|
Log-Analyse und Auswertung: Windows-Verschlüsselungs-Trojaner unter Windows XPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
11.05.2012, 17:57 | #1 |
| Windows-Verschlüsselungs-Trojaner unter Windows XP Hallo zusammen, wir haben seit 06.05.12 den Windows-Verschlüsselungs-Trojaner auf unserem XP-Rechner. Beim Hochfahren erscheint direkt die Zahlungsaufforderung "Windows-Lizenz abgelaufen...". Haben versucht den Rechner im abgesicherten Modus zu starten, was jedoch nicht funktioniert hat. Anschließend haben wir OTLPE wie mehrfach beschrieben heruntergeladen und so den Rechner mit der Boot-CD gestartet. Der PC erkennt keine USB-Sticks, lediglich der SD-Kartenleser funktioniert. Unser Rechner hat 2 Partitionen, auf c Betriebssystem + Programme und auf d unsere Daten. Alle auf d befindlichen Bilddaten (jpeg) sind verschlüsselt (locked + willkürliche Datei-Endung) und können auch trotz Umbenennens auf einem anderen Rechner nicht geöffnet werden. Folgendes OTL-Logfile wurde erzeugt (siehe Anhang). Können Sie uns bitte weiterhelfen? Schöne Grüße. Geändert von edgar_bilumi (11.05.2012 um 18:12 Uhr) |
11.05.2012, 21:48 | #2 | ||||
/// Helfer-Team | Windows-Verschlüsselungs-Trojaner unter Windows XP Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
1. Zitat:
Code:
ATTFilter :OTL FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O4 - HKU\Mayer_ON_C..\Run: [] File not found O4 - HKU\Mayer_ON_C..\Run: [320D180E] C:\WINDOWS\system32\14CA115F320D180E5361.exe (Pen is ont he tble) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\Mayer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Mayer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\14CA115F320D180E5361.exe) - C:\WINDOWS\system32\14CA115F320D180E5361.exe (Pen is ont he tble) [2012/05/06 20:38:50 | 000,086,016 | -H-- | C] (Pen is ont he tble) -- C:\WINDOWS\System32\14CA115F320D180E5361.exe [2012/05/08 20:23:36 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/05/07 21:17:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/05/06 20:38:52 | 000,086,016 | -H-- | M] (Pen is ont he tble) -- C:\WINDOWS\System32\14CA115F320D180E5361.exe [2012/05/03 10:21:08 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job :Files C:\WINDOWS\system32\14CA115F320D180E5361.exe C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Faxyviomald C:\hpfr3420.xml C:\WINDOWS\System32\winsh325 C:\WINDOWS\System32\winsh324 C:\WINDOWS\System32\winsh323 C:\WINDOWS\System32\winsh322 C:\WINDOWS\System32\winsh321 C:\WINDOWS\System32\winsh320 ipconfig /flushdns /c :Commands [purity] [emptytemp]
2. Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst? wenn ja, so geht es weiter: 3. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
4. Systemscan mit OTL - nicht mehr das OTLPE starten! Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
5. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
12.05.2012, 21:28 | #3 |
| Windows-Verschlüsselungs-Trojaner unter Windows XP Hallo kira !
__________________Vorab vielen Dank für Deine Hilfe... Haben alle Punkte von 1 - 5 abgearbeitet. Zu Punkt 1: Fixen mit OTLPE Code:
ATTFilter ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. File C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found. Registry value HKEY_USERS\Mayer_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\Mayer_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\320D180E deleted successfully. C:\WINDOWS\system32\14CA115F320D180E5361.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully. Registry value HKEY_USERS\Mayer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_USERS\Mayer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\14CA115F320D180E5361.exe deleted successfully. File C:\WINDOWS\system32\14CA115F320D180E5361.exe not found. File C:\WINDOWS\System32\14CA115F320D180E5361.exe not found. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. File C:\WINDOWS\System32\14CA115F320D180E5361.exe not found. C:\WINDOWS\tasks\Google Software Updater.job moved successfully. ========== FILES ========== File\Folder C:\WINDOWS\system32\14CA115F320D180E5361.exe not found. C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Faxyviomald folder moved successfully. C:\hpfr3420.xml moved successfully. C:\WINDOWS\System32\winsh325 moved successfully. C:\WINDOWS\System32\winsh324 moved successfully. C:\WINDOWS\System32\winsh323 moved successfully. C:\WINDOWS\System32\winsh322 moved successfully. C:\WINDOWS\System32\winsh321 moved successfully. C:\WINDOWS\System32\winsh320 moved successfully. < ipconfig /flushdns /c > Windows IP Configuration An internal error occurred: The system cannot find the file specified. Please contact Microsoft Product Support Services for further help. Additional information: Unable to open registry key for tcpip. C:\cmd.bat deleted successfully. C:\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2775943 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1466131848 bytes Total Files Cleaned = 1,401.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 05122012_214910 Neustart dauerte zwar über eine halbe Stunde, war aber gleich erfolgreich. Konnten im normalen Modus arbeiten. Zu Punkt 3: Malewarebytes installiert und vollständiger Scan durchgeführt. Hier der dazugehörende Scanbericht: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.12.06 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 Mayer :: ACER-6655572C9F [Administrator] 12.05.2012 20:46:17 mbam-log-2012-05-12 (20-46-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 328281 Laufzeit: 43 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier die beiden TXT-Dateien: a) die OTL.TXT: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2012 21:39:41 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = F:\12-05-12_otl_von_oldtimer_anwendung Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 221,48 Mb Available Physical Memory | 43,30% Memory free 1,22 Gb Paging File | 0,56 Gb Available in Paging File | 46,38% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,65 Gb Total Space | 42,21 Gb Free Space | 58,11% Space Free | Partition Type: FAT32 Drive D: | 73,43 Gb Total Space | 33,15 Gb Free Space | 45,14% Space Free | Partition Type: FAT32 Drive F: | 29,64 Mb Total Space | 16,20 Mb Free Space | 54,67% Space Free | Partition Type: FAT Computer Name: ACER-6655572C9F | User Name: Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.12 21:35:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\12-05-12_otl_von_oldtimer_anwendung\OTL.exe PRC - [2012.02.01 09:11:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 13:32:02 | 000,142,376 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.06.01 17:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\MemeoDashboard.exe PRC - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe PRC - [2011.06.01 17:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Programme\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe PRC - [2011.05.04 22:04:38 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe PRC - [2011.05.04 22:04:32 | 000,325,344 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.26 16:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe PRC - [2007.07.25 17:50:32 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2005.06.20 09:03:24 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Programme\acer\eRecovery\Monitor.exe PRC - [2005.06.08 08:31:32 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005.06.04 12:40:58 | 000,110,592 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eMode Management\AspireService.exe PRC - [2005.06.01 14:25:40 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eConsole\MediaSync.exe PRC - [2005.06.01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eConsole\MediaServerService.exe PRC - [2004.09.13 11:51:06 | 001,450,096 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCD.exe PRC - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2001.11.29 17:10:28 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe ========== Modules (No Company Name) ========== MOD - [2012.04.13 17:44:30 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll MOD - [2012.04.13 17:44:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll MOD - [2012.04.13 17:41:48 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll MOD - [2012.04.12 22:31:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll MOD - [2012.04.12 22:31:04 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll MOD - [2012.04.12 19:38:08 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.04.12 19:38:04 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.02.17 12:16:50 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll MOD - [2012.02.16 15:16:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll MOD - [2012.02.16 14:49:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll MOD - [2012.02.16 14:47:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll MOD - [2012.02.16 14:42:14 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll MOD - [2012.02.01 09:12:34 | 000,423,808 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.02.01 09:12:32 | 000,058,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll MOD - [2012.02.01 09:12:30 | 000,272,768 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll MOD - [2012.02.01 09:12:30 | 000,095,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\qjson.dll MOD - [2012.02.01 09:12:14 | 000,384,896 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtCore.dll MOD - [2012.02.01 09:12:14 | 000,165,248 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtWeb.dll MOD - [2012.02.01 09:12:12 | 010,843,520 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.02.01 09:12:12 | 002,557,312 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.02.01 09:12:12 | 000,346,496 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.02.01 09:12:08 | 001,294,208 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.02.01 09:12:08 | 000,196,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.02.01 09:12:06 | 000,919,936 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.02.01 09:12:06 | 000,682,880 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.02.01 09:12:06 | 000,517,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.02.01 09:12:04 | 008,172,928 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.02.01 09:12:04 | 002,252,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.02.01 09:12:02 | 002,288,512 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.02.01 09:12:00 | 000,422,272 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.02.01 09:11:56 | 000,202,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012.02.01 09:11:56 | 000,034,688 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012.02.01 09:11:54 | 000,032,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012.02.01 09:11:36 | 000,388,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\OviShareLib.dll MOD - [2012.02.01 09:11:28 | 000,437,632 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll MOD - [2012.02.01 09:11:18 | 001,037,696 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Maps Service API.dll MOD - [2012.02.01 09:10:52 | 000,758,656 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.01.05 15:19:12 | 000,112,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2011.10.14 15:54:20 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011.10.14 15:45:00 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.06.01 17:46:02 | 000,030,984 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll MOD - [2011.06.01 17:45:34 | 000,011,016 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\Plugins\de-DE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll MOD - [2011.06.01 17:42:24 | 000,108,296 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\Memeo.Progress.dll MOD - [2011.06.01 17:16:54 | 000,971,776 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll MOD - [2011.06.01 17:16:54 | 000,241,664 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll MOD - [2011.05.04 22:05:50 | 000,114,688 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll MOD - [2011.05.04 22:05:50 | 000,028,672 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll MOD - [2011.05.04 22:04:54 | 002,896,608 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll MOD - [2011.05.04 22:04:50 | 000,027,360 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll MOD - [2011.05.04 22:04:32 | 000,325,344 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe MOD - [2010.03.22 23:59:46 | 000,504,293 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\sqlite3.dll MOD - [2009.10.05 20:23:28 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.05 20:23:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2005.06.01 14:21:08 | 000,151,552 | ---- | M] () -- C:\Programme\acer\Acer eConsole\MediaUtil.dll MOD - [2005.06.01 14:19:42 | 000,737,280 | ---- | M] () -- C:\Programme\acer\Acer eConsole\log4cxx.