Liste der Anhänge anzeigen (Anzahl: 1) Erstmal Danke für die Hilfe. Dieses Forum ist eine tolle Sache. Wahnsinn, was da an Arbeit drin stecken muss...
Eine kleine Korrektur zu meinem Eingangspost. Ich sagte, ANTIVIR hat nichts gefunden. Ich habe wohl was falsch gemacht, anscheinend nur den Bootsektor gescannt o.ä. Habe ANTIVIR gestern noch mal drüber laufen lassen (hat 7 Stunden gedauert) und hängen mal ergänzend einen Screenshot an von den Dateien die in Quarantäne gestellt wurden.
Bin anschließend wie beschrieben mit mbar und OTL vorgegangen, poste hier die Protokolle.
Für mich wäre es, neben der Frage ob mein Rechner wieder sauber ist, interessant zu wissen, wie gefährlich diese Trojaner sind bzw. was die machen? Habe törichterweise nach der Infektion noch ein oder zwei Logins durchgeführt. Muss ich diese beiden PW oder gar alle PW ändern? Letzteres wäre sehr aufwändig, wenn es sein muss würde ich es aber machen.
Zunächst die Outputs für mbar: Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.13.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
zensiert :: zensiert [administrator]
13.03.2013 18:50:50
mbar-log-2013-03-13 (18-50-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26826
Time elapsed: 23 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\userinit.exe (Security.Hijack) -> Delete on reboot.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00465130.exe (Trojan.Agent.Gen) -> Data: "C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\KB00465130.exe" -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
c:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater\temp\~wt386.tmp (PUP.Dealio.TB) -> Delete on reboot.
c:\Dokumente und Einstellungen\zensiert\Eigene Dateien\Downloads\oi_cs3zip.exe (PUP.BundleInstaller.OI) -> Delete on reboot.
c:\Dokumente und Einstellungen\zensiert\Lokale Einstellungen\Temp\{13C53-A7F954-A7FD54} (Trojan.FakeMS.PRGen) -> Delete on reboot.
c:\Dokumente und Einstellungen\zensiert\Lokale Einstellungen\Temp\tmpe19a7bde\vv1303.exe (Trojan.FakeMS.PRGen) -> Delete on reboot.
c:\Dokumente und Einstellungen\zensiert\Anwendungsdaten\KB00465130.exe (Trojan.Agent.Gen) -> Delete on reboot.
(end) Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.214000 GHz
Memory total: 3488714752, free: 2368794624
------------ Kernel report ------------
03/13/2013 18:26:19
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\netwg311.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\RandWDM.sys
\SystemRoot\system32\DRIVERS\odysseyIM3.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\vsdatant.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\hiber_WMILIB.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae28ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-10\
Lower Device Object: 0xffffffff8ae78b00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.13.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae28ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae29930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae28ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae2e9e8, DeviceName: \Device\00000079\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae78b00, DeviceName: \Device\Ide\IdeDeviceP2T1L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe388ec88, 0xffffffff8ae28ab8, 0xffffffff894cc4f8
Lower DeviceData: 0xffffffffe15c3818, 0xffffffff8ae78b00, 0xffffffff88f75f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1B921B92
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1750985713
Partition file system is NTFS
Partition is bootable
Partition 1 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 1750986750 Numsec = 202536962
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Performing system, memory and registry scan...
Infected: c:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater\temp\~wt386.tmp --> [PUP.Dealio.TB]
Infected: c:\Dokumente und Einstellungen\zensiert\Eigene Dateien\Downloads\oi_cs3zip.exe --> [PUP.BundleInstaller.OI]
Infected: c:\Dokumente und Einstellungen\zensiert\Lokale Einstellungen\Temp\{13C53-A7F954-A7FD54} --> [Trojan.FakeMS.PRGen]
Infected: c:\Dokumente und Einstellungen\zensiert\Lokale Einstellungen\Temp\tmpe19a7bde\vv1303.exe --> [Trojan.FakeMS.PRGen]
Infected: c:\Dokumente und Einstellungen\zensiert\Anwendungsdaten\KB00465130.exe --> [Trojan.Agent.Gen]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00465130.exe --> [Trojan.Agent.Gen]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\userinit.exe --> [Security.Hijack]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.214000 GHz
Memory total: 3488714752, free: 3110010880
Removal queue found; removal started
Removing c:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater\temp\~wt386.tmp...
