:02.0093 2444 Deinitialize success

Hans-Friedrich

markusg 20.01.2013 14:59
hi
nächsten Schritt im betroffenen Konto:
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hauspost 21.01.2013 13:15
Hallo Markus,

so, ich habe Comboxfix.exe laufen lassen. Da das Programm nur als Admin gestartet werden konnte, habe ich es auch als Admin gestartet. Soweit ich das beurteilen kann, hat es auch ucgyt.exe erkannt und gelöscht.

Hier ComboFix.txt:

Combofix Logfile:
Code:
ComboFix 13-01-21.01 - Dumrese 21.01.2013  10:36:56.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Hans-Friedrich\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Dumrese\WINDOWS
c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Cizime
c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Cizime\ucgyt.exe
c:\dokumente und einstellungen\Hans-Friedrich\WINDOWS
c:\dokumente und einstellungen\NetworkService\NTUSER.DAT.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\cefcaebcb_s.dll
c:\windows\system32\SET10.tmp
c:\windows\system32\SET12.tmp
c:\windows\system32\SET4.tmp
c:\windows\system32\SET5.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET6.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-21 bis 2013-01-21  ))))))))))))))))))))))))))))))
.
.
2013-01-18 16:54 . 2013-01-18 16:54        --------        d-----w-        c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Malwarebytes
2013-01-18 13:19 . 2013-01-18 13:19        --------        d-----w-        c:\dokumente und einstellungen\Dumrese\Anwendungsdaten\Malwarebytes
2013-01-18 13:19 . 2013-01-18 13:19        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-01-18 13:19 . 2013-01-20 09:04        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2013-01-18 13:19 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-07 16:28 . 2013-01-07 16:28        --------        d-----w-        c:\dokumente und einstellungen\Hans-Friedrich\Lokale Einstellungen\Anwendungsdaten\Identities
2013-01-07 16:28 . 2013-01-20 16:22        --------        d-----w-        c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Akly
2013-01-07 16:28 . 2013-01-07 16:28        --------        d-----w-        c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Tuefys
2012-12-28 11:17 . 2001-09-30 18:10        246784        ----a-w-        c:\windows\system32\ActiveSkin.ocx
2012-12-28 11:17 . 2001-05-24 11:59        162304        ----a-w-        C:\UNWISE.EXE
2012-12-22 17:40 . 2012-12-22 17:40        --------        d-----w-        c:\dokumente und einstellungen\Dumrese\Anwendungsdaten\GetRightToGo
2012-12-22 15:15 . 2012-12-22 15:15        --------        d-----w-        c:\programme\Gemeinsame Dateien\Jumping Bytes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 20:23 . 2012-04-29 07:42        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-01-14 20:23 . 2012-01-04 04:30        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-04 12:00        290560        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-11 18:36 . 2012-11-03 18:30        134336        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-12-11 18:36 . 2012-11-03 18:30        83944        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-11-18 08:28 . 2012-11-03 18:30        36552        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-11-13 11:55 . 2004-08-04 12:00        1866496        ----a-w-        c:\windows\system32\win32k.sys
2012-11-08 14:19 . 2012-09-15 14:07        21361        ----a-w-        c:\windows\system32\drivers\AegisP.sys
2012-11-08 14:19 . 2012-11-08 14:06        376832        ----a-w-        c:\windows\system32\AegisI5Installer.exe
2012-11-06 02:01 . 2008-07-17 04:05        1371648        ------w-        c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 12:00        375296        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 12:00        916992        ------w-        c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00        385024        ----a-w-        c:\windows\system32\html.iec
2006-10-12 05:31 . 2006-10-12 05:31        60526        ----a-w-        c:\programme\mozilla firefox\components\jar50.dll
2006-10-12 05:31 . 2006-10-12 05:31        49256        ----a-w-        c:\programme\mozilla firefox\components\jsd3250.dll
2006-10-12 05:31 . 2006-10-12 05:31        166000        ----a-w-        c:\programme\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnalogClock"="c:\programme\Analog Clock\AnalogClock.exe" [2005-11-05 480256]
"DeskDriveStartup"="c:\programme\Desk Drive\DeskDrive.exe" [2009-12-06 66048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2005-05-27 147456]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"3200 Scan2PC"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2010-05-18 1989120]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
c:\dokumente und einstellungen\Dumrese\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
DOSPRN.lnk - c:\programme\DOSPRN\DOSprn.exe [2012-3-24 815104]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
c:\dokumente und einstellungen\Hans-Friedrich\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
