BKA-Trojaner :-(

pompidou · 15.08.2011, 22:09

rechtsklick, löschen in den papierkorb (;-)) hat nicht ganz funktioniert...
Fehlermeldung: alert.zap kann nicht gelöscht werden...
ich mache mit den anderen schritten weiter...

kira · 15.08.2011, 22:25

Zitat:

Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:

[b]

Lade Dir Unhide.exe (http://filepony.de/download-unhide/) (by Grinler) herunter und speichere auf deinem Desktop
für Windows 7 und Vista mit Rechtsklick als Administrator ausführen
Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld

<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:

Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!

pompidou · 15.08.2011, 22:35

mhm, ich hab gerade schon mit OTL gefixt...

Code:

ATTFilter

Error: Unable to interpret <OTL EXTRAS Logfile:

	Code: 

 ATTFilter

  
	OTL Extras logfile created on: 13.08.2011 21:19:17 - Run 2> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.26.1     Folder = H:\> in the current context!
Error: Unable to interpret <Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 6.0.2900.2180)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <894,10 Mb Total Physical Memory | 586,88 Mb Available Physical Memory | 65,64% Memory free> in the current context!
Error: Unable to interpret <2,11 Gb Paging File | 1,80 Gb Available in Paging File | 85,15% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme> in the current context!
Error: Unable to interpret <Drive C: | 111,79 Gb Total Space | 17,27 Gb Free Space | 15,45% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive F: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,82% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret <Drive H: | 15,05 Gb Total Space | 15,05 Gb Free Space | 100,00% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: NAME-FAD8509C3B | User Name: Sarah | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== File Associations ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*> in the current context!
Error: Unable to interpret <.html [@ = htmlfile] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG, T-Com)> in the current context!
Error: Unable to interpret <.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Shell Spawning ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <htmlfile [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)> in the current context!
Error: Unable to interpret <htmlfile [opennew] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)> in the current context!
Error: Unable to interpret <http [open] -- C:\Programme\T-Online\T-Online_Software_6\Browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)> in the current context!
Error: Unable to interpret <https [open] -- C:\Programme\T-Online\T-Online_Software_6\Browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)> in the current context!
Error: Unable to interpret <InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Security Center Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret <"FirstRunDisabled" = 1> in the current context!
Error: Unable to interpret <"AntiVirusDisableNotify" = 0> in the current context!
Error: Unable to interpret <"FirewallDisableNotify" = 0> in the current context!
Error: Unable to interpret <"UpdatesDisableNotify" = 0> in the current context!
Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!
Error: Unable to interpret <"FirewallOverride" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]> in the current context!
Error: Unable to interpret <"DisableMonitoring" = 1> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== System Restore Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]> in the current context!
Error: Unable to interpret <"DisableSR" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]> in the current context!
Error: Unable to interpret <"Start" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]> in the current context!
Error: Unable to interpret <"Start" = 2> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Firewall Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DoNotAllowExceptions" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]> in the current context!
Error: Unable to interpret <"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007> in the current context!
Error: Unable to interpret <"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008> in the current context!
Error: Unable to interpret <"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]> in the current context!
Error: Unable to interpret <"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL> in the current context!
Error: Unable to interpret <"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a> in the current context!
Error: Unable to interpret <"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]> in the current context!
Error: Unable to interpret <"C:\Programme\Messenger\Msmsgs.exe" = C:\Programme\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger> in the current context!
Error: Unable to interpret <"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL> in the current context!
Error: Unable to interpret <"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a> in the current context!
Error: Unable to interpret <"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite> in the current context!
Error: Unable to interpret <"C:\Programme\Yahoo!\Messenger\YPager.exe" = C:\Programme\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger> in the current context!
Error: Unable to interpret <"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\aol\1177755123\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\aol\1177755123\ee\aolsoftware.exe:*:Enabled:AOL Shared Components> in the current context!
Error: Unable to interpret <"C:\Programme\AOL 9.0 VR\waol.exe" = C:\Programme\AOL 9.0 VR\waol.exe:*:Enabled:AOL> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Programme\Gemeinsame Dateien\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\aol\Loader\aolload.exe" = C:\Programme\Gemeinsame Dateien\aol\Loader\aolload.exe:*:Enabled:AOL Loader> in the current context!
Error: Unable to interpret <"C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe" = C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)> in the current context!
Error: Unable to interpret <"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6> in the current context!
Error: Unable to interpret <"C:\Programme\World of Warcraft\WoW-2.3.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.3.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)> in the current context!
Error: Unable to interpret <"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)> in the current context!
Error: Unable to interpret <"C:\Programme\World of Warcraft\WoW-2.4.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.4.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)> in the current context!
Error: Unable to interpret <"C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe" = C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe:*:Enabled:T-Online Browser 6.0 Download Manager -- (Deutsche Telekom AG, T-Com)> in the current context!
Error: Unable to interpret <"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6> in the current context!
Error: Unable to interpret <"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu> in the current context!
Error: Unable to interpret <"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner> in the current context!
Error: Unable to interpret <"{0E197778-07D7-4896-B0B4-DD6141A656FA}" = Samsung PC Studio PC Sync> in the current context!
Error: Unable to interpret <"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate> in the current context!
Error: Unable to interpret <"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1> in the current context!
Error: Unable to interpret <"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool> in the current context!
Error: Unable to interpret <"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT> in the current context!
Error: Unable to interpret <"{242B9150-74EC-4606-AAB1-2F0C719378D7}" = hp business inkjet 1100> in the current context!
Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21> in the current context!
Error: Unable to interpret <"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder> in the current context!
Error: Unable to interpret <"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform> in the current context!
Error: Unable to interpret <"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP> in the current context!
Error: Unable to interpret <"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker> in the current context!
Error: Unable to interpret <"{4513F51E-3D1B-4791-B652-4C8B263ACD07}" = Samsung PC Studio 2.0 PIM & File Manager> in the current context!
Error: Unable to interpret <"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant> in the current context!
Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context!
Error: Unable to interpret <"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works> in the current context!
Error: Unable to interpret <"{545D8F61-EA1E-425F-8BC2-CE37B22320AE}" = Open Season> in the current context!
Error: Unable to interpret <"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8> in the current context!
Error: Unable to interpret <"{60B81442-7AB5-49A2-BF90-02A2786587ED}" = USB-Flachbettscanner> in the current context!
Error: Unable to interpret <"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD> in the current context!
Error: Unable to interpret <"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin> in the current context!
Error: Unable to interpret <"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5> in the current context!
Error: Unable to interpret <"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0> in the current context!
Error: Unable to interpret <"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762> in the current context!
Error: Unable to interpret <"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec> in the current context!
Error: Unable to interpret <"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0> in the current context!
Error: Unable to interpret <"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent> in the current context!
Error: Unable to interpret <"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12> in the current context!
Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007> in the current context!
Error: Unable to interpret <"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!
Error: Unable to interpret <"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)> in the current context!
Error: Unable to interpret <"{91CA8C77-30FC-4AAF-B2EE-F51B0746D95C}" = ATI Catalyst Control Center> in the current context!
Error: Unable to interpret <"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context!
Error: Unable to interpret <"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster> in the current context!
Error: Unable to interpret <"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17> in the current context!
Error: Unable to interpret <"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI> in the current context!
Error: Unable to interpret <"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2> in the current context!
Error: Unable to interpret <"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch> in the current context!
Error: Unable to interpret <"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger> in the current context!
Error: Unable to interpret <"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0> in the current context!
Error: Unable to interpret <"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth> in the current context!
Error: Unable to interpret <"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player> in the current context!
Error: Unable to interpret <"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2> in the current context!
Error: Unable to interpret <"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU> in the current context!
Error: Unable to interpret <"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU> in the current context!
Error: Unable to interpret <"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser> in the current context!
Error: Unable to interpret <"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials> in the current context!
Error: Unable to interpret <"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1> in the current context!
Error: Unable to interpret <"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware> in the current context!
Error: Unable to interpret <"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"{D0FDE53C-30CE-4432-9809-756E1A6CEF44}" = HP Business Inkjet 1200> in the current context!
Error: Unable to interpret <"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2> in the current context!
Error: Unable to interpret <"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call> in the current context!