Removing c:\Dokumente und Einstellungen\zensiert\Eigene Dateien\Downloads\oi_cs3zip.exe...
Removing c:\Dokumente und Einstellungen\zensiert\Lokale Einstellungen\Temp\{13C53-A7F954-A7FD54}...
Removing c:\Dokumente und Einstellungen\zensiert\Lokale Einstellungen\Temp\tmpe19a7bde\vv1303.exe...
Removing c:\Dokumente und Einstellungen\zensiert\Anwendungsdaten\KB00465130.exe...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.214000 GHz
Memory total: 3488714752, free: 2448805888
------------ Kernel report ------------
03/13/2013 19:45:07
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\netwg311.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\RandWDM.sys
\SystemRoot\system32\DRIVERS\odysseyIM3.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\??\C:\WINDOWS\system32\vsdatant.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8adf19c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-10\
Lower Device Object: 0xffffffff8ae79d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.13.11
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8adf19c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae76e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8adf19c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8adf49e8, DeviceName: \Device\00000079\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae79d98, DeviceName: \Device\Ide\IdeDeviceP2T1L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe2bbc8a8, 0xffffffff8adf19c0, 0xffffffff89457ab8
Lower DeviceData: 0xffffffffe2b1f3b8, 0xffffffff8ae79d98, 0xffffffff898b3f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1B921B92
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1750985713
Partition file system is NTFS
Partition is bootable
Partition 1 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 1750986750 Numsec = 202536962
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.214000 GHz
Memory total: 3488714752, free: 2433646592
------------ Kernel report ------------
03/13/2013 20:49:28
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\netwg311.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\RandWDM.sys
\SystemRoot\system32\DRIVERS\odysseyIM3.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\??\C:\WINDOWS\system32\vsdatant.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8adf19c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-10\
Lower Device Object: 0xffffffff8ae79d98
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffff898b3f18
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8adf19c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae76e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8adf19c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8adf49e8, DeviceName: \Device\00000079\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae79d98, DeviceName: \Device\Ide\IdeDeviceP2T1L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe13edd40, 0xffffffff8adf19c0, 0xffffffff89457ab8
Lower DeviceData: 0xffffffffe3627d20, 0xffffffff8ae79d98, 0xffffffff898b3f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1B921B92
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1750985713
Partition file system is NTFS
Partition is bootable
Partition 1 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 1750986750 Numsec = 202536962
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.13.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
zensiert:: zensiert [administrator]
13.03.2013 20:09:24
mbar-log-2013-03-13 (20-09-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26728
Time elapsed: 23 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Und hier die Protokolle von OTL: Code:
OTL logfile created on: 14.03.2013 09:42:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,25% Memory free
5,09 Gb Paging File | 3,92 Gb Available in Paging File | 77,05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 834,94 Gb Total Space | 790,83 Gb Free Space | 94,72% Space Free | Partition Type: NTFS
Drive D: | 10,69 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: zensiert | User Name: zensiert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\WOT\IE\WOTUpdater.exe ()
PRC - C:\Programme\GNU\GnuPG\dirmngr.exe ()
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
PRC - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe ()
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\WOT\IE\WOTUpdater.exe ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\GNU\GnuPG\dirmngr.exe ()
MOD - C:\Programme\GNU\GnuPG\gpgex.dll ()
MOD - C:\Programme\GNU\GnuPG\libgcrypt-11.dll ()
MOD - C:\Programme\GNU\GnuPG\libksba-8.dll ()
MOD - C:\Programme\GNU\GnuPG\libassuan-0.dll ()
MOD - C:\Programme\GNU\GnuPG\libgpg-error-0.dll ()
MOD - C:\Programme\GNU\GnuPG\libw32pth-0.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\ASUS\EPU\pngio.dll ()
MOD - C:\Programme\ASUS\EPU\AiNap.dll ()
MOD - C:\Programme\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\WINDOWS\system32\AsIO.dll ()
MOD - C:\Programme\XP Codec Pack\filters\ac3filter.ax ()
MOD - C:\Programme\ASUS\EPU\AsusService.dll ()
MOD - C:\WINDOWS\system32\ffdshow.ax ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
MOD - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll ()
MOD - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll ()
MOD - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll ()
MOD - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll ()
MOD - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll ()
MOD - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll ()
MOD - C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe ()
========== Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WOTUpdater) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\WOT\IE\WOTUpdater.exe ()
