| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.03.2013, 16:20
| #1 |
 |  Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED) Guten Tag, hatte heute mittag das folgende Problem: Habe mich in meinen Online-Banking-Account angemeldet und dann kam die Aufforderung eine Testüberweisung durchzuführen, was ich dann allerdings nicht getan habe. Stattdessen wollte ich auf dem Nutzer-Account meines Computers einen Malwarebyte-Scan durchführen. Dieser konnte dort aber keine Verbindung zum Update-Server herstellen. Ich bin dann auf den Administrator-Account gewechselt und habe dort den Malwarebyte-FullScan durchgeführt. Dort wurden dann die im Titel aufgeführten Trojaner gefunden: Zbot.HEEP, Agent.MIXC und Zbot befanden sich im Ordner Anwendungsdaten auf dem Nutzer-Account und Agent.ED im Ordner Lokale Einstellungen/Temp/tmpa29125ea Habe diese Trojaner dann mit Malewarebyte entfernt und den Computer neu gestartet. Anschließend habe ich im Internet nach diesen Trojanern gesucht und bin auf dieses Forum gestoßen. Habe dann schon gelesen, dass diese Trojaner sehr schädlich sind und ich vermutlich das ganze System neu aufsetzen muss. Ist das tatsächlich so? Wie gehe ich nun am besten weiter vor? Bin ich derzeit wenigstens wieder sauber? Danke schon mal für weitere Hilfe! Hier die OTL.txt-Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.03.2013 15:27:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,95 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 77,08% Memory free 7,29 Gb Paging File | 6,76 Gb Available in Paging File | 92,73% Paging File free Paging file location(s): C:\pagefile.sys 4600 4600 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 30,88 Gb Free Space | 20,72% Space Free | Partition Type: NTFS Computer Name: MR-01-2009-04-N | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.29 15:26:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2013.02.19 08:45:45 | 000,104,488 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2013.02.19 08:34:56 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe PRC - [2013.02.15 11:59:38 | 000,701,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_168_Plugin.exe PRC - [2012.12.03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.09.08 09:47:15 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.10.02 22:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009.09.25 20:42:00 | 000,593,920 | ---- | M] ( ) -- C:\WINDOWS\system32\lmabcoms.exe PRC - [2008.10.09 10:25:40 | 000,062,760 | ---- | M] () -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe PRC - [2008.08.28 19:34:14 | 013,145,448 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Adobe\Adobe Bridge CS4\Bridge.exe PRC - [2008.04.14 06:53:04 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tcserver.exe PRC - [2008.04.14 06:52:58 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe PRC - [2008.04.14 06:52:52 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\keyboardsurrogate.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.07 13:55:40 | 000,647,168 | ---- | M] (Fujitsu Computer Systems) -- C:\Programme\Fujitsu\Utils\FjMenu.exe PRC - [2008.04.07 13:53:40 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjEvents.exe PRC - [2008.04.07 13:53:02 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Programme\Fujitsu\Utils\FjDspMon.exe PRC - [2008.03.14 13:09:56 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008.03.09 10:20:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.02.05 15:59:22 | 000,118,784 | R--- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\PSUtility\TrayManager.exe PRC - [2008.01.22 20:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2007.10.29 14:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007.10.04 18:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2006.07.22 09:10:08 | 000,233,472 | R--- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe PRC - [2006.07.21 16:14:00 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe PRC - [2006.05.25 09:19:50 | 000,061,440 | ---- | M] (WACOM) -- C:\WINDOWS\system32\digtizer.exe PRC - [2006.04.20 14:23:46 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2006.04.20 12:08:00 | 000,073,728 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2006.03.30 13:26:48 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens\NCWatch\NCWatch.exe PRC - [2005.09.13 07:30:00 | 000,057,344 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\o2flash.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2002.03.19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 11:59:38 | 014,717,808 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll MOD - [2013.02.15 10:03:11 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll MOD - [2013.01.16 10:14:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll MOD - [2013.01.16 10:13:47 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.16 10:13:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.16 10:13:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013.01.16 10:13:24 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.16 10:13:15 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2013.01.16 10:07:34 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2013.01.16 10:07:26 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll MOD - [2012.09.08 09:47:15 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.07.30 11:19:06 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll MOD - [2010.07.30 11:19:06 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll MOD - [2010.07.30 11:19:06 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll MOD - [2009.05.31 19:10:35 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009.02.27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2008.10.09 10:25:40 | 000,062,760 | ---- | M] () -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe MOD - [2008.08.28 16:54:56 | 000,891,904 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS4\FileInfo.dll MOD - [2008.08.28 16:54:56 | 000,502,272 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS4\AdobeXMPFiles.dll MOD - [2008.08.28 16:54:56 | 000,424,960 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS4\AdobeXMP.dll MOD - [2008.08.28 16:53:58 | 000,073,728 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS4\Symlib.dll MOD - [2008.08.28 16:47:50 | 002,748,416 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS4\libmysqld.dll MOD - [2008.05.06 09:45:00 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2008.04.07 13:55:42 | 000,040,960 | ---- | M] () -- C:\Programme\Fujitsu\Utils\ImageComboBox.dll MOD - [2008.04.07 13:55:40 | 000,053,248 | ---- | M] () -- C:\Programme\Fujitsu\Utils\AppletProxy.dll MOD - [2008.03.09 10:20:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2006.03.23 