Error: Unable to interpret <"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack> in the current context!
Error: Unable to interpret <"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer> in the current context!
Error: Unable to interpret <"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04> in the current context!
Error: Unable to interpret <"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio USB Driver Installer> in the current context!
Error: Unable to interpret <"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard> in the current context!
Error: Unable to interpret <"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver> in the current context!
Error: Unable to interpret <"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack> in the current context!
Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX> in the current context!
Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin> in the current context!
Error: Unable to interpret <"Adobe Shockwave Player" = Adobe Shockwave Player 11.5> in the current context!
Error: Unable to interpret <"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus> in the current context!
Error: Unable to interpret <"ATI Display Driver" = ATI Display Driver> in the current context!
Error: Unable to interpret <"Avatar Screensaver " = Avatar Screensaver > in the current context!
Error: Unable to interpret <"CCleaner" = CCleaner> in the current context!
Error: Unable to interpret <"Digitale Bibliothek 3" = Digitale Bibliothek 3> in the current context!
Error: Unable to interpret <"dlanconf" = devolo dLAN-Konfigurationsassistent> in the current context!
Error: Unable to interpret <"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar> in the current context!
Error: Unable to interpret <"Firebird SQL Server D" = Firebird SQL Server (D)> in the current context!
Error: Unable to interpret <"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7> in the current context!
Error: Unable to interpret <"Free Fire Screensaver" = Free Fire Screensaver> in the current context!
Error: Unable to interpret <"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30> in the current context!
Error: Unable to interpret <"Google Updater" = Google Updater> in the current context!
Error: Unable to interpret <"HOMESTUDENTR" = Microsoft Office Home and Student 2007> in the current context!
Error: Unable to interpret <"hp business inkjet 1200 series" = HP Business Inkjet 1200> in the current context!
Error: Unable to interpret <"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04> in the current context!
Error: Unable to interpret <"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <"MCB40" = Molecular Cell Biology> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"Minuscule.01" = Minuscule.01> in the current context!
Error: Unable to interpret <"Minuscule.03" = Minuscule.03> in the current context!
Error: Unable to interpret <"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)> in the current context!
Error: Unable to interpret <"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)> in the current context!
Error: Unable to interpret <"Nero - Burning Rom!UninstallKey" = Nero OEM> in the current context!
Error: Unable to interpret <"Nero BurnRights!UninstallKey" = Nero BurnRights> in the current context!
Error: Unable to interpret <"NeroVision!UninstallKey" = Nero Digital> in the current context!
Error: Unable to interpret <"NVEContent!UninstallKey" = NeroVision Express Content> in the current context!
Error: Unable to interpret <"Polymorf3DSetup" = Polymorf3D Screen Saver> in the current context!
Error: Unable to interpret <"QuickTime" = QuickTime> in the current context!
Error: Unable to interpret <"RealPlayer 6.0" = RealPlayer Basic> in the current context!
Error: Unable to interpret <"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set> in the current context!
Error: Unable to interpret <"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software> in the current context!
Error: Unable to interpret <"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software> in the current context!
Error: Unable to interpret <"SMSERIAL" = Motorola SM56 Data Fax Modem> in the current context!
Error: Unable to interpret <"StreetPlugin" = Learn2 Player (Uninstall Only)> in the current context!
Error: Unable to interpret <"TeamSpeak 3 Client" = TeamSpeak 3 Client> in the current context!
Error: Unable to interpret <"TeamViewer 6" = TeamViewer 6> in the current context!
Error: Unable to interpret <"Uninstall_is1" = Uninstall 1.0.0.1> in the current context!
Error: Unable to interpret <"ViewpointMediaPlayer" = Viewpoint Media Player> in the current context!
Error: Unable to interpret <"VLC media player" = VLC media player 1.1.11> in the current context!
Error: Unable to interpret <"Was ist Zeit - Bildschirmschoner1.1" = Was ist Zeit - die fallenden Uhren> in the current context!
Error: Unable to interpret <"WIC" = Windows Imaging Component> in the current context!
Error: Unable to interpret <"Winamp" = Winamp> in the current context!
Error: Unable to interpret <"Windows Media Format Runtime" = Windows Media Format Runtime> in the current context!
Error: Unable to interpret <"WinLiveSuite_Wave3" = Windows Live Essentials> in the current context!
Error: Unable to interpret <"WinRAR archiver" = WinRAR> in the current context!
Error: Unable to interpret <"World of Warcraft" = World of Warcraft> in the current context!
Error: Unable to interpret <"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0> in the current context!
Error: Unable to interpret <"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar> in the current context!
Error: Unable to interpret <"ZoneAlarm" = ZoneAlarm> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_CURRENT_USER Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"World of Warcraft Trial" = World of Warcraft Trial> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Last 10 Event Log Errors ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ Application Events ]> in the current context!
Error: Unable to interpret <Error - 17.07.2011 08:47:31 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004> in the current context!
Error: Unable to interpret <Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen> in the current context!
Error: Unable to interpret <werden> in the current context!
Error: Unable to interpret < nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 26.07.2011 14:13:23 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004> in the current context!
Error: Unable to interpret <Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen> in the current context!
Error: Unable to interpret <werden> in the current context!
Error: Unable to interpret < nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 27.07.2011 13:06:47 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004> in the current context!
Error: Unable to interpret <Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen> in the current context!
Error: Unable to interpret <werden> in the current context!
Error: Unable to interpret < nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 28.07.2011 01:06:35 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004> in the current context!
Error: Unable to interpret <Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen> in the current context!
Error: Unable to interpret <werden> in the current context!
Error: Unable to interpret < nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 28.07.2011 01:06:35 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004> in the current context!
Error: Unable to interpret <Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen> in the current context!
Error: Unable to interpret <werden> in the current context!
Error: Unable to interpret < nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 04.08.2011 20:55:05 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002> in the current context!
Error: Unable to interpret <Description = Stillstehende Anwendung firefox.exe, Version 2.0.1.4120, Stillstandmodul> in the current context!
Error: Unable to interpret < hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 06.08.2011 18:11:18 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002> in the current context!
Error: Unable to interpret <Description = Stillstehende Anwendung AcroRd32.exe, Version 9.4.0.195, Stillstandmodul> in the current context!
Error: Unable to interpret < hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 06.08.2011 18:11:18 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002> in the current context!
Error: Unable to interpret <Description = Stillstehende Anwendung AcroRd32.exe, Version 9.4.0.195, Stillstandmodul> in the current context!
Error: Unable to interpret < hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 06.08.2011 21:13:41 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002> in the current context!
Error: Unable to interpret <Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul> in the current context!
Error: Unable to interpret < hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 07.08.2011 05:58:38 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004> in the current context!
Error: Unable to interpret <Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen> in the current context!
Error: Unable to interpret <werden> in the current context!
Error: Unable to interpret < nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ OSession Events ]> in the current context!
Error: Unable to interpret <Error - 25.01.2011 15:59:36 | Computer Name = NAME-FAD8509C3B | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application > in the current context!
Error: Unable to interpret <Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session > in the current context!
Error: Unable to interpret <lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 24.04.2011 11:31:47 | Computer Name = NAME-FAD8509C3B | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application > in the current context!
Error: Unable to interpret <Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session > in the current context!
Error: Unable to interpret <lasted 17297 seconds with 8520 seconds of active time.  This session ended with > in the current context!
Error: Unable to interpret <a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ System Events ]> in the current context!
Error: Unable to interpret <Error - 12.08.2011 14:46:54 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7001> in the current context!
Error: Unable to interpret <Description = Der Dienst "TrueVector Internet Monitor" ist vom Dienst "vsdatant"> in the current context!
Error: Unable to interpret < abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 12.08.2011 14:46:54 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7001> in the current context!
Error: Unable to interpret <Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,> in the current context!
Error: Unable to interpret < der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 12.08.2011 14:46:54 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7026> in the current context!
Error: Unable to interpret <Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:> in the current context!
Error: Unable to interpret <   AFD  AmdK8  avgio  avipbb  Fips  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  SASDIFSV  SASKUTIL  ssmdrv> in the current context!
Error: Unable to interpret <Tcpip> in the current context!
Error: Unable to interpret <vsdatant> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 12.08.2011 14:56:47 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"> in the current context!
Error: Unable to interpret < mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 12.08.2011 15:00:32 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"> in the current context!
Error: Unable to interpret < mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 12.08.2011 15:08:12 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"> in the current context!
Error: Unable to interpret < mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 12.08.2011 15:12:11 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005> in the current context!
Error: Unable to interpret <Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"> in the current context!
Error: Unable to interpret < mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 12.08.2011 15:23:45 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1460> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.08.2011 14:11:17 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1460> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.08.2011 15:12:55 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10010> in the current context!
Error: Unable to interpret <Description = Der Server "{601AC3DC-786A-4EB0-BF40-EE3521E70BFB}" konnte innerhalb> in the current context!
Error: Unable to interpret < des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << End of report >
         