DOSprn.exe.lnk - c:\programme\DOSPRN\DOSprn.exe [2012-3-24 815104]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
c:\dokumente und einstellungen\Dumrese\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
DOSPRN.lnk - c:\programme\DOSPRN\DOSprn.exe [2012-3-24 815104]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056]
PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Dumrese^Startmenü^Programme^Autostart^CAPI - Monitor.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io.exe"=
"c:\\Programme\\Steuer 2011\\on4u3\\bdmsc.exe"=
"c:\\Programme\\Steuer 2011\\stman2012.exe"=
"c:\\Programme\\Steuer 2011\\on4u3\\bdrm.dll"=
"c:\\Programme\\Steuer 2011\\wmain12.dll"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Programme\\Audacity\\audacity.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 DXSOFTIO;DXSOFTIO; [x]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 RTL2832UBDA;NOXON DAB Stick BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;NOXON DAB Stick USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 xControlCOM;xControlCOM;c:\programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [x]
S2 CAPI;CAPI 2.0 Service;c:\windows\system32\DRIVERS\capi.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\DRIVERS\ndiscapi.sys [x]
S3 DectEnum;DectEnum;c:\windows\system32\Drivers\DectEnum.sys [x]
S3 Gigusb;Dect USB Driver;c:\windows\system32\Drivers\Gigusb.sys [x]
S3 HRCMPA;ISDN Wan driver (Ver. 1.20.0032);c:\windows\system32\DRIVERS\hrcmpa.sys [x]
S3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0032);c:\windows\system32\DRIVERS\IUAPIWDM.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [x]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - uphcleanhlp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Web-Recherche: Bild speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#101
IE: Web-Recherche: Bild speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#108
IE: Web-Recherche: Link-Adresse speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#110
IE: Web-Recherche: Markierte Ziele speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#111
IE: Web-Recherche: Markierung speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#104
IE: Web-Recherche: Markierung speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#109
IE: Web-Recherche: Seitenbereich (Frame) speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#102
IE: Web-Recherche: Seitenbereich (Frame) speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#106
IE: Web-Recherche: Ziel speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#103
IE: Web-Recherche: Ziel speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#107
Trusted Zone: dumrese-pc1
TCP: Interfaces\{257DA1AF-4336-48B3-8040-D63390A71D88}: NameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
.
.
------- Dateityp-Verknüpfung -------
.
.txt=ntpfile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Samsung PanelMgr - d:\application\SPanel\PanelMgr\SSMMgr.exe
HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-Xaldon WebSpider 2 - c:\windows\unin0407.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-21 10:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,af,a8,31,97,11,b6,49,8d,3a,0f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,af,a8,31,97,11,b6,49,8d,3a,0f,\
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\RemoteAccess\Profile\x        *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CeWe Color\Home Photo Service\mainwindow]
@DACL=(02 0000)
"maximized"="true"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\BuildInfo]
@DACL=(02 0000)
"SR_No"="CDS050408-03"
"Setup"="050412"
"RC"="050307"
"Help"="050308"
"Readme"="050304"
"Skin"="041220"
"OlReg"="041130"
"RegRC"="050325"
"Ver"="6.00.1417"
"Utility"="1102"
"UI"="1417b"
"UI98"="1417b"
"DShow"="1403d"
"AVSetting"="2513"
"CPXM"="2207"
"Other"="1215"
"CL264"="-"
"Pou"="1423"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\Color_Control]
@DACL=(02 0000)
"1"=hex:4f,00,72,00,69,00,67,00,69,00,6e,00,61,00,6c,00,00,00,00,00,38,dc,d1,
  02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\
"2"=hex:4c,00,65,00,75,00,63,00,68,00,74,00,65,00,6e,00,64,00,00,00,38,dc,d1,
  02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\
"3"=hex:48,00,65,00,6c,00,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,38,dc,d1,
  02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\
"4"=hex:54,00,68,00,65,00,61,00,74,00,65,00,72,00,00,00,00,00,00,00,38,dc,d1,
  02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\DVD_ResumeState]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\UserReg]
@DACL=(02 0000)
"SR_No"="CDS050408-03"
"Prod_Name"="PowerDVD"
"Prod_Ver"="6.0"
"CustomerNO"="92"
"Hardware"="Display Card"
"Channel"="OEM"
"RegVType"="OEM 2CH"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerProducer\3.0\Player]
@DACL=(02 0000)
"UIVMode"=dword:00000004
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\CDDBServer2]
@DACL=(02 0000)
"0"="freedb.freedb.org Random freedb server"
"1"="freedb.freedb.de Dortmund, Germany"
"2"="at.freedb.org Vienna, Austria"
"3"="au.freedb.org Sydney, Australia"