07:17:43 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll MOD - [2005.07.22 21:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll MOD - [2005.04.06 10:37:06 | 000,009,216 | ---- | M] () -- C:\WINDOWS\system32\gengpmon.dll MOD - [2002.03.19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2013.02.19 08:47:26 | 000,093,736 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2013.02.19 08:45:45 | 000,104,488 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2013.02.19 08:34:56 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2013.02.15 11:59:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.25 20:42:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lmabcoms.exe -- (lmab_device) SRV - [2009.01.28 14:46:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.09 10:25:40 | 000,062,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.03.09 10:20:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.05.25 09:19:50 | 000,061,440 | ---- | M] (WACOM) [Auto | Running] -- C:\WINDOWS\system32\digtizer.exe -- (Digitizer) SRV - [2006.03.30 13:26:48 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Fujitsu Siemens\NCWatch\NCWatch.exe -- (NCWatch) SRV - [2005.09.13 07:30:00 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.02.19 08:47:43 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter) DRV - [2013.02.19 08:45:01 | 000,152,192 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl) DRV - [2013.02.19 08:33:11 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2010.05.10 20:09:48 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2008.06.26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2008.06.17 13:16:22 | 000,476,672 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2008.06.12 02:23:00 | 000,101,848 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR) DRV - [2008.06.12 02:23:00 | 000,101,848 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS) DRV - [2008.04.29 16:09:56 | 000,108,032 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.04.17 16:33:00 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.03.27 11:42:00 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) DRV - [2008.03.25 16:24:22 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008.03.12 08:16:00 | 000,041,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.03.02 19:34:00 | 000,018,944 | ---- | M] (Fujitsu Computer Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FjBtnDrv.sys -- (Fjbtndrv) DRV - [2008.02.05 01:23:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.08.24 16:40:42 | 000,007,168 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FJGSDisk.sys -- (FJGSDisk) DRV - [2007.04.30 05:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2006.11.28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.09.01 07:56:44 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006.05.27 00:00:00 | 000,030,976 | ---- | M] (Wacom Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidpen.sys -- (hidpen) DRV - [2006.05.22 12:00:00 | 000,010,496 | ---- | M] (Beijing Senselock Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sense4v2.sys -- (sense4v2) DRV - [2006.02.21 11:07:14 | 001,106,952 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.11.19 21:18:10 | 000,117,874 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004.10.18 15:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2004.01.17 20:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001.08.02 06:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKCU\..\SearchScopes,DefaultScope = {428A22DD-CAD2-4181-85BF-735ACC4DC1C7} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{428A22DD-CAD2-4181-85BF-735ACC4DC1C7}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\npctrl.1.0.30109.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.05.05 15:34:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.05.05 15:34:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.08 09:47:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.09 10:08:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.19 09:48:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.05.05 15:34:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: E:\ThunderbirdPortable\App\Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: E:\ThunderbirdPortable\App\Thunderbird\plugins [2011.07.05 15:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.07.05 15:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.11 19:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Administrator\extensions [2010.09.15 11:34:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Administrator\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.06 22:59:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Administrator\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.11 19:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.08 09:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2012.09.08 09:33:07 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.08 09:47:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.30 07:33:40 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2010.09.19 19:53:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.30 07:33:40 | 000,002,253 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2008.05.14 19:23:30 | 000,239,307 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 8368 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ST Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ST Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe () O4 - HKLM..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found O4 - HKLM..\Run: [FjStrtAp] C:\Programme\Fujitsu\Utils\FjStrtAp.exe (Fujitsu Computer Systems Corp.) O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [run] C:\WINDOWS\System32\ccswow.exe () O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre7\bin\jusched.exe" File not found O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED) O4 - HKCU..\Run: [AdobeBridge] C:\Programme\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.) O4 - HKCU..\Run: [Xvid] C:\Programme\XviD\CheckUpdate.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2011\mshaktuell.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: daten ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: pc-service ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: software ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: swl ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: uni-bamberg.de ([daten] * in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: uni-bamberg.de ([portal.zuv] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: uni-bamberg.de ([software] * in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range80 ([*] in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range81 ([*] in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range82 ([*] in Vertrauenswürdige Sites) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280476154968 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03E44E03-7907-473D-B0D3-1ED3040AD9A6}: DhcpNameServer = 141.13.250.2 141.13.240.