 --- --- ---
> in the current context!
 
OTL by OldTimer - Version 3.2.26.1 log created on 08152011_232939

Diese Textdatei kam schon vor dem Neustart.. zum Neustart hat er mich nicht aufgefordert.

Ich teste den Internetzugang jetzt im abgesicherten Modus nochmal...

pompidou · 15.08.2011, 22:38

ach ja, ähm, im abgesicherten modus als administrator arbeiten oder dem infizierten Benutzerkonto (oder wie das heißt :-p)...?

kira · 15.08.2011, 23:24

nur mal langsam, sonst kommen wir durcheinander!

1.
Das hier abgearbeitet? Bitte um eine Antwort!:-> http://www.trojaner-board.de/102392-...tml#post693630

2.

Zitat:

Zitat von pompidou

ach ja, ähm, im abgesicherten modus als administrator arbeiten oder dem infizierten Benutzerkonto (oder wie das heißt :-p)...?

logischerweise, auf den Infizierten Konto ausführen und im normalen Modus!

3.
NUR den rot gefärbten Text/Schrift bitte in das OTL-Textfeld reinkopieren (Anleitung unter Punkt 2:-> http://www.trojaner-board.de/102392-...tml#post693597 ):

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2011.05.31 20:16:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.04 01:48:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.31 20:16:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com
[2011.05.28 13:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKLM..\RunServices: [MSGRIT32Expert]  File not found
O4 - HKLM..\RunServices: [ProfileManagerDisplaysOptions1.2.2285.37049]  File not found
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1210106308 (Image Uploader Control)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\jashla.exe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\Shell\??\command - "" = taipingtianguov1.1.exe
O33 - MountPoints2\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
O33 - MountPoints2\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\cmd.exe -- [2004.08.10 14:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\Shell\explore\command - "" = C:\WINDOWS\System32\cmd.exe -- [2004.08.10 14:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\Shell\open\command - "" = C:\WINDOWS\System32\cmd.exe -- [2004.08.10 14:00:00 | 000,401,408 | ---- | M] (Microsoft Corporation)

:Commands
[purity]
[emptytemp]

pompidou · 15.08.2011, 23:29

nein... :-(
auf dem desktop wird mir ja gar nichts angezeigt.. als ob er steckengeblieben wäre...
und über taskmanager kann ich glaube ich sehen, dass mir normalerweise verborgene Dateien noch angezeigt werden. Das hatte ich schon einmal umgestellt, und nicht wieder rückgängig gemacht, falls es darum geht.

pompidou · 15.08.2011, 23:44

entschuldige bitte,

ich war wohl zu voreilig.. hab schon den malwarebytes-scan gestartet, soll ich ihn abbrechen und zuerst die unhide.exe versuchen? und anschließend den OTL-Fix?

pompidou · 16.08.2011, 02:25

ich habe unhide.exe versucht.. abgewartet bis ein fenster kam, in dem stand, dass nun alles sichtbar sein sollte.. es hatte sich aber nichts verändert.

