| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Agobot-ku wormWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.05.2010, 16:30
| #1 |
 |  Agobot-ku worm Hallo zusammen! Nachdem ich mehrere Foren und Supportseiten durchforstet habe und die Vorschläge dort von "Das ist harmlos" bis "Du musst nicht nur Deinen PC platt machen, sondern auch gleich die Polizei informieren!" reichten, wollte ich hier noch einmal nachfragen, ob es wirklich keine andere Möglichkeiten gibt, als alles noch einmal neu aufzusetzen? Von Spybot bekam ich die Meldung, dass die Datei Agobot-KU Worm den Registrierungseintrag verändern wollte. Dazu gab es folgende Informationen von Spybot: Aktuelle Datei: Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unbenötigtes Wert: Dateiname: system32.exe Beschreibung Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field Quelle: Paul Collins Startup list Hier ist meine HijackThis logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:40:43, on 01/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\avmclient\avmbtservice.exe C:\Programme\avmclient\panapp.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\avmclient\AvmObexService.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\avmclient\bluefritz.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\avmclient\AvmObex.exe C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe C:\Programme\Adobe\Acrobat 7.0e\Distillr\Acrotray.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\avmclient\AvmObex.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\D-Link\AirPlus G\AirGCFG.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTEDE.EXE C:\Programme\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Programme\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=051010 serial=WO12WRX-0000055-FQJ lang=DE O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0e\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S7B.tmp" /EF "HKCU" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=hxxp://www.yakumo.de O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230739952328 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1846C371-2B31-4ED7-B0FE-A217DE329BB8}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{393DA8A4-167D-4E67-ACCC-5ED103443926}: NameServer = 192.168.120.252,192.168.120.253 O17 - HKLM\System\CS1\Services\Tcpip\..\{1846C371-2B31-4ED7-B0FE-A217DE329BB8}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CS2\Services\Tcpip\..\{1846C371-2B31-4ED7-B0FE-A217DE329BB8}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CS3\Services\Tcpip\..\{1846C371-2B31-4ED7-B0FE-A217DE329BB8}: NameServer = 192.168.122.252,192.168.122.253 O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE -- End of file - 11993 bytes Vielen Dank schon einmal im Vorraus! |
|
01.05.2010, 19:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Agobot-ku worm Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
02.05.2010, 01:59
| #3 |
| | Agobot-ku worm Erst einmal vielen Dank für die Antwort!
__________________Das hier ist der Log des Vollscans mit malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
02/05/2010 02:07:46
mbam-log-2010-05-02 (02-07-46).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 304812
Laufzeit: 2 Stunde(n), 0 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Programme\agm.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Programme\PSUT16.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Programme\PSUT9516.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Und der erste log nach dem Scan mit OTL: Code:
ATTFilter OTL logfile created on: 02/05/2010 02:23:30 - Run 1 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Dokumente und Einstellungen\XXX\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy 446.00 Mb Total Physical Memory | 54.00 Mb Available Physical Memory | 12.00% Memory free 1.00 Gb Paging File | 0.00 Gb Available in Paging File | 47.00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 186.31 Gb Total Space | 31.17 Gb Free Space | 16.73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name:XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link) PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Adobe\Acrobat 7.0e\Distillr\acrodist.exe (Adobe Systems Incorporated.) PRC - C:\Programme\Adobe\Acrobat 7.0e\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\avmclient\bluefritz.exe (avm) PRC - C:\Programme\avmclient\AvmObex.exe (AVM Berlin) PRC - C:\Programme\avmclient\avmbtservice.exe (AVM Berlin) PRC - C:\Programme\avmclient\AvmObexService.exe (AVM Berlin) PRC - C:\Programme\avmclient\panapp.exe (AVM Berlin) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (America Online, Inc) PRC - C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (America Online, Inc.) PRC - C:\Programme\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.) PRC - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) PRC - C:\Programme\Aveo\Attune\bin\attune_ce.exe (Aveo Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.) ========== Win32 Services (SafeList) ========== SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (PsShutdownSvc) -- C:\WINDOWS\system32\PSSDNSVC.EXE (Systems Internals) SRV - (AVM BT Connection Service) -- C:\Programme\avmclient\avmbtservice.exe (AVM Berlin) SRV - (AvmObexService) -- C:\Programme\avmclient\AvmObexService.exe (AVM Berlin) SRV - (AVM BT PAN Service) -- C:\Programme\avmclient\panapp.exe (AVM Berlin) SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (America Online, Inc.) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (NProtectService) -- C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Ltn_stk7070P) -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys (LITEON) DRV - (Ltn_stkrc) -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys (LITEON) DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.) DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (bfhubase) BlueFRITZ! USB 2.5(WinXP/2000) -- C:\WINDOWS\system32\drivers\bfhubase.sys (AVM Berlin) DRV - (CAPI_CIP) -- C:\WINDOWS\system32\drivers\capi_cip.sys (AVM Berlin) DRV - (AVMBTSERIAL) -- C:\WINDOWS\system32\drivers\avmbtser.sys (AVM GmbH) DRV - (AVMBTPARALLEL) -- C:\WINDOWS\system32\drivers\avmbtpar.sys (AVM GmbH) DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH) DRV - (AVMBTSND) -- C:\WINDOWS\system32\drivers\avmbtsnd.sys (AVM GmbH) DRV - (NETBFPAN) -- C:\WINDOWS\system32\drivers\netbfpan.sys (AVM Berlin) DRV - (drvmcdb) -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys (Sonic Solutions) DRV - (NETFWDSL) -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS (AVM Berlin) DRV - (aadev) -- C:\WINDOWS\system32\drivers\Aadev.sys (AVM Berlin) DRV - (Cinemsup) -- C:\WINDOWS\system32\drivers\cinemsup.sys (Sonic Solutions) DRV - (NETFRITZ) -- C:\WINDOWS\system32\drivers\NETFRITZ.SYS (AVM Berlin) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation) DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (ATMhelpr) -- C:\WINDOWS\system32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010/05/01 23:00:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/05/01 14:37:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/05/01 14:37:43 | 000,000,000 | ---D | M] [2009/10/29 16:31:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions [2009/10/29 16:31:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\ac9ysccx.default\extensions [2010/04/30 21:54:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010/04/17 12:00:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/17 12:00:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/01/04 22:46:52 | 000,000,847 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar3.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0e\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (America Online, Inc) O4 - HKLM..\Run: [AttuneClientEngine] C:\Programme\Aveo\Attune\bin\attune_ce.exe (Aveo Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe (avm) O4 - HKLM..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe (AVM Berlin) O4 - HKLM..\Run: [Corel Reminder] File not found O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link) O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Programme\WordPerfect Office 12\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230739952328 (WUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/01/18 21:30:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/01/18 21:30:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.NS0 -- [ NTFS ] O33 - MountPoints2\{32b1bec2-cab5-11de-9565-0022b060875b}\Shell\AutoRun\command - "" = J:\SamsungSoftware\APPInst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/31 15:21:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2010/05/01 23:43:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes [2010/05/01 23:42:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/01 23:42:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/01 23:42:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/05/01 23:42:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010/05/01 23:41:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe [2010/05/01 23:00:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\ForceField Shared Files [2010/05/01 23:00:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\CheckPoint [2010/05/01 22:59:55 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010/05/01 22:59:41 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2010/05/01 22:59:38 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2010/05/01 22:59:38 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2010/05/01 22:59:34 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2010/05/01 22:59:31 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2010/05/01 22:59:31 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2010/05/01 22:59:31 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2010/05/01 22:59:30 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2010/05/01 22:59:29 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010/05/01 22:58:41 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2010/05/01 22:58:40 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2010/05/01 16:38:03 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis [2010/04/30 23:52:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\workspace [2010/04/25 13:33:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\.netbeans [2010/04/25 13:33:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\.netbeans-registration [2010/04/25 13:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\.nbi [2010/04/20 09:44:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Desktop\toprint [2010/04/17 23:30:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2010/04/17 23:30:37 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2010/04/17 23:30:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2010/04/17 23:30:27 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2010/04/17 23:29:34 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2010/04/17 23:29:34 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2010/04/17 23:29:34 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2010/04/17 23:29:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2010/04/17 23:29:33 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2010/04/17 23:29:33 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2010/04/17 23:29:33 | 000,000,000 | ---D | C] -- C:\8dc1892f6dbacfd16cd29fed7fca [2010/04/17 12:48:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\_Christine\Eigene Dateien\workspace [2010/04/17 12:46:14 | 000,000,000 | ---D | C] -- C:\Programme\eclipse-java-galileo-SR2-win32 [2010/04/17 12:01:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010/04/17 12:01:18 | 000,000,000 | ---D | C] -- C:\Programme\Sun [2010/04/17 12:00:51 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/04/17 12:00:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/04/17 12:00:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/04/17 12:00:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/04/17 12:00:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/04/16 18:43:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\OpenOffice.org [2010/04/16 18:35:09 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3 [2010/04/15 09:54:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010/04/14 13:39:28 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010/04/14 13:03:19 