"4"="bg.freedb.org Sofia, Bulgaria"
"5"="ca.freedb.org Winnipeg, MB Canada"
"6"="de.freedb.org Berlin, Germany"
"7"="es.freedb.org Valencia, Spain"
"8"="fi.freedb.org Tampere, Finland"
"9"="lu.freedb.org Betzdorf, Luxemburg"
"10"="no.freedb.org Tromso, Norway"
"11"="uk.freedb.org London, UK"
"12"="us.freedb.org San Jose, CA USA"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\DNVorgaben]
@DACL=(02 0000)
"0"="%A - %T"
"N0"="%FilenameTemplateStandard"
"1"="%N %A - %T"
"N1"="%FilenameTemplateWithTrackNo"
"2"="%N - %A - %T"
"N2"="%FilenameTemplateWithSepTrackNo"
"3"="%B - %N - %A - %T"
"N3"="%FilenameTemplateAlbumTrackNoArtistTitle"
"4"="%P %N %A - %T"
"N4"="%FilenameTemplateDiscNoTrackNoArtistTitle"
"5"="%A\\%B\\%T"
"N5"="%FilenameTemplateArtistAlbumTitleFolder"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\Export]
@DACL=(02 0000)
"HTMLColumns"="TPE1TIT2*LENCOMM"
"HTMLColumnsLink"="----"
"HTMLNoOwnCol"=dword:00000001
"HTMLRelDir"=dword:00000000
"HTMLRelLinks"=dword:00000000
"HTMLGrouping"=dword:00000000
"HTMLManyFiles"=dword:00000000
"HTMLGroupField"="TPE1"
"HTMLVLastFile"=""
"HTMLVRelDir"=dword:00000000
"HTMLVRelLinks"=dword:00000000
"PlaylistAll"=dword:00000001
"PlaylistAddInfos"=dword:00000001
"PlaylistRelLinks"=dword:00000000
"ExcelColumns"="TPE1TIT2COMM*LEN*BIT*FIN"
"ExcelNoOwnCol"=dword:00000000
"LastExport"=dword:00000003
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\Felder]
@DACL=(02 0000)
"0"="TPE1TIT2TRCKTCONCOMMTALB"
"N0"="%PageGeneralTitle"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\AspectRatios]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\Buttons]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\Collage]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\HotFolders]
@DACL=(02 0000)
"0"="c:\\Dokumente und Einstellungen\\Hans-Friedrich\\Eigene Dateien\\Transfer\\"
"1"="c:\\Dokumente und Einstellungen\\Hans-Friedrich\\Eigene Dateien\\Eigene Bilder\\2 Nachbestellung\\21 unbearbeitet\\"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\LifescapeUpdater]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Internet Explorer\Main\WindowsSearch]
@DACL=(02 0000)
"Version"="WS not installed"
"AutoCompleteGroups"=dword:00000005
"EnabledScopes"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/corporate.wsz]
@DACL=(02 0000)
"Prefs"="SettingsTab;SRSSettings;SettingsDrawer;False;PlaylistDrawer;False"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin.wsz]
@DACL=(02 0000)
"Prefs"="mute;False"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin2.wsz]
@DACL=(02 0000)
"Prefs"="mute;False;TrackTimeFormat;0"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/wmpdxm.wsz]
@DACL=(02 0000)
"Prefs"="debug;Not Rocking Onward"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\Revert.wmz]
@DACL=(02 0000)
"Prefs"="vwPL;false;vwEQ;false"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\CD-Laufwerk (E:)]
@DACL=(02 0000)
"PDASelectedFolder"="In Search of Sunrise 5 CD 01"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\Library]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\MTP Player]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\ProxySettings]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\VideoSettings]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\{e2706d43-e254-11da-9efb-806d6172696f}]
@DACL=(02 0000)
"CDReadRate"=hex:f3,97,8e,40
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Office\Common\Assistant]
@DACL=(02 0000)
"AsstState"=dword:00000026
"AsstFile"="c:\\Programme\\Microsoft Office\\Office10\\clippit.acs"
"AsstLeft"=dword:000000fb
"AsstTop"=dword:00000016
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Office\Common\Offline]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Office\Common\UserInfo]
@DACL=(02 0000)
"Company"=""
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Panasonic\PHOTOfunSTUDIO 5.2 HD\Settings\Device]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Panasonic\PHOTOfunSTUDIO 5.2 HD\Settings\Network]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\Amazon.MusicDownload.amz\DefaultIcon]
@DACL=(02 0000)
@="c:\\Dokumente und Einstellungen\\Hans-Friedrich\\Lokale Einstellungen\\Program Files\\Amazon\\MP3 Downloader\\AmazonMP3Downloader.exe"
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\Amazon.MusicDownload.amz\shell]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\Applications\NotePro.exe\shell]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\opml_auto_file\shell]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\PlanMaker\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\SoftMaker Office 2008\\PlanMaker.exe,1 "
.
[HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\PlanMaker\shell]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'winlogon.exe'(3648)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2013-01-21  10:44:45
ComboFix-quarantined-files.txt  2013-01-21 09:44
.
Vor Suchlauf: 7 Verzeichnis(se), 176.042.311.680 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 176.085.159.936 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FCD368341AEE98798BD3DC7385C3FBFF
--- --- ---