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26317D03-1ACD-462A-B116-C945E5A38860}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90A95BA3-B7AC-4746-829C-4A11F2809CC3}: DhcpNameServer = 141.13.250.2 141.13.240.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C58A9CCF-5891-4D71-8D8A-09F7922C0C57}: DhcpNameServer = 141.13.250.2 141.13.240.41 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\FJWSEL: DllName - (FJWSWNP.dll) - C:\WINDOWS\System32\FJWSWNP.dll (FUJITSU LIMITED) O20 - Winlogon\Notify\loginkey: DllName - (C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation) O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED) O24 - Desktop Components:0 (Ink Desktop) - {80E95280-2D38-3CB8-A215-FB5F14C4343E} O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\pc-service\Admin-Background_xp_01.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\pc-service\Admin-Background_xp_01.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.23 07:21:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{bd6e3f56-5542-11dc-a4b4-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{bd6e3f56-5542-11dc-a4b4-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bd6e3f56-5542-11dc-a4b4-806d6172696f}\Shell\AutoRun\command - "" = D:\Programs\nu2menu\nu2menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.29 15:26:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.29 15:26:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.03.29 15:25:15 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2013.03.29 15:23:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2013.03.29 15:08:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.03.29 14:46:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.29 14:46:55 | 3172,864,000 | -HS- | M] () -- C:\hiberfil.sys [2013.03.29 14:45:36 | 000,003,590 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FjMenu1.XML [2013.03.29 13:14:48 | 000,000,512 | RHS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.pol [2013.03.13 18:30:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.03.09 15:07:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.29 15:25:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2013.03.29 15:23:36 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.09.08 14:38:05 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2012.07.09 12:22:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2012.07.09 12:22:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011.05.13 11:21:46 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.02.26 18:12:22 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.28 10:34:31 | 000,003,590 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FjMenu1.XML [2008.04.03 09:33:02 | 000,000,043 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\gsview32.ini [2007.08.28 13:31:48 | 000,000,740 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2007.08.28 13:30:01 | 000,000,512 | RHS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.pol [2007.08.28 08:32:25 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\PUTTY.RND [2006.03.23 07:28:01 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.03.23 07:16:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.05.13 11:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service [2009.06.29 18:43:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2009.01.28 15:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CDBurnerXP_Soft [2009.01.28 15:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\com.adobe.ExMan [2009.05.19 08:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.05.05 15:34:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DDMSettings [2011.06.30 10:28:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox [2012.05.13 19:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoft [2012.05.13 19:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers [2007.08.27 12:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gotomaxx [2012.10.09 09:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2011.07.05 15:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird [2011.05.13 11:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.06.29 18:42:20 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2007.08.27 12:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gotomaxx [2012.10.09 10:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel [2008.04.02 14:22:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2013.02.19 08:37:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos [2011.01.26 22:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos Web Intelligence [2012.10.09 10:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS ========== Purity Check ========== < End of report > Hier die Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.03.2013 15:27:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,95 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 77,08% Memory free
7,29 Gb Paging File | 6,76 Gb Available in Paging File | 92,73% Paging File free
Paging file location(s): C:\pagefile.sys 4600 4600 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 30,88 Gb Free Space | 20,72% Space Free | Partition Type: NTFS
Computer Name: MR-01-2009-04-N | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"\\swl\wartung\WinVNC.exe" = \\swl\wartung\WinVNC.exe:*:Enabled:WinVNC.exe
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"\\141.13.14.237\wartung\winvnc4.exe" = \\141.13.14.237\wartung\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Programme\AnyLogic 6 Professional\jre\bin\javaw.exe" = C:\Programme\AnyLogic 6 Professional\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\AnyLogic 6 Professional\AnyLogic.exe" = C:\Programme\AnyLogic 6 Professional\AnyLogic.exe:*:Disabled:AnyLogic -- ()
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"\\141.13.14.237\wartung\winvnc\winvnc4.exe" = \\141.13.14.237\wartung\winvnc\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32
"C:\WINDOWS\system32\lmabcoms.exe" = C:\WINDOWS\system32\lmabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP Server -- ( )
"C:\Dokumente und Einstellungen\ba6vt08\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\ba6vt08\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation)
"C:\Programme\IBM\SPSS\Statistics\20\stats.com" = C:\Programme\IBM\SPSS\Statistics\20\stats.com:*:Disabled:Statistics20:com -- (IBM Corp.)
