| |
| |||||||
Log-Analyse und Auswertung: Trojaner fake alertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
08.08.2011, 12:30
| #1 |
 |  Trojaner fake alert Hallo M-K-D-B, hier kommen die Log-Files. MBAM Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7408
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
08.08.2011 11:11:45
mbam-log-2011-08-08 (11-11-45).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184819
Laufzeit: 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Fatal error: Maximum execution time of 90 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 Gruß Frank |
|
08.08.2011, 12:33
| #2 | |
| /// TB-Ausbilder   | Trojaner fake alert Hallo Frank,
__________________Zitat:
|
|
08.08.2011, 12:34
| #3 |
| | Trojaner fake alert Hallo M-K-D-B,
__________________hier kommt der zweite Teil. OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.08.2011 11:14:42 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 79,07% Memory free 4,84 Gb Paging File | 4,33 Gb Available in Paging File | 89,49% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 79,99 Gb Total Space | 29,56 Gb Free Space | 36,95% Space Free | Partition Type: FAT32 Drive D: | 1,94 Gb Total Space | 1,92 Gb Free Space | 99,09% Space Free | Partition Type: FAT Computer Name: RECHNER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.02 14:21:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe PRC - [2008.12.16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008.04.14 11:45:08 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.26 14:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2008.01.22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2008.01.22 11:13:26 | 000,275,752 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe PRC - [2008.01.22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe PRC - [2006.06.07 16:57:46 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe ========== Modules (SafeList) ========== MOD - [2011.08.02 14:21:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001) SRV - [2008.12.16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.04.14 11:45:08 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2008.02.26 14:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008.01.22 11:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.06.07 16:57:46 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.08.08 11:05:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DA599288-6547-441E-8B2B-C9AEED4D6B0E}\MpKslccbc1d34.sys -- (MpKslccbc1d34) DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.02.03 12:47:06 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008.12.17 08:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.12.17 08:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.12.17 07:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2008.12.17 07:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2008.12.16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.14 11:45:12 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb) DRV - [2008.04.14 11:45:12 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D) DRV - [2008.04.14 11:45:08 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2008.02.29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.02.29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008.02.14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.01.03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC) DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP) DRV - [2006.06.07 22:06:58 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006.06.07 16:33:34 | 000,855,018 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.06.07 16:29:10 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.06.07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.06.07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.06.07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2004.05.17 14:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2002.05.01 01:27:22 | 000,041,984 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL) DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS -- (MarxDev3) DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS -- (MarxDev2) DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS -- (MarxDev1) DRV - [1997.12.23 02:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.21 08:25:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.02.16 09:46:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.02.16 09:46:22 | 000,000,000 | ---D | M] [2009.02.16 09:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.02.16 09:46:22 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2009.08.18 08:43:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.08.18 08:43:34 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2009.08.18 08:43:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2009.08.18 08:43:34 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2009.09.14 13:52:48 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 11:25:50 | 000,002,197 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-search.xml O1 HOSTS File: ([2011.08.08 10:11:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} hxxp://server/ConnectComputer/nshelp.dll (NSHelp Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233666754375 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://file-transfer.az-direct.com/COM/MOVEitUploadWizard7.0.0.ocx (MOVEitUpDownWiz Class) O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.49 217.0.43.33 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.01.18 10:55:56 | 000,000,058 | ---- | M] () - C:\AUTOEXEC -- [ FAT32 ] O32 - AutoRun File - [2011.08.05 14:07:36 | 000,000,036 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2011.07.04 13:06:38 | 000,000,036 | ---- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.08 11:13:12 | 000,000,000 | -HSD | C] -- C:\Recycled [2011.08.08 10:05:01 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.08.05 14:07:28 | 000,000,000 | ---D | C] -- C:\DBASE [2011.08.05 11:53:17 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011.08.05 11:51:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011.08.05 11:51:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011.08.05 11:51:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011.08.05 11:51:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011.08.05 11:51:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011.08.05 