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (DirMngr) -- C:\Programme\GNU\GnuPG\dirmngr.exe ()
SRV - (wxpSvc) -- C:\Programme\wLite\wService.exe (Moonware Studios)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (ATICDSDr) -- C:\DOKUME~1\Ralf\LOKALE~1\Temp\{901DA~1\{1735A~1\atiicdxx.sys File not found
DRV - (mbamswissarmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (netwg311) -- C:\WINDOWS\system32\drivers\netwg311.sys (Texas Instruments)
DRV - (odysseyIM3) -- C:\WINDOWS\system32\drivers\odysseyIM3.sys (Funk Software, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nusb3xhc) -- C:\WINDOWS\system32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\WINDOWS\system32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (tap0801co) -- C:\WINDOWS\system32\drivers\tap0801co.sys (The OpenVPN Project)
DRV - (RandWDM) -- C:\WINDOWS\system32\drivers\RandWDM.sys (NIMH Laboratory of Neuropsychology)
DRV - (cdas16) -- C:\WINDOWS\system32\drivers\cdas16.sys (Syzgy Partners Corp)
DRV - (dio24) -- C:\WINDOWS\system32\drivers\dio24.sys (Syzgy Partners Corp)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (STV680) -- C:\WINDOWS\system32\drivers\stv680.sys (STMicroelectronics )
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-343818398-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-343818398-839522115-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-789336058-343818398-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-789336058-343818398-839522115-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=a0c80d2a000000000000000fb5461904
IE - HKU\S-1-5-21-789336058-343818398-839522115-1004\..\SearchScopes\{920389A1-BE24-4A28-B804-79C4A9E7DD45}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=858677&p={searchTerms}
IE - HKU\S-1-5-21-789336058-343818398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-343818398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=858677&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.09.15
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=858677&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\PDF-X-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\PDF-X-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Programme\VLC DVD Player\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\PDF-X-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.10.15 10:36:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.08 09:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.12 21:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.03.12 19:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\lb92hmls.Standard-Benutzer\extensions\mail@shopping-preise.de [2012.04.04 16:17:00 | 000,000,000 | ---D | M]
[2011.04.15 16:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Extensions
[2012.05.29 06:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2011.12.23 18:08:44 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2011.12.23 18:08:43 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2011.12.23 18:08:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.12.23 18:08:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.23 18:08:45 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2011.12.23 18:08:43 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
[2011.12.23 18:08:45 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach
[2012.10.23 06:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\lb92hmls.Standard-Benutzer\extensions
[2012.03.02 19:06:00 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\lb92hmls.Standard-Benutzer\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2012.04.04 16:17:00 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\lb92hmls.Standard-Benutzer\extensions\mail@shopping-preise.de
[2012.05.29 06:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\n5v92fad.default\extensions
[2012.03.11 10:48:28 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\n5v92fad.default\extensions\wotstats@mywot.com
[2011.04.24 17:09:55 | 000,002,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\n5v92fad.default\searchplugins\chip-online-suche.xml
[2011.05.03 07:19:47 | 000,002,434 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\n5v92fad.default\searchplugins\google-scholar.xml
[2011.06.06 09:39:04 | 000,001,326 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\n5v92fad.default\searchplugins\scholarpedia-en.xml
[2011.04.17 10:40:59 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Mozilla\Firefox\Profiles\n5v92fad.default\searchplugins\wikipedia-en.xml
[2013.03.08 09:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 09:01:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.03.08 09:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2011.10.15 10:36:56 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
File not found (No name found) -- C:\PROGRAMME\DEALIO TOOLBAR\FF
File not found (No name found) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.04.20 16:17:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.03.08 09:01:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.08.14 16:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.03.11 11:02:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 07:54:43 | 000,002,298 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.09.13 08:14:02 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.11 11:02:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.11 11:02:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 11:02:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.11 11:02:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.09.24 09:26:25 | 000,444,407 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15263 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\WOT\IE\WOT.dll (WOT Services Oy)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Gpu Boost Driver] "C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe" File not found