Was klappt?

Ich komme wieder auf die HP meiner Bank und auch beim Aufruf meines Diba-Kontos kommen keine merkwürdigen Popups.

Was hakt noch?

Im User-Konto erscheint nicht mehr Avira im Systray. Das wurde neben vier anderen Programmen bei Hochfahren über HKLM/Software/Microsoft/Windows/CurrentVersion/Run gestartet. Die fünf Einträge (MXO Auto Loader, FreePDF Assistant, QuickTime Task, 3200 Scan2PC und avgnt) sind nicht mehr da. Regedit verwehrt mir aber auch als User den Zugriff auf HKLM/Software/Microsoft/Windows/CurrentVersion/Run.

Im Admin-Modus sind die fünf Einträge da.


Ich bin schon sehr zufrieden!!!

Hans-Friedrich

markusg 21.01.2013 15:23
hi
öffne bitte c: rechtsklick qoobox, mit winrar oder nem anderen Programm packen, archiv hochladen:
Trojaner-Board Upload Channel
wenn fertig, bitte melden.

Hauspost 22.01.2013 08:49
Hallo Markus,

habe c:\qoobox eben gezip't und hochgeladen. Avira meckerte natürlich den dort enthaltenen ucgyt.exe an. Auf c:\qoovox\BackEnv habe ich keinen Zugriff, auch nicht als Admin.

Die beim User fehlenden Registryeinträge sind auch wieder da, nachdem ich als Admin auch der Gruppe "Jeder" Zugriffsrechte vergeben habe.

Hans-Friedrich

markusg 22.01.2013 14:54
hi
du hast einen Trojan.zbot. dieser stiehlt banking Daten, informiere die Bank,lasse onlinebanking sperren.
Da man diesen nicht 100 %ig sicher los wird:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Hauspost 24.01.2013 13:51
Hallo Markus,

vielen Dank für den Hinweis. Ich werde mal das Online-Banking von diesem Rechner aus sein lassen. Habe auch schon meine Passworte geändert.

Ob ich meinen Rechner neu aufsetzen werde, ist fraglich. Nochmals Xp aufsetzen, wo doch 2014 der Support aufhört, erscheint mir nicht effizient. Ich muss das mal mit meinem Hardware-Mann besprechen. Wird wohl eher ein neuer Rechner werden.

Einstweilen schon einmal vielen Dank für Deine Hilfe. Ich weiß sie zu schätzen!

BTW: Wie werde ich c:\qoobox wieder los? Mit Löschen als Admin klappt es nicht.

Hans-Friedrich

markusg 24.01.2013 17:55
hi
frage: soll der Rechner denn ins internet, denn dann muss er trotzdem neu gemacht werden, formatieren müsstest du sowieso, denn einen pc mit Daten wegzugeben währe eher ungünstig.
combofix können wir bei bedafr schon noch löschen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131