hab den OTL-Fix wiederholt mit Erfolg anscheinend :-) Nach dem Neustart sieht auf den ersten Blick wieder alles beim alten aus.. bloß Internet funktioniert noch nicht.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\engine@conduit.com folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\MSGRIT32Expert deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\ProfileManagerDisplaysOptions1.2.2285.37049 deleted successfully.
Starting removal of ActiveX control {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
C:\WINDOWS\Downloaded Program Files\avsniff.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E099162EEEC5}
C:\WINDOWS\Downloaded Program Files\CabSA.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {6E5E167B-1566-4316-B27F-0DDAB3484CF7}
C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}\ not found.
Starting removal of ActiveX control {BA162249-F2C5-4851-8ADC-FC58CB424243}
C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA162249-F2C5-4851-8ADC-FC58CB424243}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA162249-F2C5-4851-8ADC-FC58CB424243}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BA162249-F2C5-4851-8ADC-FC58CB424243}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA162249-F2C5-4851-8ADC-FC58CB424243}\ not found.
Starting removal of ActiveX control {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\jashla.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\ not found.
File taipingtianguov1.1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efe63b3-c12a-11dc-bfac-00c0a8cb80f4}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\ not found.
C:\WINDOWS\system32\cmd.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\ not found.
File C:\WINDOWS\System32\cmd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb28ff6-ef94-11dd-81fb-00c0a8cb80f4}\ not found.
File C:\WINDOWS\System32\cmd.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 499 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 540 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 194719 bytes

User: Sarah
->Temp folder emptied: 113692901 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 12641509 bytes
->FireFox cache emptied: 59802303 bytes
->Flash cache emptied: 451 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6733703 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169984 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 184,00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08162011_011718

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT01a19.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT01a1c.TMP not found!

Registry entries deleted on Reboot...

kira · 16.08.2011, 05:23

Sowie es aussieht, stehst du nicht unbedingt auf aktuelle Software!?

dein System ist nicht auf dem neusten Stand! - Windows ist total veraltet, (das Service Pack 3 für Windows XP fehlt), der Internet Explorer ist technisch veraltet, JAVA und Adobe sollten auch regelmäßig aufgefrischt werden!:

Code:

ATTFilter

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

Um neu aufgetauchte Lücken dicht zu machen, jeden zweiten Dienstag im Monat ist Patch Day im Hause Microsoft. Kritische Schwachstellen, Sicherheitlücken werden mit dem Update behoben. Seit SP2 wurden gleich mehrere Lücken geschlossen. Der Internet Explorer muss auch aktuell sein, auch dann, wenn du ihn nicht verwendest!

Zitat:

Hast Du nicht gewusst, Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

aber ACHTUNG! nur am Ende der Reinigung das aktuelle Service Pack installieren, in diesem Zustand nicht! Auf ein verseuches System zu installieren bringt nichts, im Gegenteil! - ich werde Dir Bescheid sagen wann

1.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

4.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

pompidou · 20.08.2011, 17:03

Hallo,

da ich noch keine Internet-Verbindung habe (jedenfalls nicht über den Browser, Skype scheint jedoch online gehen zu können, hat automatisch gestartet), musste ich Malwarebytes offline aktualisieren... das aktuellste Datenbankversion, die ich finden konnte ist vom 06.07.2011. :-( weißt du vielleicht, wo es was aktuelleres gibt?

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7035

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17.08.2011 01:19:46
mbam-log-2011-08-17 (01-19-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 292403
Laufzeit: 1 Stunde(n), 42 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{2c8d9be6-5198-47e0-9574-5a050bf186f6}\RP148\A0036809.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2011-08-20 15:12:20
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-07LAT0 rev.01.06M01
Running: dhzjdk3x.exe; Driver: C:\DOKUME~1\Sarah\LOKALE~1\Temp\agndrfow.sys


---- System - GMER 1.0.15 ----

SSDT            spmc.sys                                                      ZwEnumerateKey [0xF73F1CA2]
SSDT            spmc.sys                                                      ZwEnumerateValueKey [0xF73F2030]

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                   855691F8
Device          \Driver\atapi \Device\Ide\IdePort0                            855691F8
Device          \Driver\atapi \Device\Ide\IdePort1                            855691F8
Device          \Driver\atapi \Device\Ide\IdePort2                            855691F8
Device          \Driver\atapi \Device\Ide\IdePort3                            855691F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                  855691F8
Device          \Driver\a3gsm71c \Device\Scsi\a3gsm71c1                       8533A1F8
Device          \Driver\a3gsm71c \Device\Scsi\a3gsm71c1Port6Path0Target0Lun0  8533A1F8
Device          \FileSystem\Ntfs \Ntfs                                        855D51F8
Device          \FileSystem\Fastfat \Fat                                      841F4500

AttachedDevice  \FileSystem\Fastfat \Fat                                      fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \Driver\Tcpip \Device\Ip                                      vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\Ip                                      GDTdiIcpt.sys
Device          \Driver\Tcpip \Device\Tcp                                     vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\Tcp                                     GDTdiIcpt.sys
Device          \Driver\Tcpip \Device\Udp                                     vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\Udp                                     GDTdiIcpt.sys
Device          \Driver\Tcpip \Device\RawIp                                   vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\RawIp                                   GDTdiIcpt.sys

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BEVS-07LAT0 rev.01.06M01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855691F8]<< 
1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x8548AAB8]
3 CLASSPNP[0xF763305B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85511D98]
\Driver\atapi[0x8550FD20] -> IRP_MJ_CREATE -> 0x855691F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x855691f8
user & kernel MBR OK 
Warning: possible MBR rootkit infection !