"C:\Programme\IBM\SPSS\Statistics\20\stats.exe" = C:\Programme\IBM\SPSS\Statistics\20\stats.exe:*:Disabled:Statistics20:exe -- (IBM Corp.)
"C:\Programme\IBM\SPSS\Statistics\20\WinWrapIDE.exe" = C:\Programme\IBM\SPSS\Statistics\20\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (IBM Corp.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = maxx PDFMAILER
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}" = Microsoft Reader
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{12FDAA4D-A9DF-4057-A420-A056E36B4610}" = Fujitsu System Extension Utility
"{147A70F5-1F62-4235-8CA7-159E0A20931B}" = Erweiterungen für Microsoft Windows XP Tablet PC Edition
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15C418EB-7675-42BE-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E8B60-07D2-4B7F-97FE-0DA448606861}" = Fujitsu Button Utilities
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{272979FC-6D4A-4C25-B71A-32DD4974A022}" = Fujitsu Hotkey Utility
"{28892626-C9AA-4C41-B17B-ED4A99221202}" = Fujitsu Display Manager
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377B0725-8AA2-47AB-9F31-E2C4CFBE0F47}" = LINGO 11.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4463FE76-D725-4DDA-A2BA-607011EEE498}" = OZ711 SCR Driver V3.0.1.6
"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{5337BED2-73A0-4EB8-A33C-91DFD4C2F82D}" = Fujitsu Pen Service
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{79821CAD-999C-443D-B420-96F914C84E27}" = Power Saving Utility
"{7A85D628-B8BE-4BC5-BC5C-E4FD91D90502}" = Fujitsu Button Driver Component
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C26E186-E649-4A01-B8EC-DDEF5E454389}" = Fingerprint Sensor Minimum Install
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46A496D-C3DC-4126-A69E-1DE005A637D4}" = IBM SPSS Statistics 20
"{B8478384-7F89-4CDB-B692-6BA981769429}" = NetworkConnectionWatcher
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BF91B0A2-52DC-4230-B44F-7C34FA861D41}" = Wireless Selector
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.6
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F2F4E6A9-D91A-4F24-BA30-9B8861F70B93}" = LINGO 10.0
"{F34C74C3-077A-4A56-B4C0-71C4DB6D4933}" = O2Micro Flash Memory Card Windows Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"66E7D038E1F9BEA2EBDF90804718442328FF88DA" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnyLogic 6 Professional" = AnyLogic 6.5.0 Professional
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crimson Editor" = Crimson Editor (remove only)
"DivX Setup.divx.com" = DivX-Setup
"DSMT6" = MathType 6
"FastStone Capture" = FastStone Capture 5.3
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.0.9.3
"fjbtndrv_2ba5b847cf34ba3d71166b42646303073a71e6b2" = Windows Driver Package - Fujitsu Computer Systems Corporation (FjBtnDrv) HIDClass 03/29/2006 2.0.0329.2006
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.22.602
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{28892626-C9AA-4C41-B17B-ED4A99221202}" = Fujitsu Display Manager
"InstallShield_{4463FE76-D725-4DDA-A2BA-607011EEE498}" = OZ711 SCR Driver V3.0.1.6
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"InstallShield_{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"InstallShield_{79821CAD-999C-443D-B420-96F914C84E27}" = Power Saving Utility
"InstallShield_{BF91B0A2-52DC-4230-B44F-7C34FA861D41}" = Wireless Selector
"InstallShield_{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"InstallShield_{F34C74C3-077A-4A56-B4C0-71C4DB6D4933}" = O2Micro Flash Memory Card Windows Driver
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.5 Full
"Lexmark_HostCD" = Lexmark Software deinstallieren
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSet" = Intel(R) Network Connections Drivers
"Softonic_Deutsch Toolbar" = Softonic Deutsch Toolbar
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.0.3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2013 06:22:14 | Computer Name = MR-01-2009-04-N | Source = FjLogEvt | ID = 52
Description = FjLidMon.exe : Register: Unknown retc (2)
Error - 29.03.2013 08:14:53 | Computer Name = MR-01-2009-04-N | Source = FjLogEvt | ID = 52
Description = FjLidMon.exe : Register: Unknown retc (2)
Error - 29.03.2013 09:46:59 | Computer Name = MR-01-2009-04-N | Source = Sophos Anti-Virus | ID = 327700
Description = Konfigurationsdatei 'C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Sophos
Anti-Virus\Config\factory.xml' konnte nicht aktualisiert werden.