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.05.05 21:16:34 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService) SRV - [2011.05.04 22:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2005.06.01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2002.11.27 13:30:30 | 000,065,536 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2001.11.29 17:10:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 10:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 10:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008.11.29 16:00:58 | 000,114,496 | ---- | M] (Protection Technology Co.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv04.sys -- (prodrv04) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 20:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2006.04.21 17:10:34 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2005.06.08 08:31:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.03.23 20:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.03.04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys) DRV - [2004.09.13 11:58:10 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2004.09.13 11:54:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004.09.13 11:54:06 | 000,093,440 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2003.03.28 17:25:52 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2002.11.28 16:18:06 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2002.11.28 12:43:50 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ElbyVCD.sys -- (ElbyVCD) DRV - [2002.01.29 13:28:28 | 000,220,432 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2001.11.29 17:10:32 | 001,432,836 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\v90drv.sys -- (V90drv) DRV - [2001.11.29 17:10:28 | 000,033,028 | R--- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) DRV - [2001.11.29 17:10:26 | 000,175,160 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2001.11.29 17:10:20 | 000,607,732 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax) DRV - [2001.11.29 17:10:18 | 002,383,460 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2001.11.29 17:10:14 | 000,172,708 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.04.09 10:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.04.09 10:40:20 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AspireService] C:\Programme\acer\Acer eMode Management\AspireService.exe (Acer Inc.) O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [CloneDVDElbyDelay] C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [eRecoveryService] C:\Programme\acer\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [MediaSync] C:\Programme\acer\Acer eConsole\MediaSync.exe (Acer Inc.) O4 - HKLM..\Run: [Memeo AutoSync] C:\Programme\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [Memeo Instant Backup] C:\Programme\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Seagate Dashboard] C:\Programme\Seagate\Seagate Dashboard\MemeoLauncher.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UIUCU] C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Temp\UIUCU.EXE (Conexant Systems, Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Password .lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\phase-6 Reminder.lnk = C:\Programme\phase-6\phase-6-junior\reminder\reminder.exe (phase-6) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A3B4C4-1C81-491A-A870-079F84CA1E40}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.10.22 07:38:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell - "" = AutoRun O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell\AutoRun\command - "" = J:\Password.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.12 21:49:10 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.12 20:43:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Malwarebytes [2012.05.12 20:43:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.12 20:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.05.12 20:43:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.12 20:42:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.08 22:02:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.08 21:48:38 | 000,000,000 | -HSD | C] -- C:\FOUND.007 [2012.05.08 20:21:32 | 000,000,000 | -HSD | C] -- C:\FOUND.006 [2012.05.08 20:15:19 | 001,036,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2012.05.08 20:00:48 | 000,000,000 | -HSD | C] -- C:\FOUND.005 [2012.05.08 19:42:46 | 000,000,000 | -HSD | C] -- C:\FOUND.004 ========== Files - Modified Within 30 Days ========== [2012.05.12 22:36:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2012.05.12 22:36:14 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.05.12 22:35:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.12 22:35:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.12 22:35:38 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2012.05.12 21:14:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.12 20:43:12 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.07 20:56:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.05.06 23:42:02 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Office Outlook 2003.lnk [2012.05.06 23:16:10 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Office Word 2003.lnk [2012.05.05 21:15:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.05.05 21:15:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.04.23 20:24:22 | 000,000,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Mayer\Desktop\Bike GPS RichTrack Factory.lnk [2012.04.20 23:00:46 | 000,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk [2012.04.12 22:29:44 | 000,000,465 | ---- | M] () -- C:\ZB20120412222937001.xml ========== Files Created - No Company Name ========== [2012.05.12 22:36:12 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.05.12 20:43:10 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.07 20:42:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.04.12 22:29:43 | 000,000,465 | ---- | C] () -- C:\ZB20120412222937001.xml [2012.02.15 21:42:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll ========== LOP Check ========== [2006.11.04 19:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terzio [2008.01.23 19:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.10.05 19:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tanagra [2010.06.03 19:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eConsole [2011.04.30 23:35:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch [2011.09.20 16:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cornelsen [2011.10.10 19:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.10.10 19:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.10.10 19:44:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011.10.30 14:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase6 [2011.11.06 19:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MemeoCommon [2008.01.23 19:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\T-Online [2009.03.08 18:34:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\FWU-USM [2011.03.14 23:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Navigram [2011.08.01 20:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1 [2011.10.10 19:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\PC Suite [2011.11.06 19:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Leadertech [2011.11.06 19:34:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Seagate [2011.11.06 19:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Memeo [2012.04.09 10:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Nokia [2006.11.19 17:13:26 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1145632241.job ========== Purity Check ========== < End of report > b) die EXTRAS.TXT: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.05.2012 21:39:41 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = F:\12-05-12_otl_von_oldtimer_anwendung Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 221,48 Mb Available Physical Memory | 43,30% Memory free 1,22 Gb Paging File | 0,56 Gb Available in Paging File | 46,38% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,65 Gb Total Space | 42,21 Gb Free Space | 58,11% Space Free | Partition Type: FAT32 Drive D: | 73,43 Gb Total Space | 33,15 Gb Free Space | 45,14% Space Free | Partition Type: FAT32 Drive F: | 29,64 Mb Total Space | 16,20 Mb Free Space | 54,67% Space Free | Partition Type: FAT Computer Name: ACER-6655572C9F | User Name: Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Acer\Acer eConsole\MediaSync.exe" = C:\Programme\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer -- (Acer Inc.) "C:\Programme\Acer\Acer eConsole\eConsole.exe" = C:\Programme\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole -- (Acer Inc.) "C:\Programme\Acer\Acer eConsole\MediaServerService.exe" = C:\Programme\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server -- (Acer Inc.) "C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net) "C:\Programme\Tecnomatix\eMPower\Tune.exe" = C:\Programme\Tecnomatix\eMPower\Tune.exe:*:Disabled:Tecnomatix eMPower Application "C:\Programme\ADAC\ACCF2006_1\ADAC_Browser.exe" = C:\Programme\ADAC\ACCF2006_1\ADAC_Browser.exe:*:Enabled:ADAC_Browser -- () "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Google\Google Earth\PLUGIN\geplugin.exe" = C:\Programme\Google\Google Earth\PLUGIN\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\Programme\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Programme\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent -- (Axentra Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 30 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}" = Löwenzahn 1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Camera Window "{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}" = Acer eMode Management "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E7639EA-2713-205D-0ACA-5E2D2DC1321A}" = DataCenter2 "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2 "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync "{79FA7C3A-23E9-415B-9D5F-465DBCA59247}" = ADAC RoutenPlaner 2006/2007 "{7A92A322-1A10-4153-B551-D547AA9B4649}" = Fieldmania "{7CFC17CE-0A66-46B0-BA57-BF8AB674BF5C}" = Loewenzahn 6 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9CCF5C3-4E30-42E6-992F-3D257B01E292}" = Loewenzahn 3 "{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc "{B46B18F9-255D-4DBD-B7DC-D8C099AA66D8}" = Lernen Mathe 1 "{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon Camera WIA Driver "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard "{C88196BE-31A0-456B-9756-16B06E294AFF}" = Lernen Deutsch 1 "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = CIG "{DE470016-1C64-11D5-982A-0050DA602C65}" = Löwenzahn 5 "{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon Camera WIA Driver "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}" = Acer eConsole "{F5281E62-DAF3-4530-A6DC-6B902F416771}" = HP_3.0_Stand_11_06 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "ADAC Camping-Caravaning-Führer 2006 Südeuropa" = ADAC Camping-Caravaning-Führer 2006 Südeuropa "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ATI Display Driver" = ATI Display Driver "Bike GPS RichTrack Factory_is1" = Bike GPS RichTrack Factory 3.2.9.3 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CCleaner" = CCleaner "CloneCD" = CloneCD "CloneDVD" = CloneDVD "CSCLIB" = Canon Camera Support Core Library "Data Center 2" = Data Center 2 "DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1" = DataCenter2 "eMule" = eMule "EOS Utility" = Canon Utilities EOS Utility "Football Setup" = Football Setup "Google Updater" = Google Updater "HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series "ie8" = Windows Internet Explorer 8 "InCD!UninstallKey" = InCD "InstallShield_{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2 "InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber "InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7 "InstallShield_{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon PowerShot G3 WIA-Treiber "InstallShield_{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = Canon Internet Library for ZoomBrowser EX "InstallShield_{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon IXY 320, PowerShot S230, IXUS v3 WIA-Treiber "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mama Muh Winter" = Mama Muh Winter "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mp3tag" = Mp3tag "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyCamera" = Canon Utilities MyCamera "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "MyCameraDC" = Canon Utilities MyCamera DC "Nero - Burning Rom!UninstallKey" = Nero 6 "Nokia Suite" = Nokia Suite "Off-Road Arena" = Off-Road Arena "OutlookTunerLite" = OutlookTunerLite "phase-6-junior" = phase-6-junior 2.1.2.3b "PhotoRecord" = Canon PhotoRecord "PhotoStitch" = Canon Utilities PhotoStitch "QuickTime" = QuickTime "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SLAMRNTV" = NetoDragon 56K Voice Modem "Transalp 2003" = Transalp 2003 "VLC media player" = VLC media player 1.1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "Zahlenbuch 3" = Zahlenbuch 3 "Zahlenbuch 4" = Zahlenbuch 4 "Zahlenzauber 1_is1" = Zahlenzauber 1 "Zahlenzauber 2_is1" = Zahlenzauber 2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.05.2012 07:16:06 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 05.05.2012 02:59:16 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 05.05.2012 14:35:23 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 06.05.2012 14:34:06 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 07.05.2012 14:41:09 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 07.05.2012 14:44:25 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 07.05.2012 14:55:16 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 08.05.2012 13:43:52 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 08.05.2012 14:23:29 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 12.05.2012 16:36:30 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = [ System Events ] Error - 05.04.2012 10:51:02 | Computer Name = ACER-6655572C9F | Source = DCOM | ID = 10010 Description = Der Server "{8C53F4F9-90F5-4CA0-A8FE-76ECF5FBD2CF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 05.04.2012 16:04:20 | Computer Name = ACER-6655572C9F | Source = DCOM | ID = 10010 Description = Der Server "{8C53F4F9-90F5-4CA0-A8FE-76ECF5FBD2CF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 06.04.2012 18:37:29 | Computer Name = ACER-6655572C9F | Source = DCOM | ID = 10010 Description = Der Server "{8C53F4F9-90F5-4CA0-A8FE-76ECF5FBD2CF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 07.04.2012 17:01:43 | Computer Name = ACER-6655572C9F | Source = DCOM | ID = 10010 Description = Der Server "{8C53F4F9-90F5-4CA0-A8FE-76ECF5FBD2CF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 09.04.2012 04:35:52 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (120000 ms) beim Verbindungsversuch mit Dienst Installer Service. Error - 09.04.2012 04:35:52 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Installer Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 20.04.2012 16:57:43 | Computer Name = ACER-6655572C9F | Source = DCOM | ID = 10010 Description = Der Server "{C8A648DB-9955-4AF9-BD79-67EA5381CF37}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.04.2012 16:58:26 | Computer Name = ACER-6655572C9F | Source = DCOM | ID = 10010 Description = Der Server "{C8A648DB-9955-4AF9-BD79-67EA5381CF37}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 08.05.2012 14:23:38 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7000 Description = Der Dienst "int15.sys" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.05.2012 16:36:39 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7000 Description = Der Dienst "int15.sys" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > Zu Punkt 5: CCleaner installiert und Liste mit installierten Progs erstellt Hier die Liste: Code:
ATTFilter Acer eConsole 12.05.2012 1.2.19.0 Acer eMode Management 12.05.2012 2.0.9.0 ADAC Camping-Caravaning-Führer 2006 Südeuropa 12.05.2012 ADAC RoutenPlaner 2006/2007 26.04.2006 Adobe AIR Adobe Systems Inc. 01.08.2011 1.5.3.9130 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.05.2012 11.2.202.235 Adobe Reader 9.4.7 - Deutsch Adobe Systems Incorporated 17.12.2011 174,4MB 9.4.7 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 12.05.2012 11.5.2.602 ArcSoft Camera Suite ATI Display Driver 12.05.2012 8.121-050322a-022142C-ATI Bike GPS RichTrack Factory 3.2.9.3 Bike GPS 23.04.2012 Canon Camera Access Library 12.05.2012 8.4.0.1 Canon Camera Support Core Library 12.05.2012 7.3.1.6 Canon Camera Window for ZoomBrowser EX Canon 28.01.2011 4.1.1 Canon G.726 WMP-Decoder 12.05.2012 1.1.0.4 CANON iMAGE GATEWAY MyCamera Download Plugin Canon Inc. 12.05.2012 3.1.0.1 CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 12.05.2012 1.8.0.1 Canon Internet Library for ZoomBrowser EX Canon Inc. 12.05.2012 1.7.0.1 Canon Internet Library for ZoomBrowser EX Canon Inc. 28.01.2011 1.2.2 Canon IXY 320, PowerShot S230, IXUS v3 WIA-Treiber Canon 09.10.2009 5.0.5 Canon MOV Decoder Canon Inc. 12.05.2012 1.7.0.6 Canon MOV Encoder Canon Inc. 12.05.2012 1.5.0.3 Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 12.05.2012 3.6.0.5 Canon PhotoRecord 12.05.2012 Canon PowerShot G3 WIA-Treiber Canon 09.10.2009 5.0.5 Canon PowerShot S45 WIA-Treiber Canon 09.10.2009 5.0.5 Canon RAW Image Task for ZoomBrowser EX 12.05.2012 0.9.3.9 Canon Utilities CameraWindow Canon Inc. 12.05.2012 7.2.0.2 Canon Utilities CameraWindow DC Canon Inc. 12.05.2012 7.4.0.9 Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 12.05.2012 6.5.0.3 Canon Utilities EOS Utility 12.05.2012 1.1.0.8 Canon Utilities File Viewer Utility 1.2 Canon 01.05.2006 1.2.2 Canon Utilities MyCamera Canon Inc. 12.05.2012 7.2.0.4 Canon Utilities MyCamera DC Canon Inc. 12.05.2012 7.2.0.5 Canon Utilities PhotoStitch Canon Inc. 12.05.2012 3.1.22.46 Canon Utilities RemoteCapture 2.7 Canon 01.05.2006 2.7.2 Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 12.05.2012 1.8.0.1 Canon Utilities ZoomBrowser EX CISRA 28.01.2011 04.01.00046 CCleaner Piriform 12.05.2012 3.18 CloneCD Elaborate Bytes 12.05.2012 CloneDVD Elaborate Bytes 12.05.2012 Data Center 2 Sigma Elektro GmbH 12.05.2012 DataCenter2 Sigma Elektro GmbH 01.08.2011 2.0.2 eMule 12.05.2012 Fieldmania media Verlagsgesellschaft mbH 29.10.2009 1.0 Football Setup 12.05.2012 Google Earth Google 21.11.2011 103,3MB 6.1.0.5001 Google Updater Google Inc. 12.05.2012 2.4.2432.1652 HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series 12.05.2012 HP Speicher-Disc Hewlett-Packard Company 21.04.2006 25,9MB 1.0.4.805 HP_3.0_Stand_11_06 Zeilhofer Schlaf- und Jugendmoebel GmbH 22.01.2008 545MB 1.00.0000 IKEA Home Planner IKEA IT 17.01.2010 151,4MB 2.0.3 InCD 12.05.2012 J2SE Runtime Environment 5.0 Update 2 Sun Microsystems, Inc. 19.04.2006 143,6MB 1.5.0.20 Java(TM) 6 Update 30 Sun Microsystems, Inc. 16.06.2009 95,1MB 6.0.300 Lernen Deutsch 1 Terzio Verlag 12.11.2007 7,06MB 1.00.0000 Lernen Mathe 1 Terzio Verlag 07.11.2007 7,06MB 1.00.0000 Loewenzahn 3 Terzio Verlag 04.11.2006 6,16MB 1.00.0000 Loewenzahn 6 Terzio Verlag 11.12.2008 6,19MB 1.00.0000 Löwenzahn 1 Terzio Verlag 11.11.2006 5,31MB 1.00.0000 Löwenzahn 5 Terzio Verlag 11.11.2006 6,19MB 1.00.0000 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 12.05.2012 1.61.0.1400 Mama Muh Winter 12.05.2012 Memeo AutoSync Memeo Inc. 12.05.2012 Memeo Instant Backup Memeo Inc. 12.05.2012 4.60.0.7923 Microsoft .NET Framework 1.1 12.04.2012 Microsoft .NET Framework 1.1 German Language Pack Microsoft 22.10.2005 3,10MB 1.1.4322 Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation 05.10.2009 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 12.04.2012 193,8MB 2.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 28.06.2010 211MB 3.2.30729 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 11.01.2012 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 09.10.2009 1 Microsoft Office Professional Edition 2003 Microsoft Corporation 19.04.2006 680MB 11.0.5614.0 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 09.10.2009 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.12.2009 5,88MB 8.0.56336 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft 23.01.2008 11,7MB 1.1.4322 Mp3tag Florian Heidenreich 12.05.2012 V.2.03 MSXML 4.0 SP2 (KB927978) Microsoft Corporation 20.11.2006 2,77MB 4.20.9841.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 26.09.2007 2,77MB 4.20.9848.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 2,90MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 3,02MB 4.20.9876.0 MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 24.11.2009 1,45MB 6.20.2003.0 Nero 6 12.05.2012 NetoDragon 56K Voice Modem 12.05.2012 Nokia Connectivity Cable Driver Nokia 09.04.2012 3,66MB 7.1.69.0 Nokia Suite Nokia 09.04.2012 3.3.89.0 Off-Road Arena 12.05.2012 OutlookTunerLite 12.05.2012 PC Connectivity Solution Nokia 09.04.2012 15,4MB 11.5.29.0 phase-6-junior 2.1.2.3b phase-6 12.05.2012 2.1.2.3b PowerDVD 12.05.2012 QuickTime 12.05.2012 Realtek AC'97 Audio Realtek Semiconductor Corp. 22.10.2005 5.09 Seagate Dashboard Memeo Inc. 12.05.2012 1.1.0.1421 Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 10.02.2010 32,3MB 9.0.0 T-Online WLAN-Access Finder 12.05.2012 Transalp 2003 12.05.2012 VLC media player 1.1.5 VideoLAN 12.05.2012 1.1.5 Windows Internet Explorer 8 Microsoft Corporation 03.06.2010 20090308.140743 Windows Media Format 11 runtime 12.05.2012 Windows Media Player 11 12.05.2012 Windows XP Service Pack 3 Microsoft Corporation 10.10.2010 20080414.031514 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 12.05.2012 08/22/2008 7.0.0.0 WinRAR Archivierer 12.05.2012 WinZip WinZip Computing, Inc. 12.05.2012 8.1 (4331g) XP Codec Pack 12.05.2012 Zahlenbuch 3 12.05.2012 Zahlenbuch 4 12.05.2012 Zahlenzauber 1 Oldenbourg Verlag 12.05.2012 Zahlenzauber 2 Oldenbourg Verlag 12.05.2012 Wir haben noch das Problem, dass ziemlich alle Bilddateien (JPG) und auch unsere Videos (AVI) verschlüsselt wurden, indem Sie wahllose vierstellige Buchstabenendungen als Dateiformat bekommen haben und im Dateinamen wurde beginnend ein "locked-" eingefügt. Wir warten gespannt auf Deine Antwort ??? Vielen Dank und schöne Grüße. Geändert von edgar_bilumi (12.05.2012 um 21:41 Uhr) |