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.08.2011 17:43:08 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,10 Mb Total Physical Memory | 494,06 Mb Available Physical Memory | 55,26% Memory free
2,11 Gb Paging File | 1,59 Gb Available in Paging File | 75,35% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 17,54 Gb Free Space | 15,69% Space Free | Partition Type: NTFS
 
Computer Name: NAME-FAD8509C3B | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG, T-Com)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- C:\Programme\T-Online\T-Online_Software_6\Browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
https [open] -- C:\Programme\T-Online\T-Online_Software_6\Browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Messenger\Msmsgs.exe" = C:\Programme\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\Yahoo!\Messenger\YPager.exe" = C:\Programme\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Programme\Gemeinsame Dateien\aol\1177755123\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\aol\1177755123\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Programme\AOL 9.0 VR\waol.exe" = C:\Programme\AOL 9.0 VR\waol.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Programme\Gemeinsame Dateien\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Programme\Gemeinsame Dateien\aol\Loader\aolload.exe" = C:\Programme\Gemeinsame Dateien\aol\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe" = C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\World of Warcraft\WoW-2.3.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.3.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.4.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.4.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe" = C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe:*:Enabled:T-Online Browser 6.0 Download Manager -- (Deutsche Telekom AG, T-Com)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{0E197778-07D7-4896-B0B4-DD6141A656FA}" = Samsung PC Studio PC Sync
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{242B9150-74EC-4606-AAB1-2F0C719378D7}" = hp business inkjet 1100
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4513F51E-3D1B-4791-B652-4C8B263ACD07}" = Samsung PC Studio 2.0 PIM & File Manager
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{545D8F61-EA1E-425F-8BC2-CE37B22320AE}" = Open Season
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{60B81442-7AB5-49A2-BF90-02A2786587ED}" = USB-Flachbettscanner
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CA8C77-30FC-4AAF-B2EE-F51B0746D95C}" = ATI Catalyst Control Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FDE53C-30CE-4432-9809-756E1A6CEF44}" = HP Business Inkjet 1200
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio USB Driver Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"Avatar Screensaver " = Avatar Screensaver 
"CCleaner" = CCleaner
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"dlanconf" = devolo dLAN-Konfigurationsassistent
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Firebird SQL Server D" = Firebird SQL Server (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Fire Screensaver" = Free Fire Screensaver
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp business inkjet 1200 series" = HP Business Inkjet 1200
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MCB40" = Molecular Cell Biology
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Minuscule.01" = Minuscule.01
"Minuscule.03" = Minuscule.03
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NVEContent!UninstallKey" = NeroVision Express Content
"Polymorf3DSetup" = Polymorf3D Screen Saver
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Was ist Zeit - Bildschirmschoner1.1" = Was ist Zeit - die fallenden Uhren
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial" = World of Warcraft Trial
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.07.2011 01:06:35 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.07.2011 01:06:35 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 04.08.2011 20:55:05 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 2.0.1.4120, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.08.2011 18:11:18 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 9.4.0.195, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.08.2011 18:11:18 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 9.4.0.195, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.08.2011 21:13:41 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2011 05:58:38 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.08.2011 16:28:38 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.51.1.1076, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.08.2011 19:23:59 | Computer Name = NAME-FAD8509C3B | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 20.08.2011 08:41:27 | Computer Name = NAME-FAD8509C3B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.51.1.1076, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ OSession Events ]
Error - 25.01.2011 15:59:36 | Computer Name = NAME-FAD8509C3B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 24.04.2011 11:31:47 | Computer Name = NAME-FAD8509C3B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 17297 seconds with 8520 seconds of active time.  This session ended with 
a crash.
 
[ System Events ]
Error - 12.08.2011 14:56:47 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12.08.2011 15:00:32 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12.08.2011 15:08:12 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12.08.2011 15:12:11 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12.08.2011 15:23:45 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1460
 
Error - 13.08.2011 14:11:17 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1460
 
Error - 13.08.2011 15:12:55 | Computer Name = NAME-FAD8509C3B | Source = DCOM | ID = 10010
Description = Der Server "{601AC3DC-786A-4EB0-BF40-EE3521E70BFB}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 13.08.2011 16:33:07 | Computer Name = NAME-FAD8509C3B | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
 (0x80072751)
 
Error - 13.08.2011 16:33:07 | Computer Name = NAME-FAD8509C3B | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 13.08.2011 16:50:12 | Computer Name = NAME-FAD8509C3B | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1460
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.08.2011 17:43:08 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,10 Mb Total Physical Memory | 494,06 Mb Available Physical Memory | 55,26% Memory free
2,11 Gb Paging File | 1,59 Gb Available in Paging File | 75,35% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 17,54 Gb Free Space | 15,69% Space Free | Partition Type: NTFS
 