11:49:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.08.05 11:49:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung [2011.08.05 11:43:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2009 [2011.08.05 11:43:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Master Collection CS4 [2011.08.03 12:23:50 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2011.08.03 12:23:42 | 000,000,000 | ---D | C] -- C:\VFAT32 (C) [2011.08.02 15:31:18 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011.08.02 15:30:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2011.08.02 15:29:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Windows Search [2011.08.02 14:25:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2011.08.02 14:25:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.02 14:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.08.02 14:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.08.02 14:25:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.02 14:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.08.02 14:20:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Recent [2011.08.02 14:02:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\System Repair [2011.07.27 15:21:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nero 7 Premium [2011.07.27 15:20:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Ahead [2011.07.25 15:44:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2011.07.25 15:35:35 | 000,000,000 | ---D | C] -- C:\Work [2011.07.20 10:01:20 | 000,000,000 | ---D | C] -- C:\Sperrlisten [2011.07.19 15:11:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [2011.07.19 15:10:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2011.07.19 15:09:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.07.19 15:09:46 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.07.19 15:09:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.07.19 15:09:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Apple Computer [2011.07.19 15:08:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2011.07.19 15:08:19 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2011.07.19 15:07:45 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2011.07.19 15:05:40 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.08 11:14:54 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2011.08.08 11:10:50 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011.08.08 11:06:06 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011.08.08 11:06:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2011.08.08 11:05:58 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.08.08 11:05:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.08 11:05:52 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.08.08 11:05:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.08 11:05:42 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys [2011.08.08 10:48:06 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.08 10:03:34 | 000,000,275 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2011.08.05 14:20:40 | 000,000,439 | ---- | M] () -- C:\Dokumente und Einstellungen\User\CATALOG.CAT [2011.08.05 14:07:36 | 000,000,036 | ---- | M] () -- C:\AUTOEXEC.BAT [2011.08.05 14:07:36 | 000,000,028 | ---- | M] () -- C:\CONFIG.SYS [2011.08.05 14:04:46 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Microsoft Office Word 2007.lnk [2011.08.05 13:39:06 | 000,000,109 | ---- | M] () -- C:\WINDOWS\ktel.ini [2011.08.05 13:37:08 | 002,146,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.05 11:53:20 | 000,000,354 | RHS- | M] () -- C:\boot.ini [2011.08.05 10:51:34 | 000,684,297 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\unhide.exe [2011.08.03 12:59:48 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Microsoft Office Excel 2007.lnk [2011.08.03 12:47:48 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2011.08.03 12:40:50 | 000,050,477 | ---- | M] () -- C:\Defogger.exe [2011.08.03 12:38:48 | 000,294,216 | ---- | M] () -- C:\gmer.zip [2011.08.02 14:25:54 | 000,000,666 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.02 14:21:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2011.08.02 14:02:22 | 000,000,208 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fz [2011.08.02 14:02:22 | 000,000,160 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fzr [2011.08.02 14:02:14 | 000,000,344 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\P1kAlMiG2Kb7Fz [2011.07.27 16:39:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.07.27 15:21:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero StartSmart.lnk [2011.07.27 15:21:40 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero Home.lnk [2011.07.27 15:21:40 | 000,001,809 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero Online-Upgrade.lnk [2011.07.27 13:59:24 | 000,001,544 | ---- | M] () -- C:\WINDOWS\TEXTPAD0.TWS [2011.07.25 15:44:40 | 000,001,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.07.19 15:10:26 | 000,001,432 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2011.07.19 15:08:36 | 000,001,494 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2011.07.19 15:07:48 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.07.18 15:45:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.07.16 22:21:00 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\gmer.exe [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.08 10:16:13 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011.08.08 10:03:32 | 000,000,275 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk [2011.08.05 11:53:19 | 000,000,237 | ---- | C] () -- C:\Boot.bak [2011.08.05 11:53:18 | 000,262,448 | RHS- | C] () -- C:\cmldr [2011.08.05 11:51:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011.08.05 11:51:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011.08.05 11:51:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011.08.05 11:51:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011.08.05 11:51:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011.08.05 11:43:06 | 000,002,265 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero StartSmart.lnk [2011.08.05 11:43:06 | 000,002,135 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero Home.lnk [2011.08.05 11:43:06 | 000,001,809 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero Online-Upgrade.lnk [2011.08.05 11:43:06 | 000,001,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.08.05 11:43:06 | 000,001,494 