| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC wird als Spamsender mißbraucht Canadian PharmacyWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.05.2012, 01:28
| #7 |
 |  PC wird als Spamsender mißbraucht Canadian Pharmacy Also abgesicherter Modus hat funktioniert. Hier die Ergebnisse. zu 1) Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-12 21:55:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD2500AAKS-00VSA0 rev.01.01B01
Running: c5sq1hwy.exe; Driver: C:\DOKUME~1\Mona\LOKALE~1\Temp\uwncqfob.sys
---- System - GMER 1.0.15 ----
SSDT 89E0F0B8 ZwAlertResumeThread
SSDT 89E1B908 ZwAlertThread
SSDT 89FF16D0 ZwAllocateVirtualMemory
SSDT 89DF1170 ZwAssignProcessToJobObject
SSDT 897226F0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAC304710]
SSDT 8938A700 ZwCreateMutant
SSDT 89381700 ZwCreateSymbolicLinkObject
SSDT 89EF8E08 ZwCreateThread
SSDT 89DF6CB0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAC304990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAC304EF0]
SSDT 89DD79C0 ZwDuplicateObject
SSDT 8A23DE40 ZwFreeVirtualMemory
SSDT 89E0C0A8 ZwImpersonateAnonymousToken
SSDT 89E0C5D8 ZwImpersonateThread
SSDT 89DDA288 ZwLoadDriver
SSDT 89EF2EE0 ZwMapViewOfSection
SSDT 89E0C070 ZwOpenEvent
SSDT 89DDE408 ZwOpenProcess
SSDT 89E25DC8 ZwOpenProcessToken
SSDT 89E01D00 ZwOpenSection
SSDT 89DDA0E8 ZwOpenThread
SSDT 89383700 ZwProtectVirtualMemory
SSDT 89E1B9E0 ZwResumeThread
SSDT 8A008C30 ZwSetContextThread
SSDT 89D4D270 ZwSetInformationProcess
SSDT 89DF7BE8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAC305140]
SSDT 89E040E8 ZwSuspendProcess
SSDT 89E207A8 ZwSuspendThread
SSDT 89E25E30 ZwTerminateProcess
SSDT 89E20880 ZwTerminateThread
SSDT 8A008E08 ZwUnmapViewOfSection
SSDT 8A011960 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 257C 80501D8C 4 Bytes CALL D0D9FB31
.text ntkrnlpa.exe!ZwCallbackReturn + 273C 80501F4C 4 Bytes [E8, 7B, DF, 89]
.text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501F80 8 Bytes [E8, 40, E0, 89, A8, 07, E2, ...] {CALL 0xffffffffa889e045; POP ES; LOOP 0xffffffffffffff91}
? plcxx.sys Das System kann die angegebene Datei nicht finden. !
.text atapi.sys B9F10852 1 Byte [CC] {INT 3 }
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB94A1360, 0x30ACA7, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:452] 89E690F4
Thread System [4:2888] AABF6E80
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500AAKS-00VSA0 rev.01.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A0584B1]<<
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x8A219AB8]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000077[0x8A2DB610]
5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Ide\IdeDeviceP2T0L0-e[0x8A23ED98]
kernel: MBR read successfully
user & kernel MBR OK
Code:
ATTFilter All processes killed
========== OTL ==========
No active process named DAT99B.tmp.exe was found!
Service qfxzfqtfzhz stopped successfully!
Service qfxzfqtfzhz deleted successfully!
C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Temp\DAT99B.tmp.exe moved successfully.
Error: No service named rxrulo was found to stop!
Service\Driver key rxrulo not found.
File C:\WINDOWS\system32\drivers\plcxx.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\drivers\plcxx.sys not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Mona\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Mona\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 92172 bytes
->Temporary Internet Files folder emptied: 1713969 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 93167 bytes
User: Mona
->Temp folder emptied: 1475017957 bytes
->Temporary Internet Files folder emptied: 13162408 bytes
->Java cache emptied: 3261847 bytes
->Flash cache emptied: 470 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1259959 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30953060 bytes
RecycleBin emptied: 1093410617 bytes
Total Files Cleaned = 2.498,00 mb
OTL by OldTimer - Version 3.2.42.3 log created on 05122012_234348
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Java6 Aktuallisierung 22 höher ging zur Zeit nicht. zu5) erledigt 9.5.1 zu6) zu Herzen genommen, Cache wird immer schon beim Beenden des IE gelöscht. zu7) ebenfalls erledigt zu8) Code:
ATTFilter OTL logfile created on: 13.05.2012 01:09:33 - Run 2 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Dokumente und Einstellungen\Mona\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 74,59% Memory free 4,59 Gb Paging File | 4,05 Gb Available in Paging File | 88,23% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 29,18 Gb Free Space | 59,77% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 48,59 Gb Free Space | 99,51% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 45,73 Gb Free Space | 93,66% Space Free | Partition Type: NTFS Drive F: | 48,83 Gb Total Space | 48,53 Gb Free Space | 99,38% Space Free | Partition Type: NTFS Drive G: | 37,57 Gb Total Space | 37,22 Gb Free Space | 99,09% Space Free | Partition Type: NTFS Computer Name: RAMONA-59694EC3 | User Name: Mona | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.12 09:35:41 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mona\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.22 11:17:30 | 004,212,344 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Browser\browser.exe PRC - [2011.11.08 21:51:22 | 000,796,080 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe PRC - [2011.11.08 21:51:22 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe PRC - [2011.11.08 21:51:20 | 001,226,152 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe PRC - [2010.05.14 12:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2007.01.09 15:40:00 | 000,368,640 | ---- | M] (fun communications GmbH, hxxp://www.fun.de) -- C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe PRC - [2004.12.16 02:04:00 | 000,229,376 | ---- | M] (AVM Berlin) -- C:\Programme\ComCenter\IWatch.exe ========== Modules (No Company Name) ========== MOD - [2012.05.12 13:37:01 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_06621527\system.drawing.dll MOD - [2012.05.12 13:36:55 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7a37a1b2\system.windows.forms.dll MOD - [2012.05.12 13:36:44 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012.01.21 21:29:43 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a62a07d9\mscorlib.dll MOD - [2012.01.21 21:29:35 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6241af2d\system.xml.dll MOD - [2012.01.21 21:29:20 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e0055f98\system.dll MOD - [2012.01.21 21:29:10 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.01.21 21:29:09 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.07.07 23:39:06 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll MOD - [2008.07.07 23:39:06 | 000,006,144 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcprsc.resources.dll MOD - [2008.07.07 23:39:02 