Computer Name: NAME-FAD8509C3B | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.13 20:56:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2010.07.19 19:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.10.24 17:05:15 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.24 17:05:13 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.07.18 14:25:22 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.01.03 15:54:45 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.08.24 00:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2006.01.20 13:34:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2006.01.02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.01.27 17:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2004.07.21 11:35:32 | 000,327,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.13 20:56:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
MOD - [2006.08.25 17:46:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.24 17:05:15 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.24 17:05:13 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.08.24 00:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2005.08.10 13:26:14 | 001,527,900 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.02.24 16:30:50 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.27 17:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.05.28 19:29:14 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.28 19:29:10 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.28 19:29:08 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008.04.19 06:17:41 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.12 18:01:00 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.03.18 20:01:04 | 000,028,307 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2007.03.16 11:51:12 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.08.24 00:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006.08.03 02:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.04.17 16:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.04.04 21:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.03.23 01:27:10 | 000,488,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006.02.27 16:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006.02.27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.02.20 17:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006.01.20 13:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005.05.22 02:00:00 | 000,015,104 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2004.11.22 16:58:31 | 000,014,342 | R--- | M] (Intellon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbethmp.sys -- (A_USBETHMP)
DRV - [2004.08.10 14:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.05.17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\plcndis5.sys -- (PLCNDIS5)
DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.17 15:04:08 | 000,173,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\philcam2.sys -- (phil2vid) Philips VGA-Kamera (USB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.34
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.28 13:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.28 13:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.05.31 21:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2011.05.31 21:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Extensions
[2011.05.31 21:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.16 01:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions
[2011.05.31 20:17:01 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\6txxzyrc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.05.28 12:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.25 18:12:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.08.25 18:12:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.28 13:06:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.08.25 18:12:27 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.28 13:06:36 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.28 13:06:36 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.28 13:06:36 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.28 13:06:36 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.28 13:06:36 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPWNTOOLBOX] C:\Programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.24 06:29:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.20 18:51:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2011.08.16 19:55:20 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sarah\Recent
[2011.08.16 19:54:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\Malwarebytes' Anti-Malware
[2011.08.16 19:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2011.08.16 19:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\CCleaner
[2011.08.13 21:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\CC
[2011.08.09 22:32:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.08.05 22:58:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\vlc
[2011.08.05 22:57:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2011.08.05 22:56:35 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2008.11.03 01:50:58 | 000,018,120 | ---- | C] (   ) -- C:\WINDOWS\System32\drivers\ArtecGT.sys
[3 C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.20 18:51:55 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011.08.20 16:50:05 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.20 15:17:06 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe
[2011.08.20 14:34:52 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.08.20 14:31:39 | 000,054,112 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.08.20 14:31:37 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.08.20 14:31:14 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.20 14:30:52 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\dhzjdk3x.exe
[2011.08.20 14:30:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.20 14:30:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.20 14:30:34 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.16 22:25:50 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.16 01:28:14 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011.08.16 00:33:56 | 000,684,297 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\unhide.exe
[2011.08.13 20:56:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2011.08.07 02:40:50 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2011.08.06 13:10:18 | 000,056,320 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.05 22:57:51 | 000,000,697 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2011.08.05 22:55:57 | 021,073,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\vlc-1.1.11-win32.exe
[2011.08.05 22:09:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.08.01 22:01:25 | 002,368,986 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Katalog 4.0.pdf
[2011.07.21 22:29:32 | 000,018,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Alf_ripped.jpg
[3 C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.20 18:51:55 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011.08.20 17:38:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe
[2011.08.20 15:11:21 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\dhzjdk3x.exe
[2011.08.16 22:25:50 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.16 19:54:18 | 000,684,297 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\unhide.exe
[2011.08.16 00:08:57 | 937,603,072 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.05 22:57:51 | 000,000,697 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2011.08.05 22:55:39 | 021,073,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\vlc-1.1.11-win32.exe
[2011.08.01 22:01:25 | 002,368,986 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Katalog 4.0.pdf
[2011.07.21 22:29:27 | 000,018,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Alf_ripped.jpg
[2010.12.04 01:13:09 | 000,184,904 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.09.21 13:21:53 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2010.06.13 22:40:59 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.03.29 14:04:09 | 000,000,423 | ---- | C] () -- C:\WINDOWS\hpw1200k.ini
[2010.03.29 14:02:47 | 000,018,549 | ---- | C] () -- C:\WINDOWS\hpbj1200.ini
[2010.03.29 14:02:37 | 000,005,723 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2008.11.03 01:51:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\Ausba3.dll
[2008.11.03 01:51:32 | 000,011,464 | ---- | C] () -- C:\WINDOWS\Dusb3ar.ini
[2008.11.03 01:51:32 | 000,002,638 | ---- | C] () -- C:\WINDOWS\Ausba3.INI
[2008.11.03 01:51:32 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini
[2008.11.03 01:50:47 | 000,001,616 | ---- | C] () -- C:\WINDOWS\ArtecPlus.ini
[2008.06.04 19:50:22 | 000,095,232 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2008.06.04 19:39:34 | 000,020,223 | ---- | C] () -- C:\WINDOWS\System32\irunin.ini
[2008.06.04 19:39:34 | 000,013,366 | ---- | C] () -- C:\WINDOWS\System32\irunin.dat
[2008.04.07 16:04:29 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.10.01 13:09:56 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007.04.28 12:26:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.04.16 17:16:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007.04.10 19:23:18 | 000,056,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.27 21:24:57 | 000,061,440 | R--- | C] () -- C:\WINDOWS\scrub2k.exe
[2007.03.27 21:24:57 | 000,000,104 | R--- | C] () -- C:\WINDOWS\hpw1100k.ini
[2007.03.27 21:21:34 | 000,014,940 | ---- | C] () -- C:\WINDOWS\hpbj1100.ini
[2007.03.18 20:01:12 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2007.03.18 20:01:12 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2007.03.18 20:01:12 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2007.03.18 20:01:04 | 000,028,307 | ---- | C] () -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2007.03.18 19:50:07 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007.03.18 19:49:51 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.03.16 11:49:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.03.15 21:46:44 | 000,047,869 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2007.03.15 21:46:21 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.24 11:28:12 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.10.24 11:28:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006.10.24 11:28:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006.10.24 11:28:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006.10.24 11:28:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006.10.24 11:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006.10.24 11:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006.10.24 11:28:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006.10.24 11:28:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006.10.24 11:28:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006.10.24 11:24:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2006.10.24 11:24:45 | 000,464,352 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.10.24 11:24:45 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.10.24 11:24:45 | 000,086,566 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.10.24 11:24:45 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.10.24 11:24:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.10.24 11:24:16 | 000,445,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.10.24 11:24:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.10.24 11:24:16 | 000,072,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.10.24 11:24:16 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.10.24 11:24:15 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.10.24 11:24:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.10.24 11:24:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.10.24 11:24:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.10.24 11:24:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.10.24 11:24:03 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.10.24 11:23:59 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.10.24 07:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.10.24 07:44:30 | 000,000,640 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.10.24 07:39:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.10.24 07:37:24 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.10.24 07:36:47 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.10.24 07:20:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.10.24 07:19:48 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.10.24 06:33:43 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.10.24 06:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.10.24 06:26:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.10.24 06:24:52 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.11.30 15:32:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\barrier.ini
[2005.08.05 14:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2005.01.27 17:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2005.01.21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
 
========== LOP Check ==========
 
[2008.04.07 15:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2008.06.04 19:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laconic Software
[2006.10.24 07:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.04.27 20:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2008.05.11 21:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2007.09.14 12:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.03.16 11:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2009.02.09 20:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Acreon
[2008.01.12 18:22:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\DAEMON Tools
[2010.12.04 01:48:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.08.07 02:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ICQ
[2007.12.20 00:54:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ICQ Toolbar
[2007.09.18 15:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ICQLite
[2008.01.22 23:41:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\MAGIX
[2008.04.08 18:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\MSNInstaller
[2009.01.20 20:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mumble
[2011.05.31 21:06:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\PriceGong
[2010.09.21 13:18:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\QuickScan
[2007.09.14 13:00:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\T-Online
[2011.05.31 21:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TeamViewer
[2011.05.31 21:24:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Thunderbird
[2011.08.13 21:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TS3Client
[2008.05.20 19:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Viewpoint
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Vielen Dank schon mal...

kira · 21.08.2011, 05:31

Vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt...
Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren.

wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter:

1.

Zitat:

ZoneAlarm

Anwendungen, die im Hintergrund laufen während der Reinigung, können die Leistung deines Computers und auch unsere Arbeit negativ beeinflussen, deswegen bitte die hier aufgelisteten Programme zuerst mal deinstallieren:
- da ZoneAlarm in der letzten Zeit bei viele PC`s akutes Problem verbreitet hat, wie z.B.:
"Tastatur reagiert langsam, System plötzlich langsam wird, Desktopsymbole verschwunden, Programme reagieren verzögert, Abstürze usw..."
bitte Dich erstmal ihn zu deinstallieren und die Windows eigene Firewall einzuschalten
Deinstallationshinweise:
Forennachricht
ZoneAlarmPro 3 vollständig deinstallieren

2.
TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

pompidou · 21.08.2011, 14:06

Hallo,

die Deinstallation von ZoneAlarm hat mehr oder weniger funktioniert. besser kann ichs nicht^^.