12.05.2012, 21:47 | #4 | |
/// Helfer-Team | Windows-Verschlüsselungs-Trojaner unter Windows XP 1. Code:
ATTFilter eMule Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen! Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen! 2. Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben. Wenn alles gut geht, kannst Du dann am PC weiter machen 3. Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html ► SemperVideo hat ein Video zum Thema erstellt. 4. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
13.05.2012, 21:40 | #5 |
| Windows-Verschlüsselungs-Trojaner unter Windows XP Hallo kira! Haben gestern + heute alles ganz genau nach Deinen Vorgaben abgearbeitet. Zu Punkt 1: EMULE Dieses Programm haben wir vor langer Zeit einmal installiert, aber nie genutzt. Deshalb haben wir es nach Deinem Hinweis auch gleich deinstalliert. Zu Punkt 2: DATENSICHERUNG AUF EXTERNE FESTPLATTE Alle verschlüsselten Bild- und Videodateien haben wir vor dem Versuch des Entschlüsselns heute auf eine externe Festplatte gesichert. Zu Punkt 3: ENTSCHLÜSSELUNG MIT DECRYPTER Mit dem DECRYPTER haben wir heute einen Schlüssel uns mittels eines Dateienpäärchens (Original + verschlüsselte Datei) generiert und damit versucht, eine einzelne, verschlüsselte Datei wieder zu entschlüsseln. Das hat auch gleich funktioniert. Anschließend haben wir ordnerweise alle unsere verschlüsselten Bilder und Videos auf dem PC-Laufwerk "D" wieder entschlüsselt. Zu Punkt 4: ERNEUTER SCAN MIT OTL Gerade vorhin haben wir wie Du beschrieben hast, einen erneuten Scan mit OTL durchgeführt. a) hier die OTL.TXT OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.05.2012 22:17:39 - Run 2 OTL by OldTimer - Version 3.2.42.3 Folder = F:\12-05-12_2_otl_von_oldtimer_anwendung Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 220,91 Mb Available Physical Memory | 43,19% Memory free 1,22 Gb Paging File | 0,70 Gb Available in Paging File | 57,63% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,65 Gb Total Space | 47,80 Gb Free Space | 65,80% Space Free | Partition Type: FAT32 Drive D: | 73,43 Gb Total Space | 9,96 Gb Free Space | 13,57% Space Free | Partition Type: FAT32 Drive F: | 29,64 Mb Total Space | 6,66 Mb Free Space | 22,46% Space Free | Partition Type: FAT Computer Name: ACER-6655572C9F | User Name: Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.12 21:35:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\12-05-12_2_otl_von_oldtimer_anwendung\OTL.exe PRC - [2012.02.01 09:11:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 13:32:02 | 000,142,376 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2011.06.09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.06.01 17:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\MemeoDashboard.exe PRC - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe PRC - [2011.06.01 17:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Programme\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe PRC - [2011.05.04 22:04:38 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe PRC - [2011.05.04 22:04:32 | 000,325,344 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.26 16:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe PRC - [2007.07.25 17:50:32 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2005.06.20 09:03:24 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Programme\acer\eRecovery\Monitor.exe PRC - [2005.06.08 08:31:32 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005.06.04 12:40:58 | 000,110,592 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eMode Management\AspireService.exe PRC - [2005.06.01 14:25:40 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eConsole\MediaSync.exe PRC - [2005.06.01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eConsole\MediaServerService.exe PRC - [2004.09.13 11:51:06 | 001,450,096 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCD.exe PRC - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2001.11.29 17:10:28 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe ========== Modules (No Company Name) ========== MOD - [2012.05.13 10:18:20 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll MOD - [2012.05.13 10:17:30 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll MOD - [2012.05.13 10:16:32 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll MOD - [2012.05.13 10:12:18 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll MOD - [2012.05.13 10:10:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.13 10:09:46 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MOD - [2012.05.12 23:40:12 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.12 23:40:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll MOD - [2012.05.12 23:39:36 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll MOD - [2012.05.12 23:38:18 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll MOD - [2012.05.12 23:22:50 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.12 23:22:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.12 23:21:04 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.05.12 23:20:58 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.02.01 09:12:34 | 000,423,808 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.02.01 09:12:32 | 000,058,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll MOD - [2012.02.01 09:12:30 | 000,272,768 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll MOD - [2012.02.01 09:12:30 | 000,095,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\qjson.dll MOD - [2012.02.01 09:12:14 | 000,384,896 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtCore.dll MOD - [2012.02.01 09:12:14 | 000,165,248 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtWeb.dll MOD - [2012.02.01 09:12:12 | 010,843,520 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.02.01 09:12:12 | 002,557,312 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.02.01 09:12:12 | 000,346,496 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.02.01 09:12:08 | 001,294,208 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.02.01 09:12:08 | 000,196,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.02.01 09:12:06 | 000,919,936 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.02.01 09:12:06 | 000,682,880 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.02.01 09:12:06 | 000,517,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.02.01 09:12:04 | 008,172,928 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.02.01 09:12:04 | 002,252,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.02.01 09:12:02 | 002,288,512 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.02.01 09:12:00 | 000,422,272 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.02.01 09:11:56 | 000,202,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012.02.01 09:11:56 | 000,034,688 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012.02.01 09:11:54 | 000,032,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012.02.01 09:11:36 | 000,388,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\OviShareLib.dll MOD - [2012.02.01 09:11:28 | 000,437,632 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll MOD - [2012.02.01 09:11:18 | 001,037,696 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Maps Service API.dll MOD - [2012.02.01 09:10:52 | 000,758,656 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.01.05 15:19:12 | 000,112,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2011.06.01 17:46:02 | 000,030,984 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll MOD - [2011.06.01 17:45:34 | 000,011,016 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\Plugins\de-DE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll MOD - [2011.06.01 17:42:24 | 000,108,296 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\Memeo.Progress.dll MOD - [2011.06.01 17:16:54 | 000,971,776 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll MOD - [2011.06.01 17:16:54 | 000,241,664 | ---- | M] () -- C:\Programme\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll MOD - [2011.05.04 22:05:50 | 000,114,688 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll MOD - [2011.05.04 22:05:50 | 000,028,672 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll MOD - [2011.05.04 22:04:54 | 002,896,608 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll MOD - [2011.05.04 22:04:50 | 000,027,360 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll MOD - [2011.05.04 22:04:32 | 000,325,344 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe MOD - [2010.03.22 23:59:46 | 000,504,293 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\sqlite3.dll MOD - [2010.03.22 23:57:42 | 000,178,176 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Memeo\ProfMan.dll MOD - [2009.10.05 20:23:28 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.05 20:23:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2005.06.01 14:21:08 | 000,151,552 | ---- | M] () -- C:\Programme\acer\Acer eConsole\MediaUtil.dll MOD - [2005.06.01 14:19:42 | 000,737,280 | ---- | M] () -- C:\Programme\acer\Acer eConsole\log4cxx.dll MOD - [2004.12.06 19:26:10 | 001,446,912 | ---- | M] () -- C:\WINDOWS\system32\OutlookTunerAddinLite.dll MOD - [2004.11.02 21:16:40 | 000,121,856 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2003.07.14 22:44:34 | 000,102,968 | ---- | M] () -- C:\Programme\Microsoft Office\OFFICE11\OUTLCTL.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.05.05 21:16:34 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService) SRV - [2011.05.04 22:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2005.06.01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2002.11.27 13:30:30 | 000,065,536 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2001.11.29 17:10:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 10:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 10:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008.11.29 16:00:58 | 000,114,496 | ---- | M] (Protection Technology Co.