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Programme\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Programme\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Programme\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Programme\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-789336058-343818398-839522115-1004..\Run: [ICQ] C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-789336058-343818398-839522115-1004..\Run: [wjrnjtlw] C:\Dokumente und Einstellungen\Ralf\Lrol\plbaheijtlw.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG311v2 Smart Configuration.lnk = File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\Ralf\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Ralf\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-343818398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55C49ACC-9522-43AD-A108-400D5BFD22D5}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.15 07:07:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.13 19:45:07 | 000,143,176 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.03.13 18:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.03.12 22:16:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Avira
[2013.03.12 22:11:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Opera
[2013.03.12 22:11:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Opera
[2013.03.12 22:11:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.03.12 22:10:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.03.12 22:10:53 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.03.12 22:10:53 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.03.12 22:10:53 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.03.12 22:10:48 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.03.12 22:10:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.03.12 21:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013.03.12 21:08:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Qake
[2013.03.12 21:08:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Ewifu
[2013.03.12 21:08:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Emys
[2013.03.12 19:45:57 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2013.03.12 17:35:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Urqe
[2013.03.12 17:35:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Ikogov
[2013.03.12 17:35:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Ekizk
[2013.03.12 15:25:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\EB2C8DD4
[2013.03.12 15:25:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Lrol
[2013.03.10 17:44:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Desktop\Bilder Kamera
[2013.03.08 09:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SPSS SmartViewer
[2013.03.08 09:31:40 | 000,000,000 | ---D | C] -- C:\Programme\SPSS Viewer
[2013.03.08 09:01:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.03.08 08:56:01 | 000,000,000 | ---D | C] -- C:\Programme\MySQL
[2013.03.05 12:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DzSoft PHP Editor
[2013.03.05 12:01:49 | 000,398,336 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartZip.dll
[2013.03.05 12:01:49 | 000,341,504 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartFtp.dll
[2013.03.05 12:01:49 | 000,326,144 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2013.03.05 12:01:49 | 000,291,840 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSecure2.dll
[2013.03.05 12:01:49 | 000,248,320 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartCertificate.dll
[2013.03.05 12:01:49 | 000,000,000 | ---D | C] -- C:\Programme\DzSoft
[2013.03.05 12:01:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\DzSoft
[2013.02.22 16:03:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Lokale Einstellungen\Anwendungsdaten\Sun
[2013.02.20 18:10:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.02.20 17:56:12 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.20 17:56:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.20 17:56:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.20 17:56:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.20 17:25:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Skype
[2013.02.20 17:25:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.02.20 17:25:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2013.02.20 17:25:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2013.02.20 17:24:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Ralf\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Ralf\Eigene Dateien\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.14 09:35:00 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.03.14 09:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.13 20:49:28 | 000,143,176 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.03.13 19:45:06 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.03.13 19:24:34 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2013.03.13 19:23:43 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr
[2013.03.13 19:23:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.13 19:23:20 | 3488,792,576 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 18:21:29 | 003,145,782 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\desktop quarantäne.BMP
[2013.03.13 09:53:49 | 000,521,058 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.03.13 09:53:49 | 000,497,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.03.13 09:53:49 | 000,102,462 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.03.13 09:53:49 | 000,085,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.03.13 09:49:14 | 000,000,012 | ---- | M] () -- C:\WINDOWS\J