TDSSKiller hat folgendes ausgespuckt:

Code:

ATTFilter

2011/08/21 14:49:02.0484 0536	TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/21 14:49:02.0500 0536	================================================================================
2011/08/21 14:49:02.0500 0536	SystemInfo:
2011/08/21 14:49:02.0500 0536	
2011/08/21 14:49:02.0500 0536	OS Version: 5.1.2600 ServicePack: 2.0
2011/08/21 14:49:02.0500 0536	Product type: Workstation
2011/08/21 14:49:02.0500 0536	ComputerName: NAME-FAD8509C3B
2011/08/21 14:49:02.0500 0536	UserName: Sarah
2011/08/21 14:49:02.0500 0536	Windows directory: C:\WINDOWS
2011/08/21 14:49:02.0500 0536	System windows directory: C:\WINDOWS
2011/08/21 14:49:02.0500 0536	Processor architecture: Intel x86
2011/08/21 14:49:02.0500 0536	Number of processors: 2
2011/08/21 14:49:02.0500 0536	Page size: 0x1000
2011/08/21 14:49:02.0500 0536	Boot type: Normal boot
2011/08/21 14:49:02.0500 0536	================================================================================
2011/08/21 14:49:04.0171 0536	Initialize success
2011/08/21 14:49:16.0453 0528	================================================================================
2011/08/21 14:49:16.0453 0528	Scan started
2011/08/21 14:49:16.0453 0528	Mode: Manual; 
2011/08/21 14:49:16.0453 0528	================================================================================
2011/08/21 14:49:18.0031 0528	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/21 14:49:18.0078 0528	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/21 14:49:18.0171 0528	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/08/21 14:49:18.0265 0528	AFD             (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
2011/08/21 14:49:18.0437 0528	AmdK8           (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/21 14:49:18.0562 0528	AR5211          (d07ccc37476034ebf5de4608a8af4386) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/08/21 14:49:18.0656 0528	Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/21 14:49:18.0796 0528	ASCTRM          (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/08/21 14:49:18.0843 0528	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/21 14:49:18.0906 0528	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/21 14:49:19.0078 0528	ati2mtag        (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/21 14:49:19.0328 0528	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/21 14:49:19.0406 0528	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/21 14:49:19.0546 0528	avgio           (87828ecd657f81503465ac705e845076) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/08/21 14:49:19.0609 0528	avgntflt        (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/08/21 14:49:19.0687 0528	avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/21 14:49:19.0765 0528	AVMUNET         (077b3692f4376d1539755761feef659a) C:\WINDOWS\system32\DRIVERS\avmunet.sys
2011/08/21 14:49:19.0828 0528	A_USBETHMP      (cfad896f667d497873a1b28d50847d41) C:\WINDOWS\system32\Drivers\usbethmp.sys
2011/08/21 14:49:19.0890 0528	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/21 14:49:19.0984 0528	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/21 14:49:20.0031 0528	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/21 14:49:20.0140 0528	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/21 14:49:20.0171 0528	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/21 14:49:20.0421 0528	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/21 14:49:20.0562 0528	CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/21 14:49:20.0625 0528	Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/21 14:49:20.0765 0528	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/21 14:49:20.0859 0528	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/21 14:49:20.0921 0528	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/21 14:49:20.0937 0528	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/21 14:49:21.0015 0528	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/21 14:49:21.0062 0528	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/21 14:49:21.0156 0528	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/21 14:49:21.0187 0528	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/21 14:49:21.0265 0528	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/21 14:49:21.0437 0528	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/21 14:49:21.0515 0528	FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/21 14:49:21.0625 0528	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/21 14:49:21.0687 0528	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/21 14:49:21.0734 0528	GDTdiInterceptor (8916b6ead856da32b5183cad114447f4) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2011/08/21 14:49:21.0781 0528	GEARAspiWDM     (8c18f85edd5d47f34068f3efd5689fa9) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/21 14:49:21.0828 0528	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/21 14:49:21.0921 0528	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/21 14:49:22.0000 0528	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/21 14:49:22.0109 0528	HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/21 14:49:22.0218 0528	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/21 14:49:22.0343 0528	iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/21 14:49:22.0453 0528	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/21 14:49:22.0953 0528	IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/21 14:49:23.0390 0528	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/21 14:49:23.0421 0528	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/21 14:49:23.0453 0528	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/21 14:49:23.0531 0528	IpNat           (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/21 14:49:23.0593 0528	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/21 14:49:23.0656 0528	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/21 14:49:23.0750 0528	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/21 14:49:23.0953 0528	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/21 14:49:24.0031 0528	kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/21 14:49:24.0125 0528	kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/21 14:49:24.0187 0528	KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/21 14:49:24.0468 0528	MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
2011/08/21 14:49:24.0578 0528	MBAMSwissArmy   (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/21 14:49:24.0640 0528	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/21 14:49:24.0687 0528	MIINPazX        (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
2011/08/21 14:49:24.0765 0528	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/21 14:49:24.0843 0528	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/21 14:49:24.0921 0528	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/21 14:49:25.0109 0528	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/21 14:49:25.0156 0528	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/21 14:49:25.0218 0528	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/21 14:49:25.0312 0528	MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/21 14:49:25.0390 0528	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/21 14:49:25.0437 0528	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/21 14:49:25.0562 0528	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/21 14:49:25.0593 0528	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/21 14:49:25.0671 0528	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/21 14:49:25.0734 0528	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/21 14:49:25.0968 0528	MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
2011/08/21 14:49:26.0156 0528	Mup             (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/21 14:49:26.0250 0528	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/21 14:49:26.0343 0528	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/21 14:49:26.0406 0528	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/21 14:49:26.0468 0528	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/21 14:49:26.0546 0528	Ndisuio         (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/21 14:49:26.0687 0528	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/21 14:49:26.0718 0528	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/21 14:49:26.0765 0528	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/21 14:49:26.0843 0528	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/21 14:49:26.0968 0528	NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/21 14:49:27.0078 0528	nm              (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/21 14:49:27.0109 0528	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/21 14:49:27.0218 0528	Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/21 14:49:27.0328 0528	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/21 14:49:27.0359 0528	nvatabus        (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\drivers\nvatabus.sys
2011/08/21 14:49:27.0390 0528	nvraid          (a4f2a29b9d40f9ffbbb54e56ce483797) C:\WINDOWS\system32\drivers\nvraid.sys
2011/08/21 14:49:27.0437 0528	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/21 14:49:27.0484 0528	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/21 14:49:27.0578 0528	O2MDRDR         (9be9afaf92f5f46d109694bbe33c3bda) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/08/21 14:49:27.0625 0528	O2SDRDR         (12a6d826a1a27818170552f2495a567a) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/08/21 14:49:27.0656 0528	ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/21 14:49:27.0703 0528	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/21 14:49:27.0718 0528	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/21 14:49:27.0781 0528	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/21 14:49:27.0812 0528	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/21 14:49:27.0843 0528	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/21 14:49:27.0906 0528	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/21 14:49:28.0187 0528	phil2vid        (3bd216de6a56190c19c951ed2e19087a) C:\WINDOWS\system32\DRIVERS\philcam2.sys
2011/08/21 14:49:28.0281 0528	PLCNDIS5        (2aba2f545b35f9c6cc2cfc4e1d539a80) C:\WINDOWS\system32\plcndis5.sys
2011/08/21 14:49:28.0359 0528	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/21 14:49:28.0437 0528	Processor       (f04317fb351b75233979dc65d4cead54) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/21 14:49:28.0484 0528	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/21 14:49:28.0562 0528	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/21 14:49:28.0656 0528	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/21 14:49:28.0765 0528	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/21 14:49:28.0796 0528	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/21 14:49:28.0812 0528	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/21 14:49:28.0859 0528	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/21 14:49:28.0937 0528	Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/21 14:49:28.0984 0528	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/21 14:49:29.0078 0528	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/21 14:49:29.0218 0528	RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/21 14:49:29.0265 0528	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/21 14:49:29.0328 0528	RTL8023xp       (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/08/21 14:49:29.0375 0528	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/21 14:49:29.0453 0528	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/21 14:49:29.0468 0528	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/21 14:49:29.0546 0528	sdbus           (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/21 14:49:29.0609 0528	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/21 14:49:29.0656 0528	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/21 14:49:29.0703 0528	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/21 14:49:29.0750 0528	SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\WINDOWS\system32\drivers\SiSRaid2.sys
2011/08/21 14:49:29.0812 0528	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/21 14:49:30.0015 0528	smserial        (ce2e9d6b8c26c38779581cff1f14b65b) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/08/21 14:49:30.0140 0528	splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/21 14:49:30.0250 0528	sptd            (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/21 14:49:30.0250 0528	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
2011/08/21 14:49:30.0250 0528	sptd - detected LockedFile.Multi.Generic (1)
2011/08/21 14:49:30.0312 0528	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/21 14:49:30.0343 0528	Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/21 14:49:30.0484 0528	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/21 14:49:30.0578 0528	ss_bus          (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/08/21 14:49:30.0640 0528	ss_mdfl         (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/08/21 14:49:30.0734 0528	ss_mdm          (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/08/21 14:49:30.0812 0528	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/21 14:49:30.0859 0528	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/21 14:49:30.0937 0528	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/21 14:49:31.0078 0528	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/21 14:49:31.0171 0528	Tcpip           (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/21 14:49:31.0234 0528	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/21 14:49:31.0265 0528	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/21 14:49:31.0328 0528	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/21 14:49:31.0453 0528	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/21 14:49:31.0593 0528	Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/21 14:49:31.0734 0528	usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/21 14:49:31.0812 0528	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/21 14:49:31.0859 0528	usbehci         (b0d7020386c7187ef9c5a9643f289cd3) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/21 14:49:31.0953 0528	usbhub          (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/21 14:49:31.0968 0528	usbohci         (5ad6734f43418aebb8aa0a4df3420b65) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/21 14:49:32.0031 0528	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/21 14:49:32.0109 0528	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/21 14:49:32.0140 0528	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/21 14:49:32.0218 0528	viamraid        (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\drivers\viamraid.sys
2011/08/21 14:49:32.0281 0528	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/21 14:49:32.0328 0528	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/21 14:49:32.0375 0528	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/21 14:49:32.0562 0528	wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/21 14:49:32.0640 0528	WpdUsb          (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/08/21 14:49:32.0703 0528	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/21 14:49:32.0765 0528	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/08/21 14:49:32.0906 0528	Boot (0x1200)   (83376a4eeaae80614acf6c0dc0b41816) \Device\Harddisk0\DR0\Partition0
2011/08/21 14:49:32.0906 0528	================================================================================
2011/08/21 14:49:32.0906 0528	Scan finished
2011/08/21 14:49:32.0906 0528	================================================================================
2011/08/21 14:49:32.0921 2956	Detected object count: 1
2011/08/21 14:49:32.0921 2956	Actual detected object count: 1
2011/08/21 14:50:32.0609 2956	LockedFile.Multi.Generic(sptd) - User select action: Skip