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2011.08.05 11:43:06 | 000,001,432 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2011.08.05 11:43:02 | 000,002,295 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 8.lnk [2011.08.05 11:43:02 | 000,002,277 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft ActiveSync.lnk [2011.08.05 11:43:02 | 000,001,914 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSN.lnk [2011.08.05 11:43:02 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk [2011.08.05 11:43:02 | 000,001,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Search.lnk [2011.08.05 11:43:02 | 000,001,562 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk [2011.08.05 11:43:02 | 000,000,837 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Defender.lnk [2011.08.05 11:43:02 | 000,000,723 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2009.lnk [2011.08.05 11:43:02 | 000,000,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\I.R.I.S. OCR-Registrierung.lnk [2011.08.05 11:43:02 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Movie Maker.lnk [2011.08.05 11:43:02 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acrobat.com.lnk [2011.08.05 11:43:02 | 000,000,488 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk [2011.08.05 11:43:02 | 000,000,322 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Bluetooth-Umgebung.lnk [2011.08.05 11:39:40 | 000,684,297 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\unhide.exe [2011.08.04 09:57:07 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\gmer.exe [2011.08.03 12:47:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2011.08.03 12:45:30 | 000,294,216 | ---- | C] () -- C:\gmer.zip [2011.08.03 12:45:30 | 000,050,477 | ---- | C] () -- C:\Defogger.exe [2011.08.02 14:25:53 | 000,000,666 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.02 14:02:20 | 000,000,208 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fz [2011.08.02 14:02:20 | 000,000,160 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fzr [2011.08.02 14:02:12 | 000,000,344 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\P1kAlMiG2Kb7Fz [2011.07.06 10:35:21 | 000,000,195 | ---- | C] () -- C:\WINDOWS\SpssLM.ini [2011.07.04 13:00:14 | 000,396,288 | ---- | C] () -- C:\WINDOWS\System32\vbupfstr.DLL [2011.07.04 13:00:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\abisdb.DLL [2011.07.04 13:00:14 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\vbdsc32.DLL [2011.07.04 13:00:14 | 000,104,448 | ---- | C] () -- C:\WINDOWS\System32\vbio32.DLL [2011.07.04 13:00:14 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\vbchrset.dll [2011.07.04 13:00:14 | 000,002,081 | ---- | C] () -- C:\WINDOWS\System32\abismdsc.ini [2011.07.04 12:54:13 | 000,494,592 | ---- | C] () -- C:\WINDOWS\System32\HyperZIPPE.dll [2010.04.13 13:09:53 | 000,023,667 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2010.03.05 17:33:15 | 000,078,191 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2010.02.17 18:58:01 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\$_hpcst$.hpc [2010.01.12 12:03:34 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2009.12.04 09:16:57 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2009.09.18 12:11:29 | 000,056,004 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009.06.25 12:47:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.06.05 11:15:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.06.03 09:45:59 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.03.04 09:27:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.02.27 08:30:11 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2009.02.18 14:18:21 | 000,000,375 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI [2009.02.18 14:05:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2009.02.16 09:47:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.02.05 12:10:24 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS [2009.02.05 12:10:24 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS [2009.02.05 12:10:24 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS [2009.02.05 12:10:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2009.02.05 10:29:03 | 000,000,109 | ---- | C] () -- C:\WINDOWS\ktel.ini [2009.02.05 10:16:58 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI [2009.02.03 13:04:31 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin [2009.02.03 13:04:31 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin [2009.02.03 13:04:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.02.03 13:04:30 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin [2009.02.03 13:04:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin [2009.02.03 13:04:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin [2009.02.03 13:04:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin [2009.02.03 13:04:30 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin [2009.02.03 13:04:30 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin [2009.02.03 13:04:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.02.03 13:04:30 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009.02.03 13:04:30 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009.02.03 13:04:30 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009.02.03 13:04:30 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2009.02.03 13:04:30 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2009.02.03 13:04:30 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009.02.03 13:04:30 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009.02.03 13:04:30 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2009.02.03 13:04:30 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2009.02.03 12:41:24 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009.02.03 12:23:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.02.03 12:20:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.02.03 12:14:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.02.03 12:13:51 | 002,146,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.12.16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008.12.16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008.07.26 14:42:52 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.05.03 04:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008.01.24 12:27:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll [2007.10.25 14:05:54 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter.dll [2007.07.31 17:28:56 | 000,933,888 | ---- | C] () -- C:\WINDOWS\System32\BatchEncoder1.dll [2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe [2006.06.07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.02.28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.02.28 12:00:00 | 000,479,068 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.02.28 12:00:00 | 000,437,160 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.02.28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.02.28 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.02.28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.02.28 12:00:00 | 000,092,218 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.02.28 12:00:00 | 000,069,386 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.02.28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.02.28 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.02.28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.02.28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.02.28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.02.28 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004.09.29 10:35:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.09.29 10:35:16 | 000,004,520 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.08.18 02:09:30 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2000.06.13 13:30:06 | 000,222,720 | ---- | C] () -- C:\WINDOWS\System32\spss_lmd.exe < End of report > Gruß, Frank |
|
08.08.2011, 12:37
| #4 |
| | Trojaner fake alert Hallo M-K-D-B, hier die dritte Mail. Ist vorher immer ohne Probleme gelaufen, aber heute habe ich Probleme  [code] OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.08.2011 11:14:42 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 79,07% Memory free
4,84 Gb Paging File | 4,33 Gb Available in Paging File | 89,49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,99 Gb Total Space | 29,56 Gb Free Space | 36,95% Space Free | Partition Type: FAT32
Drive D: | 1,94 Gb Total Space | 1,92 Gb Free Space | 99,09% Space Free | Partition Type: FAT
Computer Name: RECHNER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe" = C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe:*:Enabled:PC Sync -- (Nokia)
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FileMaker\FileMaker Pro 5\FileMaker Pro.exe" = C:\Programme\FileMaker\FileMaker Pro 5\FileMaker Pro.exe:*:Enabled:FileMaker Pro
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" = C:\Programme\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE:*:Enabled:WEB.DE MultiMessenger
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Acronis\TrueImageEchoWorkstation\TrueImage.exe" = C:\Programme\Acronis\TrueImageEchoWorkstation\TrueImage.exe:*:Enabled:Acronis True Image
"C:\Programme\Gemeinsame Dateien\Acronis\TrueImage\TrueImageService.exe" = C:\Programme\Gemeinsame Dateien\Acronis\TrueImage\TrueImageService.exe:*:Enabled:Acronis True Image Service
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Dokumente und Einstellungen\Ulrich\Anwendungsdaten\Facebook\facebook.exe" = C:\Dokumente und Einstellungen\Ulrich\Anwendungsdaten\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Programme\HP\Digital Imaging\BIN\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\BIN\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Programme\HP\Digital Imaging\BIN\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\BIN\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Programme\HP\Digital Imaging\BIN\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\BIN\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Programme\HP\Digital Imaging\BIN\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\BIN\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
"C:\Programme\HP\Digital Imaging\BIN\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\BIN\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Programme\HP\Digital Imaging\BIN\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\BIN\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Programme\HP\Digital Imaging\BIN\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\BIN\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Programme\HP\Digital Imaging\BIN\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\BIN\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe" = C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- ()
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- (Tobit.Software)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04E54838-9F21-4615-8CF1-ACC7CF41008B}" = PDF Thumbnail View
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"{1758EC61-BAB9-4D5F-8D2D-0D39BA6D2ECC}" = Tune Transfer für iPod
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 19
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38734F9F-0913-4E2B-0001-65A173AEFC78}" = MyTube BigPack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6CDC748B-47B0-45EB-B740-681E8429F7F9}" = Opera 10.01
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712C3613-6391-11D4-8A22-00C0DF2562F7}" = ABIS AG QuickView
"{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08
"{72B456C6-BFF1-442e-A8F6-71B9B8FA0FD9}" = SPSS 12.0G for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{88BD72A9-67A9-11D4-8A22-00C0DF2562F7}" = ABIS AG DoubleCheck
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader for Fujitsu ScanSnap(TM)
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V2.0
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Premium
"{FCF1A218-7EAA-4D2A-A327-FEDB8CAFA3AB}" = Clementine 8.5
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"legacyqcam_10.51" = Logitech Legacy USB Camera-Treiberpaket
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Samsung ML-2250 Series" = Samsung ML-2250 Series
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 4" = TeamViewer 4
"TextPad" = TextPad
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"T-Online-Toolbar-2_is1" = T-Online Toolbar 2.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.08.2011 09:21:47 | Computer Name = RECHNER | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.7104.0, P3 1.109.869.0, P4 1.109.869.0, P5 trojan_win32_agentbypass.gen!k,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 02.08.2011 09:55:25 | Computer Name = RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung OGAEXEC.exe, Version 2.0.48.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0002e613.