[2013.03.12 22:11:06 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.03.12 22:04:04 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.03.12 22:04:04 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.03.12 19:39:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.11 18:08:18 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.03.08 09:33:56 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2013.03.08 09:33:56 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2013.03.08 09:33:56 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2013.03.08 09:33:56 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2013.03.08 08:56:02 | 000,004,366 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013.03.07 15:52:03 | 000,975,450 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\soße1.JPG
[2013.03.07 15:51:43 | 000,944,970 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\soße.JPG
[2013.03.06 15:47:46 | 000,928,266 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\vogelfutter.JPG
[2013.03.06 15:40:39 | 000,965,363 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\tittenmaus.JPG
[2013.03.06 15:19:35 | 001,007,097 | ---- | M] () -- C:\tittenfick.JPG
[2013.03.04 10:34:56 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\.recently-used.xbel
[2013.03.01 03:28:11 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.02.20 17:55:53 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.20 17:55:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013.02.20 17:55:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.02.20 17:55:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.20 17:55:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.20 17:55:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.20 17:55:51 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.02.20 17:25:09 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.02.14 08:31:11 | 000,001,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.02.13 08:55:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Ralf\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Ralf\Eigene Dateien\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.13 19:45:06 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.03.13 19:23:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr
[2013.03.13 18:20:27 | 003,145,782 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\desktop quarantäne.BMP
[2013.03.13 08:17:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\J
[2013.03.12 22:11:06 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.03.07 15:52:03 | 000,975,450 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\soße1.JPG
[2013.03.07 15:51:43 | 000,944,970 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\soße.JPG
[2013.03.06 15:47:42 | 000,928,266 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\vogelfutter.JPG
[2013.03.06 15:40:39 | 000,965,363 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\Desktop\tittenmaus.JPG
[2013.03.06 15:19:35 | 001,007,097 | ---- | C] () -- C:\tittenfick.JPG
[2013.03.04 10:34:56 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\.recently-used.xbel
[2013.02.20 17:25:09 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.01.10 10:33:38 | 000,897,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.12.13 16:58:08 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2012.12.13 16:58:08 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2012.12.13 16:58:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2012.12.13 16:58:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2012.12.13 16:58:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2012.12.13 16:58:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2012.09.15 18:13:19 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2012.04.04 16:16:57 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012.04.04 16:16:45 | 005,413,962 | ---- | C] () -- C:\Programme\JPG Illuminator Installer.zip
[2012.03.19 07:06:50 | 000,000,331 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\Unbenannt1.html
[2012.03.11 10:48:17 | 000,011,008 | ---- | C] () -- C:\WINDOWS\SHARE.EXE
[2012.02.16 07:02:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.12 08:22:39 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.06.06 13:44:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2011.06.06 13:44:10 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2011.06.06 13:44:09 | 000,559,104 | ---- | C] () -- C:\WINDOWS\lame.exe
[2011.06.06 13:44:09 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011.06.01 14:11:28 | 000,000,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\.pulse-cookie
[2011.06.01 14:11:26 | 000,000,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\.esd_auth
[2011.05.25 06:40:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.21 09:49:14 | 000,105,292 | ---- | C] () -- C:\WINDOWS\restart.exe
[2011.05.21 09:05:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2011.05.21 09:05:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2011.05.21 09:05:23 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\amcap504.exe
[2011.05.21 09:05:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2011.05.21 09:05:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2011.05.21 09:05:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2011.05.21 09:05:23 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw504a.ini
[2011.05.21 09:05:23 | 000,001,906 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2011.05.21 09:05:23 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\I-dext504.ini