Diese verdächtige Datei, die gefunden wurde habe ich mit skip übersprungen, da ich nicht wusste was ich tun soll, ob Quarantäne oder so....

Denkst du die Reinigung wird funktionieren oder soll ich mich mit dem Gedanken anfreunden möglicherweise doch die Festplatte formatieren und neu aufsetzen zu müssen? Wie schlimm ist so eine Rootkit-Infektion?

Danke

pompidou

kira · 22.08.2011, 13:03

hast Du die Anleitung nicht gelesen?:-> http://www.trojaner-board.de/82358-tdsskiller-google-umleitungen-tdss-tdl3-alureon-rootkit-entfernen.html#post640150

pompidou · 22.08.2011, 17:43

Hey,

öhm doch ich denke schon... zumindest den ersten Teil zur Durchführung...
Wieso?

kira · 23.08.2011, 05:59

dann führe bitte das Tool von Kaspersky erneut aus, Log posten
Funde löschen und PC neu aufstarten lassen - (Neustart passiert automatisch)

15.08.2011, 22:09	#16
pompidou	BKA-Trojaner :-( rechtsklick, löschen in den papierkorb (;-)) hat nicht ganz funktioniert... Fehlermeldung: alert.zap kann nicht gelöscht werden... ich mache mit den anderen schritten weiter...

15.08.2011, 22:38	#19
pompidou	BKA-Trojaner :-( ach ja, ähm, im abgesicherten modus als administrator arbeiten oder dem infizierten Benutzerkonto (oder wie das heißt :-p)...?

15.08.2011, 23:29	#21
pompidou	BKA-Trojaner :-( nein... :-( auf dem desktop wird mir ja gar nichts angezeigt.. als ob er steckengeblieben wäre... und über taskmanager kann ich glaube ich sehen, dass mir normalerweise verborgene Dateien noch angezeigt werden. Das hatte ich schon einmal umgestellt, und nicht wieder rückgängig gemacht, falls es darum geht.

15.08.2011, 23:44	#22
pompidou	BKA-Trojaner :-( entschuldige bitte, ich war wohl zu voreilig.. hab schon den malwarebytes-scan gestartet, soll ich ihn abbrechen und zuerst die unhide.exe versuchen? und anschließend den OTL-Fix?

22.08.2011, 17:43	#29
pompidou	BKA-Trojaner :-( Hey, öhm doch ich denke schon... zumindest den ersten Teil zur Durchführung... Wieso?

BKA-Trojaner :-(

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(

BKA-Trojaner :-(