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv04.sys -- (prodrv04) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 20:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2006.04.21 17:10:34 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2005.06.08 08:31:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.03.23 20:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.03.04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys) DRV - [2004.09.13 11:58:10 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2004.09.13 11:54:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004.09.13 11:54:06 | 000,093,440 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2003.03.28 17:25:52 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2002.11.28 16:18:06 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2002.11.28 12:43:50 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ElbyVCD.sys -- (ElbyVCD) DRV - [2002.01.29 13:28:28 | 000,220,432 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2001.11.29 17:10:32 | 001,432,836 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\v90drv.sys -- (V90drv) DRV - [2001.11.29 17:10:28 | 000,033,028 | R--- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) DRV - [2001.11.29 17:10:26 | 000,175,160 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2001.11.29 17:10:20 | 000,607,732 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax) DRV - [2001.11.29 17:10:18 | 002,383,460 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2001.11.29 17:10:14 | 000,172,708 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.04.09 10:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.04.09 10:40:20 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AspireService] C:\Programme\acer\Acer eMode Management\AspireService.exe (Acer Inc.) O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [CloneDVDElbyDelay] C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [eRecoveryService] C:\Programme\acer\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [MediaSync] C:\Programme\acer\Acer eConsole\MediaSync.exe (Acer Inc.) O4 - HKLM..\Run: [Memeo AutoSync] C:\Programme\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [Memeo Instant Backup] C:\Programme\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Seagate Dashboard] C:\Programme\Seagate\Seagate Dashboard\MemeoLauncher.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UIUCU] C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Temp\UIUCU.EXE (Conexant Systems, Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A3B4C4-1C81-491A-A870-079F84CA1E40}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.10.22 07:38:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell - "" = AutoRun O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell\AutoRun\command - "" = J:\Password.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.13 10:55:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Desktop\12-05-13_decrypter_v-0-5-3 [2012.05.13 09:53:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mayer\Recent [2012.05.12 23:20:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.12 21:51:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.05.12 21:49:10 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.12 20:43:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Malwarebytes [2012.05.12 20:43:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.12 20:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.05.12 20:43:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.12 20:42:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.08 22:02:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.08 21:48:38 | 000,000,000 | -HSD | C] -- C:\FOUND.007 [2012.05.08 20:21:32 | 000,000,000 | -HSD | C] -- C:\FOUND.006 [2012.05.08 20:15:19 | 001,036,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2012.05.08 20:00:48 | 000,000,000 | -HSD | C] -- C:\FOUND.005 [2012.05.08 19:42:46 | 000,000,000 | -HSD | C] -- C:\FOUND.004 ========== Files - Modified Within 30 Days ========== [2012.05.13 22:14:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.13 20:32:12 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Office Outlook 2003.lnk [2012.05.13 19:27:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2012.05.13 19:27:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.13 19:27:16 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2012.05.13 13:04:40 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.13 10:27:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.05.12 23:34:14 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.12 23:21:12 | 000,464,256 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.12 23:21:12 | 000,445,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.12 23:21:12 | 000,086,638 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.12 23:21:12 | 000,072,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.05.12 22:35:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.12 21:51:50 | 000,000,562 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.05.12 20:43:12 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.07 20:56:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.05.06 23:16:10 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Office Word 2003.lnk [2012.05.05 21:15:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.05.05 21:15:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.04.23 20:24:22 | 000,000,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Mayer\Desktop\Bike GPS RichTrack Factory.lnk [2012.04.20 23:00:46 | 000,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk ========== Files Created - No Company Name ========== [2012.05.12 22:36:12 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.05.12 21:51:49 | 000,000,562 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.05.12 20:43:10 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.07 20:42:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.15 21:42:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll ========== LOP Check ========== [2006.11.04 19:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terzio [2008.01.23 19:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.10.05 19:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tanagra [2010.06.03 19:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eConsole [2011.04.30 23:35:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch [2011.09.20 16:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cornelsen [2011.10.10 19:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.10.10 19:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.10.10 19:44:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011.10.30 14:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase6 [2011.11.06 19:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MemeoCommon [2008.01.23 19:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\T-Online [2009.03.08 18:34:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\FWU-USM [2011.03.14 23:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Navigram [2011.08.01 20:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1 [2011.10.10 19:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\PC Suite [2011.11.06 19:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Leadertech [2011.11.06 19:34:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Seagate [2011.11.06 19:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Memeo [2012.04.09 10:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Nokia [2006.11.19 17:13:26 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1145632241.job ========== Purity Check ========== < End of report > b) hier die EXTRAS.TXT OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.05.2012 22:17:39 - Run 2 OTL by OldTimer - Version 3.2.42.3 Folder = F:\12-05-12_2_otl_von_oldtimer_anwendung Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 220,91 Mb Available Physical Memory | 43,19% Memory free 1,22 Gb Paging File | 0,70 Gb Available in Paging File | 57,63% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,65 Gb Total Space | 47,80 Gb Free Space | 65,80% Space Free | Partition Type: FAT32 Drive D: | 73,43 Gb Total Space | 9,96 Gb Free Space | 13,57% Space Free | Partition Type: FAT32 Drive F: | 29,64 Mb Total Space | 6,66 Mb Free Space | 22,46% Space Free | Partition Type: FAT Computer Name: ACER-6655572C9F | User Name: Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Acer\Acer eConsole\MediaSync.exe" = C:\Programme\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer -- (Acer Inc.) "C:\Programme\Acer\Acer eConsole\eConsole.exe" = C:\Programme\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole -- (Acer Inc.) "C:\Programme\Acer\Acer eConsole\MediaServerService.exe" = C:\Programme\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server -- (Acer Inc.) "C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule "C:\Programme\Tecnomatix\eMPower\Tune.exe" = C:\Programme\Tecnomatix\eMPower\Tune.exe:*:Disabled:Tecnomatix eMPower Application "C:\Programme\ADAC\ACCF2006_1\ADAC_Browser.exe" = C:\Programme\ADAC\ACCF2006_1\ADAC_Browser.exe:*:Enabled:ADAC_Browser -- () "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Google\Google Earth\PLUGIN\geplugin.exe" = C:\Programme\Google\Google Earth\PLUGIN\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\Programme\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Programme\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent -- (Axentra Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 30 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}" = Löwenzahn 1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Camera Window "{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}" = Acer eMode Management "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E7639EA-2713-205D-0ACA-5E2D2DC1321A}" = DataCenter2 "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2 "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync "{79FA7C3A-23E9-415B-9D5F-465DBCA59247}" = ADAC RoutenPlaner 2006/2007 "{7A92A322-1A10-4153-B551-D547AA9B4649}" = Fieldmania "{7CFC17CE-0A66-46B0-BA57-BF8AB674BF5C}" = Loewenzahn 6 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9CCF5C3-4E30-42E6-992F-3D257B01E292}" = Loewenzahn 3 "{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc "{B46B18F9-255D-4DBD-B7DC-D8C099AA66D8}" = Lernen Mathe 1 "{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon Camera WIA Driver "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard "{C88196BE-31A0-456B-9756-16B06E294AFF}" = Lernen Deutsch 1 "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = CIG "{DE470016-1C64-11D5-982A-0050DA602C65}" = Löwenzahn 5 "{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon Camera WIA Driver "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}" = Acer eConsole "{F5281E62-DAF3-4530-A6DC-6B902F416771}" = HP_3.0_Stand_11_06 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "ADAC Camping-Caravaning-Führer 2006 Südeuropa" = ADAC Camping-Caravaning-Führer 2006 Südeuropa "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ATI Display Driver" = ATI Display Driver "Bike GPS RichTrack Factory_is1" = Bike GPS RichTrack Factory 3.2.9.3 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CCleaner" = CCleaner "CloneCD" = CloneCD "CloneDVD" = CloneDVD "CSCLIB" = Canon Camera Support Core Library "Data Center 2" = Data Center 