[2011.05.21 09:05:23 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\S-dext504.ini
[2011.05.21 09:05:23 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\F-dext504.ini
[2011.05.21 09:05:23 | 000,000,458 | ---- | C] () -- C:\WINDOWS\System32\P-dext504.ini
[2011.05.21 09:05:23 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\G-dext504.ini
[2011.05.21 09:05:23 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\H-dext504.ini
[2011.05.21 09:05:23 | 000,000,453 | ---- | C] () -- C:\WINDOWS\System32\E-dext504.ini
[2011.05.21 09:05:23 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2011.05.04 20:09:17 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.15 17:48:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011.04.15 17:48:01 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.04.15 16:57:15 | 000,017,728 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2011.04.15 16:09:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.04.15 15:55:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.04.15 15:55:48 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.04.15 15:55:48 | 000,200,828 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.04.15 15:55:48 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.04.15 15:27:08 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011.04.15 15:27:08 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011.04.15 15:27:06 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011.04.15 15:27:06 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011.04.15 15:07:24 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.04.15 15:03:18 | 000,051,435 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011.04.15 15:02:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.04.15 15:02:01 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.04.15 15:01:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2011.04.15 15:01:56 | 000,038,244 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.04.15 15:01:56 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.04.15 07:08:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.04.15 07:05:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.04.15 05:02:05 | 000,004,366 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.04.15 05:00:39 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== ZeroAccess Check ==========
[2011.04.15 17:14:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.05.23 08:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2012.05.29 07:05:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alternate
[2011.06.08 08:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avnex
[2011.10.12 08:22:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.04.15 15:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2012.04.20 07:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.03.14 06:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FlashFXP
[2011.10.16 06:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2011.12.05 08:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GNU
[2011.12.02 07:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2012.06.08 06:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2011.11.10 13:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet
[2011.04.15 17:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2011.10.15 10:36:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.05.21 09:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\webcamXP 5
[2012.05.03 14:04:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\www.rene-zeidler.de
[2011.04.15 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{70FE9869-8D38-4EB3-8541-A735C2285CF7}
[2011.12.05 08:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\gnupg
[2013.03.12 22:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Opera
[2011.06.08 07:43:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Audacity
[2012.09.17 07:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\BOM
[2011.10.12 08:22:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Canneverbe Limited
[2011.06.06 13:44:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\concept design
[2012.04.04 16:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\DesktopIconForAmazon
[2011.12.02 07:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Downloaded Installations
[2013.03.13 19:26:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Dropbox
[2013.03.05 12:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\DzSoft
[2013.03.13 18:25:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\EB2C8DD4
[2013.03.12 17:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Ekizk
[2012.04.20 07:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\elsterformular
[2013.03.13 18:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Emys
[2013.03.12 21:08:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Ewifu
[2013.02.25 10:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\FileZilla
[2013.02.14 08:22:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\gnupg
[2012.12.05 16:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\gtk-2.0
[2013.03.13 18:08:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\ICQ
[2013.03.13 18:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Ikogov
[2011.06.01 15:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\InfraRecorder
[2012.09.01 21:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\inkscape
[2011.10.06 14:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\InterTrust
[2012.02.26 12:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\JonDo
[2012.04.04 16:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\jpg-Illuminator
[2012.03.01 09:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\KeePass