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010/04/13 22:20:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files [2010/04/13 22:15:12 | 000,093,456 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FPWPP.DLL [2010/04/13 22:15:11 | 000,145,360 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WEBPOST.DLL [2010/04/13 22:15:11 | 000,121,984 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CRSWPP.DLL [2010/04/13 22:15:11 | 000,112,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WPWIZDLL.DLL [2010/04/13 22:15:11 | 000,099,008 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\POSTWPP.DLL [2010/04/13 22:15:11 | 000,098,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FTPWPP.DLL [2010/04/13 22:15:11 | 000,050,816 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PIPARSE.DLL [2010/04/13 22:15:11 | 000,000,000 | ---D | C] -- C:\Programme\Web Publish [2010/04/13 22:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2010/04/13 22:13:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio [2010/04/12 19:18:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Desktop\Studiumneu [2010/04/07 23:38:39 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll [2004/11/24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/02 02:16:58 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2010/05/02 02:14:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/02 02:14:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/02 02:12:42 | 014,680,064 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXX\NTUSER.DAT [2010/05/02 02:12:42 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXX\ntuser.ini [2010/05/01 23:43:02 | 000,000,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 23:38:45 | 000,083,984 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010/05/01 23:01:42 | 000,428,416 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010/05/01 22:59:52 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010/05/01 22:59:51 | 000,000,712 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\ZoneAlarm Security.lnk [2010/05/01 22:53:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe [2010/05/01 18:11:12 | 000,953,344 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\oop.doc [2010/05/01 14:37:47 | 000,001,567 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010/05/01 14:31:15 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{AE39D5FE-ECCB-4DF5-998C-238F8C015DA1} [2010/05/01 13:10:32 | 000,000,011 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{AE39D5FE-ECCB-4DF5-998C-238F8C015DA1} [2010/05/01 12:36:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/01 12:36:17 | 000,456,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/30 21:45:11 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Microsoft Office Word 2003 (2).lnk [2010/04/30 13:52:31 | 000,000,705 | ---- | M] () -- C:\WINDOWS\win.ini [2010/04/30 11:01:10 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI [2010/04/29 22:54:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/25 19:38:38 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Microsoft Office Excel 2003 (2).lnk [2010/04/24 16:22:06 | 000,094,720 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/24 15:13:28 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\ljpost.doc [2010/04/24 14:54:28 | 000,029,696 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mememoi.doc [2010/04/24 10:39:07 | 000,085,504 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\We arrived in France at 6 April in the afternoo1.doc [2010/04/22 12:40:13 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\Dok2.doc [2010/04/22 11:38:55 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\meme.doc [2010/04/17 23:35:58 | 001,172,620 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/17 23:35:58 | 000,516,122 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010/04/17 23:35:58 | 000,487,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/17 23:35:58 | 000,108,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010/04/17 23:35:58 | 000,088,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/17 12:49:38 | 000,000,790 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Verknüpfung mit eclipse.lnk [2010/04/17 12:18:34 | 097,290,250 | ---- | M] () -- C:\Programme\eclipse-java-galileo-SR2-win32.zip [2010/04/17 12:00:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/04/17 12:00:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/04/17 12:00:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/04/17 12:00:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/04/17 12:00:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/04/16 18:38:07 | 000,000,881 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.2.lnk [2010/04/14 13:45:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/14 13:15:38 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\MSDATLST.oca [2010/04/14 13:15:38 | 000,066,560 | ---- | M] () -- C:\WINDOWS\System32\MSDATGRD.oca [2010/04/14 13:15:37 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\MSDATREP.oca [2010/04/14 13:15:37 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\MSADODC.oca [2010/04/14 13:14:37 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2010/04/13 22:15:50 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010/04/13 22:15:50 | 000,000,660 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010/04/13 22:15:33 | 000,001,309 | ---- | M] () -- C:\WINDOWS\vb.ini [2010/04/13 19:51:51 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010/04/07 23:41:28 | 000,002,094 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Microsoft Office PowerPoint 2003 (2).lnk [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/31 15:23:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2010/05/01 23:43:02 | 000,000,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 22:59:51 | 000,000,712 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\ZoneAlarm Security.lnk [2010/05/01 22:59:30 | 000,428,416 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2010/05/01 22:14:12 | 000,953,344 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\oop.doc [2010/04/24 13:42:06 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\ljpost.doc [2010/04/24 