2 "DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1" = DataCenter2 "EOS Utility" = Canon Utilities EOS Utility "Football Setup" = Football Setup "Google Updater" = Google Updater "HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series "ie8" = Windows Internet Explorer 8 "InCD!UninstallKey" = InCD "InstallShield_{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2 "InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber "InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7 "InstallShield_{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon PowerShot G3 WIA-Treiber "InstallShield_{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = Canon Internet Library for ZoomBrowser EX "InstallShield_{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon IXY 320, PowerShot S230, IXUS v3 WIA-Treiber "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mama Muh Winter" = Mama Muh Winter "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mp3tag" = Mp3tag "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyCamera" = Canon Utilities MyCamera "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "MyCameraDC" = Canon Utilities MyCamera DC "Nero - Burning Rom!UninstallKey" = Nero 6 "Nokia Suite" = Nokia Suite "Off-Road Arena" = Off-Road Arena "OutlookTunerLite" = OutlookTunerLite "phase-6-junior" = phase-6-junior 2.1.2.3b "PhotoRecord" = Canon PhotoRecord "PhotoStitch" = Canon Utilities PhotoStitch "QuickTime" = QuickTime "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SLAMRNTV" = NetoDragon 56K Voice Modem "Transalp 2003" = Transalp 2003 "VLC media player" = VLC media player 1.1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "Zahlenbuch 3" = Zahlenbuch 3 "Zahlenbuch 4" = Zahlenbuch 4 "Zahlenzauber 1_is1" = Zahlenzauber 1 "Zahlenzauber 2_is1" = Zahlenzauber 2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.05.2012 16:36:30 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 12.05.2012 16:36:42 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 12.05.2012 17:35:19 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 12.05.2012 17:46:40 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 12.05.2012 17:53:01 | Computer Name = ACER-6655572C9F | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung econsole.exe, Version 1.2.19.0, fehlgeschlagenes Modul xpsp2res.dll, Version 5.1.2600.5512, Fehleradresse 0x0006851c. Error - 12.05.2012 17:54:54 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 13.05.2012 03:47:12 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 13.05.2012 03:54:43 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 13.05.2012 06:54:12 | Computer Name = ACER-6655572C9F | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul avisplitter.ax, Version 1.0.0.9, Fehleradresse 0x00022e58. Error - 13.05.2012 13:27:37 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = [ System Events ] Error - 13.05.2012 07:14:34 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:35 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:37 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:39 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:41 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:43 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:45 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:46 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:48 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. Error - 13.05.2012 07:14:50 | Computer Name = ACER-6655572C9F | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden. < End of report > Wir haben nun alles wie Du beschrieben hast abgearbeitet und warten mal wieder gespannt auf Deine Antwort. Schöne Grüße. Geändert von edgar_bilumi (13.05.2012 um 21:53 Uhr) |
13.05.2012, 23:05 | #6 | |
/// Helfer-Team | Windows-Verschlüsselungs-Trojaner unter Windows XP Systemreinigung und Prüfung: 1. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 2. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 3. Zitat:
Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell - "" = AutoRun O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\Shell\AutoRun\command - "" = J:\Password.exe :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\eMule\emule.exe" =- :Files C:\WINDOWS\tasks\Google Software Updater.job ipconfig /flushdns /c :Commands [purity] [emptytemp]
4. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 5. reinige dein System mit CCleaner:
6.
7. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 8. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 9. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Windows-Verschlüsselungs-Trojaner unter Windows XP |
15.05.2012, 18:22 | #7 |
| Windows-Verschlüsselungs-Trojaner unter Windows XP Hallo kira! sorry, haben erst gerade eben alle 9 Punkte Deiner letzten Nachricht fertig abgearbeitet. Zu Punkt 1: JAVA NEUINSTALLATION Alte JAVA-Software deinstalliert, neue installiert (Version 7 Update 4) Zu Punkt 2: ADOBE READER UPDATEN Haben wir gemacht, aktuelle Version 9.5.1 Zu Punkt 3: FIXEN MIT OTL Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ deleted successfully. C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808117a8-a09e-11df-83be-000fea3556a7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808117a8-a09e-11df-83be-000fea3556a7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808117a8-a09e-11df-83be-000fea3556a7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808117a8-a09e-11df-83be-000fea3556a7}\ not found. File J:\Password.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\eMule\emule.exe deleted successfully. ========== FILES ========== C:\WINDOWS\tasks\Google Software Updater.job moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. F:\12-05-12_2_otl_von_oldtimer_anwendung\cmd.bat deleted successfully. F:\12-05-12_2_otl_von_oldtimer_anwendung\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 41661 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 82513 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Mayer ->Temp folder emptied: 2610813 bytes ->Temporary Internet Files folder emptied: 68557422 bytes ->Java cache emptied: 595846 bytes ->Flash cache emptied: 2007200 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 65285262 bytes RecycleBin emptied: 380551501 bytes Total Files Cleaned = 496,00 mb OTL by OldTimer - Version 3.2.42.3 log created on 05142012_210522 Files\Folders moved on Reboot... File\Folder C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\49SPUZS1\myebaysummary;seg=GL_MetaViewWatchSearch_11450;seg=GL_MetaViewWatchSearch_888;seg=GL_MetaViewWatchSearch_11700;seg=GL_MetaViewWatchSearch_131090;seg=GL_MetaViewWatchSearch_[1].htm not found! File\Folder C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\49SPUZS1\default;seg=GL_MetaViewWatchSearch_11450;seg=GL_MetaViewWatchSearch_888;seg=GL_MetaViewWatchSearch_11700;seg=GL_MetaViewWatchSearch_131090;seg=GL_MetaViewWatchSearch_267;sz[1].htm not found! Registry entries deleted on Reboot... Hierzu haben wir bis jetzt nichts am PC verändert, lediglich den Cache des Internet Explorers haben wir geleert. Macht das was ??? Zu Punkt 5: SYSTEM REINIGEN CCLEANER Haben wir auch gemacht. Zu Punkt 6: SCANNEN mit SUPERAntiSpyware FREE Edition Haben wir auch gemacht. Hier das Protokoll: Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/14/2012 at 10:45 PM Application Version : 5.0.1148 Core Rules Database Version : 8593 Trace Rules Database Version: 6405 Scan type : Complete Scan Total Scan Time : 00:47:59 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 697 Memory threats detected : 0 Registry items scanned : 35163 Registry threats detected : 2 File items scanned : 32839 File threats detected : 2 Security.HiJack[ImageFileExecutionOptions] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TASKMGR.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TASKMGR.EXE#Debugger Adware.Tracking Cookie C:\Dokumente und Einstellungen\Mayer\Cookies\QPBCMV5V.txt [ /microsoftinternetexplorer.112.2o7.net ] Backdoor.PoeBot C:\PROGRAMME\WINRAR\UNINSTALL.EXE Wurden zuletzt nicht verwendet, werden diese aber in Zukunft auch immer mal wieder scannen... Zu Punkt 8: ONLINE SCANNEN mit Eset Online Scanner (NOD32)Kostenlose Online Scanner Haben wir über Nacht erledigt, das Protokoll mit den 2 gefundenen Bedrohungen hängen wir mit an: Code:
ATTFilter C:\_OTL\MovedFiles\05122012_214910\C_WINDOWS\system32\14CA115F320D180E5361.exe Win32/Trustezeb.A Trojaner Gesäubert durch Löschen - in Quarantäne kopiert C:\_OTL\MovedFiles\05122012_214910\C_Dokumente und Einstellungen\Mayer\Anwendungsdaten\Faxyviomald\36CF82AF320D180E33BF.exe Win32/Trustezeb.A Trojaner Gesäubert durch Löschen - in Quarantäne kopiert Gerade soeben durchgeführt. a) hier die OTL.TXT: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2012 19:12:20 - Run 3 OTL by OldTimer - Version 3.2.42.3 Folder = F:\12-05-12_2_otl_von_oldtimer_anwendung Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 52,49 Mb Available Physical Memory | 10,26% Memory free 1,22 Gb Paging File | 0,57 Gb Available in Paging File | 47,05% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,65 Gb Total Space | 48,92 Gb Free Space | 67,34% Space Free | Partition Type: FAT32 Drive D: | 73,43 Gb Total Space | 9,95 Gb Free Space | 13,55% Space Free | Partition Type: FAT32 Drive F: | 29,64 Mb Total Space | 6,19 Mb Free Space | 20,88% Space Free | Partition Type: FAT Computer Name: ACER-6655572C9F | User Name: Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.12 21:35:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\12-05-12_2_otl_von_oldtimer_anwendung\OTL.exe PRC - [2012.05.01 18:48:06 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.02.01 09:11:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 13:32:02 | 000,142,376 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2011.08.12 01:38:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.05.04 22:04:38 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe PRC - [2011.05.04 22:04:32 | 000,325,344 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.26 16:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe PRC - [2007.07.25 17:50:32 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2005.06.20 09:03:24 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Programme\acer\eRecovery\Monitor.exe PRC - [2005.06.08 08:31:32 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005.06.04 12:40:58 | 000,110,592 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eMode Management\AspireService.exe PRC - [2005.06.01 14:25:40 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eConsole\MediaSync.exe PRC - [2005.06.01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) -- C:\Programme\acer\Acer eConsole\MediaServerService.exe PRC - [2004.09.13 11:51:06 | 001,450,096 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCD.exe PRC - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2001.11.29 17:10:28 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe ========== Modules (No Company Name) ========== MOD - [2012.05.15 19:07:04 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.05.15 19:07:04 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.05.14 21:55:10 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.05.14 21:55:10 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.05.13 10:18:20 