[2011.12.21 15:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Nitro PDF
[2011.05.04 10:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\OpenOffice.org
[2012.02.17 15:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Opera
[2012.06.08 06:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\PDF Writer
[2011.08.03 11:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Philipp Winterberg
[2011.11.10 13:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\PixelPlanet
[2013.03.12 21:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Qake
[2012.12.13 16:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\RStudio
[2011.11.03 16:02:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Swiss Academic Software
[2011.12.05 07:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Thunderbird
[2013.03.13 12:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Urqe
[2012.03.11 10:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\WOT
[2012.05.03 14:04:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\www.rene-zeidler.de
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013.03.12 22:07:40 | 000,000,032 | ---- | M] ()(C:\WINDOWS\??????) -- C:\WINDOWS\㨀妦㨣䐀㨀尀
[2013.03.12 22:07:40 | 000,000,028 | ---- | M] ()(C:\WINDOWS\??????) -- C:\WINDOWS\㨀秨먏䐀㨀尀
[2013.03.12 22:07:40 | 000,000,019 | ---- | M] ()(C:\WINDOWS\???) -- C:\WINDOWS\尺嫞뚐
[2013.03.12 22:07:40 | 000,000,016 | ---- | M] ()(C:\WINDOWS\??????) -- C:\WINDOWS\㨀姈먏䐀㨀尀
[2013.03.12 22:07:40 | 000,000,008 | ---- | M] ()(C:\WINDOWS\???) -- C:\WINDOWS\尀嫞뚐
[2013.03.12 15:25:46 | 000,000,032 | ---- | C] ()(C:\WINDOWS\??????) -- C:\WINDOWS\㨀妦㨣䐀㨀尀
[2013.03.12 15:25:46 | 000,000,028 | ---- | C] ()(C:\WINDOWS\??????) -- C:\WINDOWS\㨀秨먏䐀㨀尀
[2013.03.12 15:25:46 | 000,000,019 | ---- | C] ()(C:\WINDOWS\???) -- C:\WINDOWS\尺嫞뚐
[2013.03.12 15:25:46 | 000,000,016 | ---- | C] ()(C:\WINDOWS\??????) -- C:\WINDOWS\㨀姈먏䐀㨀尀
[2013.03.12 15:25:46 | 000,000,008 | ---- | C] ()(C:\WINDOWS\???) -- C:\WINDOWS\尀嫞뚐
< End of report > Code:
OTL Extras logfile created on: 14.03.2013 09:42:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,25% Memory free
5,09 Gb Paging File | 3,92 Gb Available in Paging File | 77,05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 834,94 Gb Total Space | 790,83 Gb Free Space | 94,72% Space Free | Partition Type: NTFS
Drive D: | 10,69 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: | User Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-789336058-343818398-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\concept design\music2go 2\music2go.exe" = C:\Programme\concept design\music2go 2\music2go.exe:*:Enabled:music2go2
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.com" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\wLite\wLite.exe" = C:\Programme\wLite\wLite.exe:*:Enabled:webcamXP -- (Moonware Studios)
"C:\Programme\wLite\wService.exe" = C:\Programme\wLite\wService.exe:*:Enabled:webcamXP Service -- (Moonware Studios)
"C:\Programme\andLinux\pulseaudio\pulseaudio.exe" = C:\Programme\andLinux\pulseaudio\pulseaudio.exe:*:Disabled:pulseaudio -- ()
"C:\Programme\andLinux\Xming\Xming.exe" = C:\Programme\andLinux\Xming\Xming.exe:*:Disabled:Xming X Server -- ()
"C:\Programme\concept design\music2go 2\music2go.exe" = C:\Programme\concept design\music2go 2\music2go.exe:*:Enabled:music2go2
"C:\Dokumente und Einstellungen\Ralf\Desktop\eclipse-SDK-3.6.2-win32\eclipse\eclipse.exe" = C:\Dokumente und Einstellungen\Ralf\Desktop\eclipse-SDK-3.6.2-win32\eclipse\eclipse.exe:*:Enabled:eclipse
"C:\Dokumente und Einstellungen\Ralf\Desktop\eclipse-SDK-3.6.2-win32\eclipse\eclipsec.exe" = C:\Dokumente und Einstellungen\Ralf\Desktop\eclipse-SDK-3.6.2-win32\eclipse\eclipsec.exe:*:Enabled:eclipsec
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe" = C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Programme\IBM\SPSS\Statistics\19\stats.exe" = C:\Programme\IBM\SPSS\Statistics\19\stats.exe:*:Disabled:Statistics19:exe -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\stats.com" = C:\Programme\IBM\SPSS\Statistics\19\stats.com:*:Disabled:Statistics19:com -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\WinWrapIDE.exe" = C:\Programme\IBM\SPSS\Statistics\19\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate -- (PixelPlanet GmbH)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\FileZilla FTP Client\filezilla.exe" = C:\Programme\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Ralf\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\ICQ7M\ICQ.exe" = C:\Programme\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F20E4-0212-4286-9BF3-58FA54CB5CF7}" = SPSS SmartViewer 15G
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24982E4E-E4C1-44C6-9B21-9E2A2F898BB0}" = PdfCrypter 2.8
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027F0}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341739C6-79A4-4F7B-A34E-FDAE88749246}" = G*Power 3.1.2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D6F6F8-FD38-4474-9327-868E4841168F}_is1" = EquivTest
"{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1" = concept/design Video Jukebox
"{37921810-D90B-4DFD-9284-BE35033B39C8}" = Mega Camera Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.1
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9D1F3849-C808-4D5F-AB86-C8DD27B24439}" = Steuer-Spar-Erklärung Selbstständige 2012
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B116058B-2716-44A0-BAE8-D704FD688719}" = Live SDK
"{B132EFD2-BF03-48AA-8EC8-404E4C5199C5}" = IBM SPSS Amos 19
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B89211A0-5C81-11DD-8757-000ACD11CAF7}" = Python 2.5 pygame-1.8.1
"{BBFD9BC5-BB9A-4F9C-AD77-0BE3897FFE0F}" = MySQL Connector/ODBC 3.51