10:39:01 | 000,085,504 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\We arrived in France at 6 April in the afternoo1.doc [2010/04/22 12:06:18 | 000,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mememoi.doc [2010/04/22 11:38:55 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\meme.doc [2010/04/17 12:49:38 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Verknüpfung mit eclipse.lnk [2010/04/17 12:16:10 | 097,290,250 | ---- | C] () -- C:\Programme\eclipse-java-galileo-SR2-win32.zip [2010/04/16 18:38:07 | 000,000,881 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.2.lnk [2010/04/14 13:15:38 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\MSDATLST.oca [2010/04/14 13:15:38 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\MSDATGRD.oca [2010/04/14 13:15:37 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\MSDATREP.oca [2010/04/14 13:15:37 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\MSADODC.oca [2010/04/07 23:41:28 | 000,002,094 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Microsoft Office PowerPoint 2003 (2).lnk [2010/04/07 23:41:17 | 000,002,509 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Microsoft Office Word 2003 (2).lnk [2010/04/07 23:41:08 | 000,002,537 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Microsoft Office Excel 2003 (2).lnk [2010/04/01 00:10:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI [2010/02/24 22:54:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010/02/23 16:39:47 | 000,000,689 | ---- | C] () -- C:\WINDOWS\H1D_Prof.INI [2010/01/06 10:29:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2009/11/11 01:15:39 | 000,000,274 | ---- | C] () -- C:\WINDOWS\RETC.ini [2009/11/11 01:13:45 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\Machnm64.sys [2009/11/11 01:13:45 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys [2009/10/10 00:45:40 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2009/05/09 12:28:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/05/09 12:25:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESX100DEFGIPS.ini [2009/05/03 13:54:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/03/06 19:16:07 | 000,001,250 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini [2009/03/06 19:15:54 | 000,001,091 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2007/10/13 12:40:36 | 000,000,660 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/10/13 12:40:36 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007/09/06 02:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/08/23 18:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/08/23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2007/08/23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2007/04/20 15:54:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2007/03/20 13:29:56 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2006/12/26 19:45:09 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI [2006/08/21 17:00:21 | 000,000,045 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI [2006/02/26 13:35:01 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2005/11/30 21:17:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI [2005/09/25 10:35:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6f.DLL [2005/09/25 10:33:30 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2005/09/08 19:25:59 | 000,000,022 | ---- | C] () -- C:\WINDOWS\_ISNU.INI [2005/09/08 19:25:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Venice.ini [2005/09/08 19:11:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2005/09/08 19:11:46 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll [2005/09/08 19:11:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll [2005/09/08 19:11:46 | 000,000,178 | ---- | C] () -- C:\WINDOWS\kpcms.ini [2005/09/08 18:30:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2005/07/27 15:06:51 | 000,541,696 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2005/06/22 14:45:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/06/22 10:15:37 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005/02/01 12:21:49 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/01/18 21:17:38 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004/11/15 15:46:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/10/12 08:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004/10/12 08:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004/10/12 08:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004/10/09 08:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004/10/05 10:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004/10/03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003/12/19 03:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys [2003/02/20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/05/24 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll [2001/08/14 12:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll [2000/10/16 23:16:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll [2000/10/16 23:16:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll [1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL [1997/09/04 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997/09/04 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL < End of report > |
|
02.05.2010, 02:00
| #4 |
| | Agobot-ku worm Und der Extra Log nach dem Scan mit OTL: Code:
ATTFilter OTL Extras logfile created on: 02/05/2010 02:23:30 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy
446.00 Mb Total Physical Memory | 54.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186.31 Gb Total Space | 31.17 Gb Free Space | 16.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\Programme\Aptana\Aptana Studio\AptanaStudio.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- "C:\Programme\Aptana\Aptana Studio\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 -- (America Online, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe" = C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{023C3C20-4625-11D0-86A0-00C0F003261B}" = Bonfire Studio
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{488AB4C7-6D77-4435-BF9F-94611B851552}" = Microsoft SQL Server Native Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B52E1FF-BD66-4582-97BA-55C575C19504}" = Microsoft MSDN 2005 Express Edition - DEU