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll MOD - [2008.07.07 23:39:02 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz.resources\3.0.0.0_de_a53cf5803f4c3827\hpqietpz.resources.dll MOD - [2008.07.07 23:38:39 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll MOD - [2008.07.07 23:38:39 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_de_a53cf5803f4c3827\hpqisrtb.resources.dll MOD - [2008.07.07 23:38:20 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll MOD - [2008.07.07 23:38:20 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll MOD - [2008.07.07 23:38:20 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll MOD - [2008.07.07 23:38:20 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll MOD - [2008.07.07 23:38:19 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll MOD - [2008.07.07 23:38:19 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_de_a53cf5803f4c3827\hpqtray.resources.dll MOD - [2008.07.07 23:38:19 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll MOD - [2008.07.07 23:38:19 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll MOD - [2008.07.07 23:38:19 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll MOD - [2008.07.07 23:38:19 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll MOD - [2008.07.07 23:38:19 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll MOD - [2008.07.07 23:38:19 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll MOD - [2008.07.07 23:38:19 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll MOD - [2008.07.07 23:38:19 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqfmrsc.resources.dll MOD - [2008.07.07 23:37:22 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll MOD - [2008.07.07 23:37:22 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll MOD - [2008.07.07 23:37:22 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll MOD - [2008.07.07 23:37:22 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll MOD - [2008.07.07 23:37:22 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll MOD - [2008.07.07 23:37:22 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll MOD - [2008.07.04 10:14:49 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2008.07.04 10:13:52 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.11.08 23:52:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2005.07.20 14:34:08 | 000,700,497 | ---- | M] () -- C:\Programme\T-Online\T-Online_Software_6\Notifier\libcurl.dll MOD - [2004.04.16 17:45:52 | 000,143,360 | ---- | M] () -- C:\Programme\T-Online\T-Online_Software_6\Notifier\libexpat.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.04.08 10:24:43 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2007.01.09 18:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2004.03.18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.05.10 21:26:14 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120511.021\NAVEX15.SYS -- (NAVEX15) DRV - [2012.05.10 21:26:14 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120511.021\NAVENG.SYS -- (NAVENG) DRV - [2012.04.28 02:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120511.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.02.04 12:43:33 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.02.04 12:43:33 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.05.11 15:02:17 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.04.21 03:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symtdi.sys -- (SYMTDI) DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtsp.sys -- (SRTSP) DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symefa.sys -- (SymEFA) DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symds.sys -- (SymDS) DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\ironx86.sys -- (SymIRON) DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007.03.06 06:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.03.06 06:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.03.01 11:27:26 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.16 02:50:32 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006.10.04 10:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.11.29 02:00:00 | 000,547,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) Eumex 400 (WinXP/2000) DRV - [2004.11.29 02:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 F9 B0 AB 93 30 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.11 09:23:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_7_5 [2012.05.13 01:00:58 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.05.11 12:10:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\ComCenter\IWatch.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222251871 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E2BA84-C660-4113-BE28-195EC46D23F5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.04 09:58:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.13 00:57:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mona\Recent [2012.05.13 00:51:25 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2012.05.13 00:51:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.12 22:01:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.12 09:42:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.05.12 09:42:14 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.05.12 09:35:39 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mona\Desktop\OTL.exe [2012.05.12 08:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\Malwarebytes [2012.05.12 08:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.12 08:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.05.12 08:58:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.12 08:58:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.12 02:46:08 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Mona\Startmenü\Programme\Verwaltung [2012.05.11 22:39:52 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2012.05.11 22:39:43 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2012.05.11 21:53:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Anwendungsdaten\NPE [6 C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.13 02:07:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA517E7C-586C-47AD-B8A2-3E13E5BA824F}.job [2012.05.13 01:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.13 01:00:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.13 00:49:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.12 21:58:49 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe [2012.05.12 21:02:12 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Mona\Desktop\ui0o05xs.exe [2012.05.12 13:36:06 | 000,459,532 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.12 13:36:06 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.12 13:36:06 | 000,084,914 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.12 13:36:06 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.05.12 09:35:41 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mona\Desktop\OTL.exe [2012.05.12 02:45:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mona\defogger_reenable [2012.05.11 22:22:13 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.11 22:10:11 | 000,000,209 | -HS- | M] () -- C:\boot.ini [2012.05.11 14:14:34 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Mona\Desktop\Microsoft Word.lnk [2012.05.11 12:10:04 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.05.05 15:00:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [6 C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Mona\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.13 00:54:14 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [2012.05.12 21:59:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe [2012.05.12 21:02:11 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Desktop\ui0o05xs.exe [2012.05.12 20:54:41 | 000,144,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2012.05.12 02:45:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\defogger_reenable [2012.05.11 12:27:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.05.11 12:27:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2011.06.07 18:00:36 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.03.04 11:45:55 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\winscp.rnd [2011.03.04 11:43:22 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2011.02.27 19:45:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2010.11.20 16:00:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.10.27 11:38:58 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Mona\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.10.27 11:33:56 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini ========== LOP Check ========== [2011.06.07 18:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.03.27 11:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Eumex 400 [2010.03.27 10:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2008.07.07 22:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2009.09.30 22:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2009.03.10 20:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.03.10 18:45:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online_ZusatzSoftware [2011.06.07 18:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\Canneverbe Limited [2010.03.27 10:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\ComCenter [2010.03.27 11:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\Eumex 400 [2009.03.10 20:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mona\Anwendungsdaten\T-Online [2012.05.13 02:07:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA517E7C-586C-47AD-B8A2-3E13E5BA824F}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.05.2012 01:09:33 - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Dokumente und Einstellungen\Mona\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 74,59% Memory free
4,59 Gb Paging File | 4,05 Gb Available in Paging File | 88,23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 29,18 Gb Free Space | 59,77% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 48,59 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 45,73 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 48,53 Gb Free Space | 99,38% Space Free | Partition Type: NTFS
Drive G: | 37,57 Gb Total Space | 37,22 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: RAMONA-59694EC3 | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
https [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = T-Online Banking Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{6E448242-1967-4470-A3F5-FFB62B341D8F}" = 2600
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}" = 2600_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}" = 2600Trb
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"AccessRuntime2000_is1" = Access Runtime 2000
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"ComCenter 1.0" = ComCenter
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"T-Com Konfigurator Eumex 400" = T-Com Konfigurator Eumex 400
"T-Online Fotoservice" = T-Online Fotoservice
"VLC media player" = VLC media player 0.9.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.03.2012 03:36:19 | Computer Name = RAMONA-59694EC3 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 06.03.2012 02:25:11 | Computer Name = RAMONA-59694EC3 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 23.03.2012 05:45:41 | Computer Name = RAMONA-59694EC3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x00095b62.
Error - 30.03.2012 05:22:25 | Computer Name = RAMONA-59694EC3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x00067978.
Error - 30.03.2012 06:02:55 | Computer Name = RAMONA-59694EC3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2012 09:37:53 | Computer Name = RAMONA-59694EC3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 11.04.2012 12:05:12 | Computer Name = RAMONA-59694EC3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 11.04.2012 13:27:40 | Computer Name = RAMONA-59694EC3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.50.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.04.2012 12:59:43 | Computer Name = RAMONA-59694EC3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 11.0.5721.5145, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.04.2012 01:03:44 | Computer Name = RAMONA-59694EC3 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 12.05.2012 17:38:08 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12.05.2012 17:38:33 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12.05.2012 17:38:35 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 12.05.2012 17:39:23 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 12.05.2012 17:40:21 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12.05.2012 17:41:37 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12.05.2012 17:42:58 | Computer Name = RAMONA-59694EC3 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AmdK8 BHDrvx86 eeCtrl Fips pavboot SRTSPX SymIRON SYMTDI
Error - 12.05.2012 17:43:26 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 12.05.2012 17:44:39 | Computer Name = RAMONA-59694EC3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12.05.2012 18:39:21 | Computer Name = RAMONA-59694EC3 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SPEEDPORT.IP",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{85E2BA84-C660-4-Transport zu
sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
< End of report >
Hilft mir bzw. meiner Freundin das Malware Programm? danke erstmal bis hierhin |
| Themen zu PC wird als Spamsender mißbraucht Canadian Pharmacy |
| adapter, adobe, adobe flash player, aufrufe, browser, cdburnerxp, dateien, diverse, dll, dllcache, einstellungen, explorer, flash player, google, helper, mailaccount, notification, pdf, plug-in, prozesse, rundll, security, software, super, svchost, symantec, system, temp, windows xp, wlan, öffnet |
Baum-Darstellung