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alternate Pic View_is1" = Alternate Pic View 1.424
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"Camera" = AIPTEK PenCam Manager
"Counting Span" = Counting Span
"DzSoftPhpEditor_is1" = DzSoft PHP Editor 4.2.7
"ElsterFormular 13.2.0.8623u" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GnuPG" = GNU Privacy Guard
"GPG4Win" = Gpg4win (2.1.0)
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04
"Gpower_2.0i" = Gpower 2.0i
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"JAP" = JAP
"JonDoUninstall" = JonDo
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 11.61.1250" = Opera 11.61
"pdfsam" = pdfsam
"pygame-py2.5" = Python 2.5 pygame-1.9.1release
"R for Windows 2.15.1_is1" = R for Windows 2.15.1
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"RStudio" = RStudio
"ST6UNST #1" = GEHA Design-Assistent
"ST6UNST #2" = GEHA Design-Assistent (C:\Programme\GEHA\)
"ST6UNST #3" = GEHA Design-Assistent (C:\Programme\GEHA\) #3
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 2.0.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-789336058-343818398-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"SwingSet3" = SwingSet3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.02.2013 07:13:35 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung stats.exe, Version 19.0.0.329, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.02.2013 07:13:37 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung stats.exe, Version 19.0.0.329, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.02.2013 07:13:38 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung stats.exe, Version 19.0.0.329, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.02.2013 07:13:42 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung stats.exe, Version 19.0.0.329, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.02.2013 07:13:42 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung stats.exe, Version 19.0.0.329, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.02.2013 07:43:53 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung stats.exe, Version 19.0.0.329, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.02.2013 07:43:54 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung stats.exe, Version 19.0.0.329, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 28.02.2013 15:27:30 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung PicViewer.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.03.2013 05:19:41 | Computer Name = RG-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung stats.exe, Version 19.0.0.329, fehlgeschlagenes
Modul spssstat.dll, Version 19.0.0.329, Fehleradresse 0x00005969.
Error - 13.03.2013 14:26:38 | Computer Name = RG-RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msnmsgr.exe, Version 14.0.8117.416, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 04.09.2011 02:55:09 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.09.2011 02:55:49 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.09.2011 02:56:22 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.09.2011 02:56:52 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.09.2011 02:57:17 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.10.2011 13:07:40 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3959
seconds with 3000 seconds of active time. This session ended with a crash.
Error - 24.11.2011 03:34:01 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4170
seconds with 3060 seconds of active time. This session ended with a crash.
Error - 02.01.2012 11:58:07 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1214819
seconds with 137460 seconds of active time. This session ended with a crash.
Error - 10.05.2012 05:39:46 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 93095
seconds with 12360 seconds of active time. This session ended with a crash.
Error - 10.10.2012 03:33:26 | Computer Name = RG-RECHNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 56063
seconds with 1020 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.02.2013 11:11:34 | Computer Name = RG-RECHNER | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Rechnung_100 €, im Besitz von Ralf,
konnte nicht auf dem Drucker hp LaserJet 1300 PCL 6 gedruckt werden. Datentyp: NT
EMF 1.008. Größe der Warteschlangendatei in Bytes: 131072. Anzahl der gedruckten
Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten:
0. Clientcomputer: \\RG-RECHNER. Vom Druckprozessor zurückgelieferter Win32-Fehlercode:
259 (0x103).
Error - 20.02.2013 05:40:20 | Computer Name = RG-RECHNER | Source = DCOM | ID = 10010
Description = Der Server "{5A5AA0AA-1DEB-4683-96B0-B43301E83971}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 01.03.2013 07:44:22 | Computer Name = RG-RECHNER | Source = System Error | ID = 1003
Description = Fehlercode 100000d1, 1. Parameter 00000000, 2. Parameter 00000002,
3. Parameter 00000001, 4. Parameter b58734a5.
Error - 01.03.2013 07:45:22 | Computer Name = RG-RECHNER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 01.03.2013 07:45:22 | Computer Name = RG-RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 12.03.2013 14:41:37 | Computer Name = RG-RECHNER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 12.03.2013 14:41:37 | Computer Name = RG-RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 12.03.2013 16:07:45 | Computer Name = RG-RECHNER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 12.03.2013 16:07:45 | Computer Name = RG-RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 13.03.2013 13:05:19 | Computer Name = RG-RECHNER | Source = DCOM | ID = 10010
Description = Der Server "{5A5AA0AA-1DEB-4683-96B0-B43301E83971}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report > |