"{5DC02603-6642-11D3-80AC-00C04F348408}" = Word in Works Suite-Add-In
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CDC748B-47B0-45EB-B740-681E8429F7F9}" = Opera 10.01
"{6CE1284C-B158-4420-AD9D-BD39CD1AA8A1}" = Microsoft Visual C++ 2005 Express Edition - DEU
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}" = Attune 2.3.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B700657-676B-4A98-8B25-40A1BAC81031}" = Nero 8 Essentials
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A887F3-0A50-455C-9292-1988E1A209C1}" = Microsoft SQL Server VSS Writer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D52822-F958-4C8D-87BC-B84E7145297F}" = HYDRUS-1D 4.xx
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E0B05462-5754-4964-BD9B-5C501D0CA960}" = RETC
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{EB7E5D86-B84C-41A8-8BDA-7C854CA46153}" = Creative MuVo V100
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Amaya" = Amaya
"Aptana Studio" = Aptana Studio
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CorelDRAW 10" = CorelDRAW 10
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 User’s Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"FormatFactory" = FormatFactory 2.10
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE XML/XSL Viewer Tools" = IE XML/XSL Viewer Tools
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a (deu)" = MSDN Library - Visual Studio 6.0a (Deutsch)
"Microsoft MSDN 2005 Express Edition - DEU" = Microsoft MSDN 2005 Express Edition - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2005 Express Edition - DEU" = Microsoft Visual C++ 2005 Express Edition - DEU
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MuPAD Pro 3.1_is1" = MuPAD Pro 3.1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"PhotoStitch" = Canon Utilities PhotoStitch
"PlayerRecoveryDriver" = Player Recovery Drivers
"psynetic® Gif-X" = psynetic® Gif-X 2.50
"Quantum GIS Mimas" = Quantum GIS Mimas 1.3.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SysInfo" = Creative-Systeminformationen
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 0.9.6
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Works2kSetup" = Microsoft Works 2000-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X264 H.264/AVC Video Codec" = X264 H.264/AVC Video Codec (remove only)
"XP Codec Pack" = XP Codec Pack
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27/04/2010 11:40:22 | Computer Name = XXX | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 28/04/2010 13:31:00 | Computer Name = XXX | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 28/04/2010 13:41:27 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinePlayer.exe, Version 4.5.0.286, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29/04/2010 07:15:57 | Computer Name = XXX | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 30/04/2010 04:39:44 | Computer Name = XXX | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 30/04/2010 10:53:53 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinePlayer.exe, Version 4.5.0.286, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30/04/2010 10:56:58 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinePlayer.exe, Version 4.5.0.286, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30/04/2010 10:56:58 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinePlayer.exe, Version 4.5.0.286, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01/05/2010 09:23:49 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.6.4.26, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01/05/2010 17:07:54 | Computer Name = XXX | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
[ System Events ]
Error - 01/05/2010 20:30:33 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:34 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:35 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:36 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:38 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:39 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:40 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:41 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 01/05/2010 20:30:42 | Computer Name = XXX | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
< End of report >
|
|
03.05.2010, 07:55
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Agobot-ku worm Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Corel Reminder] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.05.2010, 19:39
| #6 |
| | Agobot-ku worm Das waere dann dieses log hier: Code:
ATTFilter All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
User: LocalService
->Temp folder emptied: 1146109 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 1489832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: XXX
->Temp folder emptied: 169634 bytes
->Temporary Internet Files folder emptied: 65670 bytes
User: XXX
->Temp folder emptied: 96508466 bytes
->Temporary Internet Files folder emptied: 17887640 bytes
->Java cache emptied: 3127792 bytes
->FireFox cache emptied: 25144120 bytes
->Flash cache emptied: 47247 bytes
User: XXX
->Temp folder emptied: 67751 bytes
->Temporary Internet Files folder emptied: 176187 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2676103 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25255655 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 166.00 mb
OTL by OldTimer - Version 3.2.4.0 log created on 05032010_201406
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temp\Perflib_Perfdata_6d0.dat not found!
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Temp\~DF575F.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01126.TMP not found!
Registry entries deleted on Reboot...
|
|
03.05.2010, 20:11
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Agobot-ku worm ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2010, 21:29
| #8 |
| | Agobot-ku worm Combofix gibt die Warnmeldung aus, dass AntiVir noch aktiv ist (und zwar in vierfacher Ausführung), obwohl ich den Guard definitiv deaktiviert habe! Aber ich denke, so kann ich Combofix auf keinen Fall starten lassen? |
Linear-Darstellung