Error - 03.08.2011 06:54:06 | Computer Name = RECHNER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung DPPViewer.exe, Version 3.6.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.08.2011 06:24:53 | Computer Name = RECHNER | Source = MsiInstaller | ID = 11905
Description = Produkt: DocMgr -- Fehler 1905. Fehler beim Entfernen von Modul C:\Programme\HP\Digital
Imaging\help\UT_MANAGEDOCUMENTS.chm aus der Registrierung. HRESULT -2147220474.
Wenden Sie sich an den Support.
Error - 05.08.2011 09:44:18 | Computer Name = RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung OGAEXEC.exe, Version 2.0.48.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0002e613.
Error - 08.08.2011 03:38:14 | Computer Name = RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung OGAEXEC.exe, Version 2.0.48.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0002e613.
Error - 08.08.2011 03:48:03 | Computer Name = RECHNER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 08.08.2011 04:11:19 | Computer Name = RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung OGAEXEC.exe, Version 2.0.48.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0002e613.
Error - 08.08.2011 04:21:15 | Computer Name = RECHNER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 08.08.2011 05:05:51 | Computer Name = RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung OGAEXEC.exe, Version 2.0.48.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0002e613.
[ OSession Events ]
Error - 26.03.2009 04:08:28 | Computer Name = ULI01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 732
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.06.2009 08:05:46 | Computer Name = ULI01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.06.2009 04:46:19 | Computer Name = DATACENTER02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10175
seconds with 4920 seconds of active time. This session ended with a crash.
Error - 29.06.2009 04:47:17 | Computer Name = DATACENTER02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.06.2009 04:48:00 | Computer Name = DATACENTER02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.07.2009 05:37:03 | Computer Name = DATACENTER02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2009 06:27:43 | Computer Name = DATACENTER02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 96769
seconds with 960 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.08.2011 07:42:00 | Computer Name = RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.08.2011 08:19:28 | Computer Name = RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.08.2011 09:44:19 | Computer Name = RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.08.2011 03:38:19 | Computer Name = RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.08.2011 03:48:03 | Computer Name = RECHNER | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 1.109.1136.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.7104.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 08.08.2011 04:04:58 | Computer Name = RECHNER | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 08.08.2011 04:09:39 | Computer Name = RECHNER | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_ESGIGUARD\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.
Error - 08.08.2011 04:11:17 | Computer Name = RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.08.2011 04:21:15 | Computer Name = RECHNER | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 1.109.1136.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.7104.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 08.08.2011 05:05:49 | Computer Name = RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
[ TuneUp Events ]
Error - 02.08.2011 09:58:32 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 02.08.2011 10:05:19 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 02.08.2011 10:07:04 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 02.08.2011 10:07:04 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.08.2011 04:54:19 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.08.2011 04:54:19 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.08.2011 06:33:28 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.08.2011 09:12:43 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.08.2011 09:13:13 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.08.2011 09:15:13 | Computer Name = RECHNER | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
Gruß, Frank |
|
08.08.2011, 12:51
| #5 |
| /// TB-Ausbilder | Trojaner fake alert Hallo Frank, Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011.08.05 11:43:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2009
[2011.08.05 11:43:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Master Collection CS4
[2011.08.02 14:02:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\System Repair
[2011.08.02 14:02:22 | 000,000,208 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fz
[2011.08.02 14:02:22 | 000,000,160 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fzr
[2011.08.02 14:02:14 | 000,000,344 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\P1kAlMiG2Kb7Fz
[2011.08.05 11:43:02 | 000,000,723 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2009.lnk
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
:files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software
C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager
:commands
[Emptytemp]
Schritt # 2: Scan mit SuperAntiSpyware (SAS) Downloade Dir bitte SUPERAntiSpyware FREE Edition
Schritt # 3: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
08.08.2011, 13:49
| #6 |
| | Trojaner fake alert Hallo M-K-D-B, anbei die Neuen Log-Files. OTL-FIX Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2009\Utilities folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2009 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Master Collection CS4 folder moved successfully.