Error - 29.03.2013 09:46:59 | Computer Name = MR-01-2009-04-N | Source = Sophos Anti-Virus | ID = 327701
Description = Die beschädigte Konfigurationsdatei 'C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Sophos\Sophos Anti-Virus\Config\factory.xml' konnte nicht
neu erstellt werden.
Error - 29.03.2013 09:46:59 | Computer Name = MR-01-2009-04-N | Source = Sophos Anti-Virus | ID = 327690
Description = Die Konfigurationsdatei 'C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Sophos
Anti-Virus\Config\bootstrap.xml' kann nicht geladen werden: Ungültiger Zeiger.
Error - 29.03.2013 09:46:59 | Computer Name = MR-01-2009-04-N | Source = Sophos Anti-Virus | ID = 131086
Description = Fehler bei der Konfiguration von ConfigurationManager.
Error - 29.03.2013 09:46:59 | Computer Name = MR-01-2009-04-N | Source = Sophos Anti-Virus | ID = 196631
Description = Fehler beim Anfordern der Komponente ConfigurationManager vom ComponentManager.
Error - 29.03.2013 09:46:59 | Computer Name = MR-01-2009-04-N | Source = Sophos Anti-Virus | ID = 196608
Description = Ausnahme entdeckt in CInfrastructureModule::PreMessageLoop.
Error - 29.03.2013 09:49:24 | Computer Name = MR-01-2009-04-N | Source = FjLogEvt | ID = 52
Description = FjLidMon.exe : Register: Unknown retc (2)
Error - 29.03.2013 10:22:03 | Computer Name = MR-01-2009-04-N | Source = FjLogEvt | ID = 52
Description = FjLidMon.exe : Register: Unknown retc (2)
[ System Events ]
Error - 29.03.2013 08:56:13 | Computer Name = MR-01-2009-04-N | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 29.03.2013 08:56:16 | Computer Name = MR-01-2009-04-N | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 29.03.2013 08:56:20 | Computer Name = MR-01-2009-04-N | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 29.03.2013 08:56:23 | Computer Name = MR-01-2009-04-N | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 29.03.2013 08:56:26 | Computer Name = MR-01-2009-04-N | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 29.03.2013 09:06:45 | Computer Name = MR-01-2009-04-N | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 29.03.2013 09:06:48 | Computer Name = MR-01-2009-04-N | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 29.03.2013 09:47:24 | Computer Name = MR-01-2009-04-N | Source = SAVOnAccessFilter | ID = 3997749
Description = Der On-Access-Treiber kontte keine Verbindung zu \Device\ADVirtualDisk\Volume
herstellen, da die Ein-/Ausgabemethode nicht unterstützt wird.
Error - 29.03.2013 09:47:32 | Computer Name = MR-01-2009-04-N | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 29.03.2013 09:47:32 | Computer Name = MR-01-2009-04-N | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
iaStor
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
< End of report >
Und hier die gmer-Datei: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit quick scan 2013-03-29 15:42:44 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB Running: gmer_2.1.19155.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pwlyykow.sys ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys ---- EOF - GMER 2.1 ---- |
| Themen zu Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED) |
| adware.shopperreports, browser, calculator, cdburnerxp, converter, erweiterungen, fehler, flash player, forged physical sector, homepage, java/exploit.agent.npj, java/exploit.cve-2011-3544.aw, java/trojandownloader.agent.nam, logfile, msiexec.exe, neu aufsetzen, plug-in, problem, registry, registry cleaner, senden, sparkasse virus online banking, system neu, tablet, trojan.agent.ed, trojan.agent.mixc, trojan.zbot, trojan.zbot.heep, trojaner, win32/adware.onestep.z, win32/agent.ujj, win32/kryptik.axog, windows internet, zbot trojaner |
Baum-Darstellung