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll MOD - [2012.05.13 10:17:30 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll MOD - [2012.05.13 10:12:18 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll MOD - [2012.05.13 10:10:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.12 23:40:12 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.12 23:40:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll MOD - [2012.05.12 23:39:36 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll MOD - [2012.05.12 23:38:18 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll MOD - [2012.05.12 23:22:50 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.12 23:22:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.12 23:21:04 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.05.12 23:20:58 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.02.01 09:12:34 | 000,423,808 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.02.01 09:12:32 | 000,058,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll MOD - [2012.02.01 09:12:30 | 000,272,768 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll MOD - [2012.02.01 09:12:30 | 000,095,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\qjson.dll MOD - [2012.02.01 09:12:14 | 000,384,896 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtCore.dll MOD - [2012.02.01 09:12:14 | 000,165,248 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtWeb.dll MOD - [2012.02.01 09:12:12 | 010,843,520 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.02.01 09:12:12 | 002,557,312 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.02.01 09:12:12 | 000,346,496 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.02.01 09:12:08 | 001,294,208 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.02.01 09:12:08 | 000,196,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.02.01 09:12:06 | 000,919,936 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.02.01 09:12:06 | 000,682,880 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.02.01 09:12:06 | 000,517,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.02.01 09:12:04 | 008,172,928 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.02.01 09:12:04 | 002,252,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.02.01 09:12:02 | 002,288,512 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.02.01 09:12:00 | 000,422,272 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.02.01 09:11:56 | 000,202,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012.02.01 09:11:56 | 000,034,688 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012.02.01 09:11:54 | 000,032,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012.02.01 09:11:36 | 000,388,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\OviShareLib.dll MOD - [2012.02.01 09:11:28 | 000,437,632 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll MOD - [2012.02.01 09:11:18 | 001,037,696 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Maps Service API.dll MOD - [2012.02.01 09:10:52 | 000,758,656 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.01.05 15:19:12 | 000,112,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2011.05.04 22:05:50 | 000,028,672 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll MOD - [2011.05.04 22:04:54 | 002,896,608 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll MOD - [2011.05.04 22:04:50 | 000,027,360 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll MOD - [2011.05.04 22:04:32 | 000,325,344 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe MOD - [2010.03.22 23:59:46 | 000,504,293 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\sqlite3.dll MOD - [2010.03.22 23:57:42 | 000,178,176 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Memeo\ProfMan.dll MOD - [2009.10.05 20:23:28 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.05 20:23:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2005.06.01 14:21:08 | 000,151,552 | ---- | M] () -- C:\Programme\acer\Acer eConsole\MediaUtil.dll MOD - [2005.06.01 14:19:42 | 000,737,280 | ---- | M] () -- C:\Programme\acer\Acer eConsole\log4cxx.dll MOD - [2002.11.27 13:30:32 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.05.05 21:16:34 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.08.12 01:38:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.05.04 22:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2005.06.01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2002.11.27 13:30:30 | 000,065,536 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2001.11.29 17:10:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 10:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 10:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.07.22 18:27:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2008.11.29 16:00:58 | 000,114,496 | ---- | M] (Protection Technology Co.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv04.sys -- (prodrv04) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 20:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2006.04.21 17:10:34 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2005.06.08 08:31:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.03.23 20:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.03.04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys) DRV - [2004.09.13 11:58:10 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2004.09.13 11:54:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004.09.13 11:54:06 | 000,093,440 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2003.03.28 17:25:52 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2002.11.28 16:18:06 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2002.11.28 12:43:50 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ElbyVCD.sys -- (ElbyVCD) DRV - [2002.01.29 13:28:28 | 000,220,432 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2001.11.29 17:10:32 | 001,432,836 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\v90drv.sys -- (V90drv) DRV - [2001.11.29 17:10:28 | 000,033,028 | R--- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) DRV - [2001.11.29 17:10:26 | 000,175,160 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2001.11.29 17:10:20 | 000,607,732 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax) DRV - [2001.11.29 17:10:18 | 002,383,460 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2001.11.29 17:10:14 | 000,172,708 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.04.09 10:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.04.09 10:40:20 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AspireService] C:\Programme\acer\Acer eMode Management\AspireService.exe (Acer Inc.) O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [CloneDVDElbyDelay] C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [eRecoveryService] C:\Programme\acer\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [MediaSync] C:\Programme\acer\Acer eConsole\MediaSync.exe (Acer Inc.) O4 - HKLM..\Run: [Memeo AutoSync] C:\Programme\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [Memeo Instant Backup] C:\Programme\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A3B4C4-1C81-491A-A870-079F84CA1E40}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.10.22 07:38:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.15 19:02:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mayer\Recent [2012.05.14 21:53:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\SUPERAntiSpyware.com [2012.05.14 21:52:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2012.05.14 21:52:16 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2012.05.14 20:28:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\Sun [2012.05.14 20:21:26 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.05.14 20:20:54 | 000,000,000 | ---D | C] -- C:\Programme\Oracle [2012.05.14 20:20:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Oracle [2012.05.14 20:20:37 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.05.14 20:20:37 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.05.14 20:20:37 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.05.14 20:20:31 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.05.14 20:20:31 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.05.14 20:20:17 | 000,000,000 | ---D | C] -- C:\Programme\Java [2012.05.13 10:55:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Desktop\12-05-13_decrypter_v-0-5-3 [2012.05.12 21:51:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.05.12 21:49:10 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.12 20:43:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Malwarebytes [2012.05.12 20:43:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.12 20:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.05.12 20:43:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.12 20:42:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.08 22:02:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.08 21:48:38 | 000,000,000 | -HSD | C] -- C:\FOUND.007 [2012.05.08 20:21:32 | 000,000,000 | -HSD | C] -- C:\FOUND.006 [2012.05.08 20:15:19 | 001,036,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2012.05.08 20:00:48 | 000,000,000 | -HSD | C] -- C:\FOUND.005 [2012.05.08 19:42:46 | 000,000,000 | -HSD | C] -- C:\FOUND.004 ========== Files - Modified Within 30 Days ========== [2012.05.15 19:14:18 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.15 19:06:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2012.05.15 19:06:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.15 19:06:02 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2012.05.15 18:12:20 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml [2012.05.15 13:15:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.05.14 21:52:30 | 000,001,550 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.14 21:01:06 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Mayer\Desktop\Microsoft Office Word 2003.lnk [2012.05.14 20:34:12 | 000,001,617 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2012.05.14 20:20:26 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.05.14 20:20:26 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.05.14 19:35:14 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Office Outlook 2003.lnk [2012.05.13 13:04:40 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Mayer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.12 23:34:14 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.12 23:21:12 | 000,464,256 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.12 23:21:12 | 000,445,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.12 23:21:12 | 000,086,638 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.12 23:21:12 | 000,072,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.05.12 22:35:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.12 21:51:50 | 000,000,562 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.05.12 20:43:12 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.07 20:56:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.05.05 21:15:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.05.05 21:15:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.04.23 20:24:22 | 000,000,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Mayer\Desktop\Bike GPS RichTrack Factory.lnk [2012.04.20 23:00:46 | 000,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk ========== Files Created - No Company Name ========== [2012.05.14 21:52:28 | 000,001,550 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.14 21:33:45 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.05.14 21:01:05 | 000,002,509 | ---- | C] () -- C:\Dokumente und Einstellungen\Mayer\Desktop\Microsoft Office Word 2003.lnk [2012.05.14 20:29:01 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [2012.05.14 20:29:01 | 000,001,617 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2012.05.14 12:15:01 | 000,000,525 | ---- | C] () -- C:\hpfr3420.xml [2012.05.12 21:51:49 | 000,000,562 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.05.12 20:43:10 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.07 20:42:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.15 21:42:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll ========== LOP Check ========== [2006.11.04 19:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terzio [2008.01.23 19:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.10.05 19:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tanagra [2010.06.03 19:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eConsole [2011.04.30 23:35:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch [2011.09.20 16:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cornelsen [2011.10.10 19:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.10.10 19:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.10.10 19:44:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011.10.30 14:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase6 [2011.11.06 19:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MemeoCommon [2008.01.23 19:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\T-Online [2009.03.08 18:34:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\FWU-USM [2011.03.14 23:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Navigram [2011.08.01 20:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1 [2011.10.10 19:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\PC Suite [2011.11.06 19:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Leadertech [2011.11.06 19:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Memeo [2012.04.09 10:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Nokia [2012.05.14 20:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mayer\Anwendungsdaten\Oracle [2006.11.19 17:13:26 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1145632241.job ========== Purity Check ========== < End of report > b) hier die EXTRAS.TXT: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2012 19:12:20 - Run 3 OTL by OldTimer - Version 3.2.42.3 Folder = F:\12-05-12_2_otl_von_oldtimer_anwendung Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 52,49 Mb Available Physical Memory | 10,26% Memory free 1,22 Gb Paging File | 0,57 Gb Available in Paging File | 47,05% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,65 Gb Total Space | 48,92 Gb Free Space | 67,34% Space Free | Partition Type: FAT32 Drive D: | 73,43 Gb Total Space | 9,95 Gb Free Space | 13,55% Space Free | Partition Type: FAT32 Drive F: | 29,64 Mb Total Space | 6,19 Mb Free Space | 20,88% Space Free | Partition Type: FAT Computer Name: ACER-6655572C9F | User Name: Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Acer\Acer eConsole\MediaSync.exe" = C:\Programme\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer -- (Acer Inc.) "C:\Programme\Acer\Acer eConsole\eConsole.exe" = C:\Programme\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole -- (Acer Inc.) "C:\Programme\Acer\Acer eConsole\MediaServerService.exe" = C:\Programme\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server -- (Acer Inc.) "C:\Programme\Tecnomatix\eMPower\Tune.exe" = C:\Programme\Tecnomatix\eMPower\Tune.exe:*:Disabled:Tecnomatix eMPower Application "C:\Programme\ADAC\ACCF2006_1\ADAC_Browser.exe" = C:\Programme\ADAC\ACCF2006_1\ADAC_Browser.exe:*:Enabled:ADAC_Browser "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Google\Google Earth\PLUGIN\geplugin.exe" = C:\Programme\Google\Google Earth\PLUGIN\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Camera Window "{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}" = Acer eMode Management "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2 "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc "{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon Camera WIA Driver "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = CIG "{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon Camera WIA Driver "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}" = Acer eConsole "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ATI Display Driver" = ATI Display Driver "Bike GPS RichTrack Factory_is1" = Bike GPS RichTrack Factory 3.2.9.3 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CCleaner" = CCleaner "CloneCD" = CloneCD "CloneDVD" = CloneDVD "CSCLIB" = Canon Camera Support Core Library "EOS Utility" = Canon Utilities EOS Utility "Google Updater" = Google Updater "HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series "ie8" = Windows Internet Explorer 8 "InCD!UninstallKey" = InCD "InstallShield_{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2 "InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber "InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7 "InstallShield_{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon PowerShot G3 WIA-Treiber "InstallShield_{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = Canon Internet Library for ZoomBrowser EX "InstallShield_{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon IXY 320, PowerShot S230, IXUS v3 WIA-Treiber "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mama Muh Winter" = Mama Muh Winter "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mp3tag" = Mp3tag "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyCamera" = Canon Utilities MyCamera "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "MyCameraDC" = Canon Utilities MyCamera DC "Nero - Burning Rom!UninstallKey" = Nero 6 "Nokia Suite" = Nokia Suite "OutlookTunerLite" = OutlookTunerLite "PhotoRecord" = Canon PhotoRecord "PhotoStitch" = Canon Utilities PhotoStitch "QuickTime" = QuickTime "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SLAMRNTV" = NetoDragon 56K Voice Modem "VLC media player" = VLC media player 1.1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "Zahlenbuch 3" = Zahlenbuch 3 "Zahlenbuch 4" = Zahlenbuch 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.05.2012 14:15:00 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.05.2012 14:23:26 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.05.2012 14:38:55 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.05.2012 14:50:33 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.05.2012 14:57:40 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.05.2012 15:03:28 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.05.2012 15:33:56 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.05.2012 15:47:19 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 15.05.2012 12:56:24 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = Error - 15.05.2012 13:06:26 | Computer Name = ACER-6655572C9F | Source = MemeoBackgroundService | ID = 0 Description = [ System Events ] Error - 14.05.2012 15:05:24 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "Acer Media Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:24 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:24 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:24 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "T-Online WLAN Adapter Steuerungsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:24 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "MemeoBackgroundService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:25 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "SmartLinkService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:25 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "Seagate Dashboard Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:25 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:25 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "InCD Helper" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2012 15:05:25 | Computer Name = ACER-6655572C9F | Source = Service Control Manager | ID = 7034 Description = Dienst "ServiceLayer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > Haben wir es schon geschafft ??? Grüße und schon mal vielen Dank. Geändert von edgar_bilumi (15.05.2012 um 19:06 Uhr) |
16.05.2012, 08:37 | #8 | |
/// Helfer-Team | Windows-Verschlüsselungs-Trojaner unter Windows XPZitat:
Code:
ATTFilter :OTL :Files C:\hpfr3420.xml C:\WINDOWS\tasks\Google Software Updater.job ipconfig /flushdns /c :Commands [purity] [emptytemp]
► Gibt es Probleme beim alltäglichen Einsatz mit dem Rechner?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
16.05.2012, 20:05 | #9 |
| Windows-Verschlüsselungs-Trojaner unter Windows XP Hallo kira! Danke für Deine Nachricht. Heute gibts nicht viel zu tun für uns. Hier die OTL-Logfile: Code:
ATTFilter All processes killed ========== OTL ========== ========== FILES ========== C:\hpfr3420.xml moved successfully. C:\WINDOWS\tasks\Google Software Updater.job moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. F:\12-05-12_2_otl_von_oldtimer_anwendung\cmd.bat deleted successfully. F:\12-05-12_2_otl_von_oldtimer_anwendung\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Mayer ->Temp folder emptied: 174583 bytes ->Temporary Internet Files folder emptied: 153904565 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1037 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 147,00 mb OTL by OldTimer - Version 3.2.42.3 log created on 05162012_204622 Files\Folders moved on Reboot... Registry entries deleted on Reboot... 1) Beim Neustarten bleibt der PC manchmal hängen, bzw. man muss mehrmals auf Neustart klicken, bis er dies ausführt!?! Kann man dagegen was machen??? Ansonsten fällt uns nichts weiteres an unserem PC negativ auf!!! 2) Haben wir es nun geschafft, unseren PC vollständig zu säubern??? 3) Dürfen wir nun die verschlüsselten Bilder- & Videodateien von der Festplatte entfernen??? 4) Dürfen wir die "Virus-Mail" aus unserem Posteingang von Outlook entfernen??? Grüße und vielen Dank. Geändert von edgar_bilumi (16.05.2012 um 20:11 Uhr) |
16.05.2012, 22:50 | #10 | |||
/// Helfer-Team | Windows-Verschlüsselungs-Trojaner unter Windows XPZitat:
Zitat:
Zitat:
1. Sollte man von Zeit zu Zeit die Inbox komprimieren: Starte dein Mailprogramm, lösche den Inhalt aus der Inbox und leere dann den Papierkorb deines Mail-Programms: 1. alle Mails aus Inbox löschen 2. Mülleimer leeren 3. Inbox komprimieren - (im Menü Datei, Alle Ordner des Kontos komprimieren) 2. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner 3. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
4. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
5. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 6. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! 7. lade Dir HijackThis 2.0.4 von *von hier* herunter HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Windows-Verschlüsselungs-Trojaner unter Windows XP |
boot-cd, hallo zusammen, unter windows xp, windows xp, windows-verschlüsselungs-trojaner, zusammen |