C:\Dokumente und Einstellungen\User\Startmenü\Programme\System Repair folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fz moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~P1kAlMiG2Kb7Fzr moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\P1kAlMiG2Kb7Fz moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2009.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AdobeCS4ServiceManager\ not found.
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Program Statistics folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software folder moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software\TuneUp Utilities\StartUp Manager folder moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Dashboard folder moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Backups folder moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software folder moved successfully.
File\Folder C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 5692 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 557190 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8760180 bytes
->Java cache emptied: 14895398 bytes
->FireFox cache emptied: 97471261 bytes
->Google Chrome cache emptied: 6098411 bytes
->Apple Safari cache emptied: 1078272 bytes
->Opera cache emptied: 75236361 bytes
->Flash cache emptied: 13770 bytes
User: User
->Temp folder emptied: 898327 bytes
->Temporary Internet Files folder emptied: 2764477 bytes
->Java cache emptied: 12119679 bytes
->Flash cache emptied: 3354 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3608161 bytes
%systemroot%\System32 .tmp files removed: 1163143 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 411005 bytes
RecycleBin emptied: 280250 bytes
Total Files Cleaned = 215,00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 08082011_141825
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/08/2011 at 02:39 PM
Application Version : 5.0.1108
Core Rules Database Version : 7524
Trace Rules Database Version: 5336
Scan type : Complete Scan
Total Scan Time : 00:15:42
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 538
Memory threats detected : 0
Registry items scanned : 39025
Registry threats detected : 0
File items scanned : 41136
File threats detected : 19
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\User\Cookies\user@mediaplex[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@ad1.adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@ad3.adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@doubleclick[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@apmebf[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@serving-sys[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@bs.serving-sys[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@guj.122.2o7[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@zanox[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@atdmt[2].txt
C:\Dokumente und Einstellungen\User\Cookies\user@ad2.adfarm1.adition[2].txt
C:\Dokumente und Einstellungen\User\Cookies\user@webmasterplan[2].txt
C:\Dokumente und Einstellungen\User\Cookies\user@tradedoubler[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@traffictrack[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@ads.monster[1].txt
C:\Dokumente und Einstellungen\User\Cookies\user@im.banner.t-online[1].txt
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A915E3CE-D2CC-4023-B5BB-8830B6D42F76}\RP372\A0057433.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A915E3CE-D2CC-4023-B5BB-8830B6D42F76}\RP372\A0057435.EXE
Frank |
|
08.08.2011, 14:05
| #7 | |
| /// TB-Ausbilder | Trojaner fake alert Hallo Frank, Zitat:
 Schritt # 1: Java deinstallieren/neu installieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt # 2: Wichtige Updates
Schritt # 3: ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\log.txt"
Schritt # 4: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
08.08.2011, 15:28
| #8 |
| | Trojaner fake alert Hallo M-K-D-B, habe de Java Version aktualisiert. ADOBE Reader ist jetzt auch die neuste Version installiert. Hier das ESET Online Logfile Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=a8d911645d3f2e48808bad6f8ec55072
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-08 02:11:34
# local_time=2011-08-08 04:11:34 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 83 83 0 0
# scanned=81411
# found=0
# cleaned=0
# scan_time=2035
Code:
ATTFilter Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
McAfee Security Scan
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 7
Flash Player Out of Date!
Adobe Flash Player 10.0.42.34
Adobe Reader X (10.1.0)
Mozilla Firefox (3.5.6) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
Frank |
|
| Themen zu Trojaner fake alert |
| adware.toolbar, alert, fehler, fenster, gefahren, installiert, meldung, monitor, monitor schwarz, nicht vorhanden, ordner, plötzlich, popup, programme, pum.hidden.desktop, pum.hijack.displayproperties, pum.hijack.taskmanager, rogue.fakehdd, runter, sichtbar, system, trojan.fakealert, trojaner, windows, windows xp |
Textbox.
Button.
Hybrid-Darstellung
