| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen, weiß nicht ob System jetzt sauber...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.04.2010, 10:38
| #1 |
| |  Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hallo alle, ich bin hier bei einem Freund der sich mächtig was eingefangen hat. Nach eurer Beschreibung hab ich mal alle so nach und nach durchgeführt, allerdings weiß ich jetzt nicht ob das System sauber ist oder ob noch was gemacht werden muss. Danke schon mal Gruß Silver Hier mal Malware: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4020 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 22.04.2010 10:07:20 mbam-log-2010-04-22 (10-07-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 289167 Laufzeit: 59 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 49 Infizierte Registrierungswerte: 7 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 38 Infizierte Dateien: 1325 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Programme\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Programme\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Programme\Hotbar\bin\10.2.236.0 (Adware.Hotbar) -> Quarantined and deleted successfully. C:\WINDOWS.0\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Uninstall Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. info.txt logfile of random's system information tool 1.06 2010-04-22 10:11:25 ======Uninstall list====== -->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS.0\UNNeroBackItUp.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf Adobe Download Manager-->"C:\WINDOWS.0\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Adobe Shockwave Player 11.5-->C:\WINDOWS.0\system32\Adobe\uninstaller.exe ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A} Brother HL-2150N-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{75CEDF0C-6531-41CB-BE6F-D2B111E6B77A}\SETUP.exe" -l0x7 -removeonly /uninst Canon iP5300 Benutzerregistrierung-->C:\Programme\Canon\IJEREG\iP5300\UNINST.EXE Canon iP5300-->"C:\WINDOWS.0\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300 /L0x0007 Canon Setup Utility 2.3-->"C:\Programme\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.3\uninst.ini CCleaner-->"C:\Programme\CCleaner\uninst.exe" DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy-WebPrint-->C:\WINDOWS.0\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu eDrawings 2005-->MsiExec.exe /I{97917FA0-00C5-4351-AD6B-87AB99C52792} ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly ElsterFormular-->C:\Programme\ElsterFormular\uninstall.exe eXPert PDF 4-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02} FileZilla Client 3.1.3.1-->C:\Programme\FileZilla FTP Client\uninstall.exe Google Chrome-->"C:\Programme\Google\Chrome\Application\4.1.249.1059\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466} Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall GPU Caps Viewer v1.6.2-->"C:\Programme\oZone3D\GPU_Caps_Viewer_v1.6.2\unins000.exe" HASP SRM Run-time-->MsiExec.exe /X{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5} HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS.0\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS.0\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS.0\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS.0\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS.0\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS.0\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix für Windows XP (KB979306)-->"C:\WINDOWS.0\$NtUninstallKB979306$\spuninst\spuninst.exe" Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} MyPhoneExplorer-->C:\Programme\MyPhoneExplorer\uninstall.exe Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS.0\system32\nvudisp.exe UninstallGUI PowerQuest PartitionMagic 7.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe" Realtek AC'97 Audio-->Alcrmv.exe -r -m Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS.0\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS.0\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS.0\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS.0\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS.0\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS.0\$NtUninstallKB911564$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS.0\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS.0\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS.0\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS.0\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS.0\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS.0\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 9 (KB936782)-->"C:\WINDOWS.0\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS.0\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS.0\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS.0\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS.0\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS.0\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS.0\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS.0\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS.0\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS.0\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS.0\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS.0\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS.0\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS.0\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS.0\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS.0\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS.0\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS.0\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS.0\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS.0\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS.0\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS.0\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS.0\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS.0\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS.0\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS.0\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS.0\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS.0\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS.0\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS.0\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS.0\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS.0\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925902)-->"C:\WINDOWS.0\$NtUninstallKB925902$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS.0\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS.0\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS.0\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS.0\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS.0\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS.0\$NtUninstallKB928843$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS.0\$NtUninstallKB929123$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB930178)-->"C:\WINDOWS.0\$NtUninstallKB930178$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931261)-->"C:\WINDOWS.0\$NtUninstallKB931261$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB932168)-->"C:\WINDOWS.0\$NtUninstallKB932168$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS.0\$NtUninstallKB933729$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS.0\$NtUninstallKB935839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935840)-->"C:\WINDOWS.0\$NtUninstallKB935840$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB937894)-->"C:\WINDOWS.0\$NtUninstallKB937894$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938127)-->"C:\WINDOWS.0\$NtUninstallKB938127$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS.0\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS.0\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS.0\$NtUninstallKB943055$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943460)-->"C:\WINDOWS.0\$NtUninstallKB943460$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS.0\$NtUninstallKB943485$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS.0\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS.0\$NtUninstallKB944653$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS.0\$NtUninstallKB945553$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS.0\$NtUninstallKB946026$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS.0\$NtUninstallKB950749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS.0\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS.0\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS.0\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS.0\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS.0\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS.0\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS.0\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS.0\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS.0\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS.0\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS.0\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS.0\$NtUninstallKB956390$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS.0\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS.0\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS.0\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS.0\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS.0\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS.0\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS.0\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS.0\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS.0\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS.0\$NtUninstallKB958470$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS.0\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS.0\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS.0\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS.0\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS.0\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS.0\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS.0\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS.0\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS.0\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS.0\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS.0\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS.0\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS.0\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS.0\$NtUninstallKB963027$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS.0\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS.0\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS.0\$NtUninstallKB969897$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS.0\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS.0\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS.0\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS.0\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS.0\$NtUninstallKB971032$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS.0\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS.0\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS.0\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS.0\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS.0\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS.0\$NtUninstallKB971961$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS.0\$NtUninstallKB972260$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS.0\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS.0\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS.0\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS.0\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS.0\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS.0\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS.0\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS.0\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS.0\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS.0\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS.0\$NtUninstallKB974455$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS.0\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS.0\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS.0\$NtUninstallKB975467$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS.0\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS.0\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS.0\$NtUninstallKB975713$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS.0\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS.0\$NtUninstallKB977816$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS.0\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS.0\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS.0\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS.0\$NtUninstallKB978262$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS.0\$NtUninstallKB978338$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS.0\$NtUninstallKB978601$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS.0\$NtUninstallKB978706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS.0\$NtUninstallKB979309$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS.0\$NtUninstallKB979683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS.0\$NtUninstallKB980232$\spuninst\spuninst.exe" SolidWorks 2005 SP0-->MsiExec.exe /I{276C0170-2DA6-48BD-86C4-19EF6D832A98} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS.0\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS.0\ie8updates\KB973874-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS.0\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS.0\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS.0\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Update für Windows XP (KB894391)-->"C:\WINDOWS.0\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB898461)-->"C:\WINDOWS.0\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485)-->"C:\WINDOWS.0\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB908531)-->"C:\WINDOWS.0\$NtUninstallKB908531$\spuninst\spuninst.exe" Update für Windows XP (KB910437)-->"C:\WINDOWS.0\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB911280)-->"C:\WINDOWS.0\$NtUninstallKB911280$\spuninst\spuninst.exe" Update für Windows XP (KB916595)-->"C:\WINDOWS.0\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872)-->"C:\WINDOWS.0\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582)-->"C:\WINDOWS.0\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB925720)-->"C:\WINDOWS.0\$NtUninstallKB925720$\spuninst\spuninst.exe" Update für Windows XP (KB927891)-->"C:\WINDOWS.0\$NtUninstallKB927891$\spuninst\spuninst.exe" Update für Windows XP (KB930916)-->"C:\WINDOWS.0\$NtUninstallKB930916$\spuninst\spuninst.exe" Update für Windows XP (KB938828)-->"C:\WINDOWS.0\$NtUninstallKB938828$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS.0\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB955759)-->"C:\WINDOWS.0\$NtUninstallKB955759$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS.0\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS.0\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS.0\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"C:\WINDOWS.0\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS.0\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS.0\$NtUninstallKB973815$\spuninst\spuninst.exe" VarBox-Einzelplatz-->MsiExec.exe /I{506302FB-8A23-481B-B5BE-A9F7B6107D2D} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Viewpoint Manager (Remove Only)-->C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe /u Viewpoint Toolbar-->C:\Programme\Viewpoint\Viewpoint Toolbar\3.9.0\Uninstaller.exe /u /k /url "hxxp://www.viewpoint.com/pub/uninstallcompleted.html" VLC media player 0.9.6-->C:\Programme\VideoLAN\VLC\uninstall.exe WEB.DE Club E-Mail Alarm-->C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\Uninstall.exe WEB.DE SmartDrive Manager-->C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\uninst.exe Windows Imaging Component-->"C:\WINDOWS.0\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS.0\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS.0\ie8\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP-Hotfix - KB873339-->C:\WINDOWS.0\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835-->C:\WINDOWS.0\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836-->C:\WINDOWS.0\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185-->C:\WINDOWS.0\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302-->C:\WINDOWS.0\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859-->"C:\WINDOWS.0\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781-->C:\WINDOWS.0\$NtUninstallKB891781$\spuninst\spuninst.exe WinRAR-->C:\Programme\WinRAR\uninstall.exe xp-AntiSpy 3.96-4-->C:\Programme\xp-AntiSpy\Uninstall.exe ======Hosts File====== 89.149.249.180 www.google.com 89.149.249.180 www.google.de 89.149.249.180 www.google.fr 89.149.249.180 www.google.co.uk 89.149.249.180 www.google.com.br 89.149.249.180 www.google.it 89.149.249.180 www.google.es 89.149.249.180 www.google.co.jp 89.149.249.180 www.google.com.mx 89.149.249.180 www.google.ca ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: xxx-PC Event Code: 49 Message: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Record Number: 22542 Source Name: Ftdisk Time Written: 20100416112916.000000+120 Event Type: Fehler User: Computer Name: xxx-PC Event Code: 45 Message: Das System konnte den Treiber für das Speicherabbild nicht laden. Record Number: 22541 Source Name: Ftdisk Time Written: 20100416112916.000000+120 Event Type: Fehler User: Computer Name: xxx-PC Event Code: 1 Message: HASP License Manager starting Record Number: 22540 Source Name: hasplms Time Written: 20100416112905.000000+120 Event Type: Informationen User: Computer Name: xxx-PC Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 22539 Source Name: EventLog Time Written: 20100416112849.000000+120 Event Type: Informationen User: Computer Name: xxx-PC Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 22538 Source Name: EventLog Time Written: 20100416112849.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: xxx-PC Event Code: 0 Message: Record Number: 7395 Source Name: gusvc Time Written: 20091231072607.000000+060 Event Type: Informationen User: Computer Name: xxx-PC Event Code: 0 Message: Record Number: 7394 Source Name: gupdate1c95c52d66c1150 Time Written: 20091231072606.000000+060 Event Type: Informationen User: Computer Name: xx Event Code: 0 Message: Record Number: 7393 Source Name: gusvc Time Written: 20091230075952.000000+060 Event Type: Informationen User: Computer Name: xxx Event Code: 0 Message: Record Number: 7392 Source Name: gupdate1c95c52d66c1150 Time Written: 20091230075916.000000+060 Event Type: Informationen User: Computer Name: xxx Event Code: 0 Message: Record Number: 7391 Source Name: NMIndexingService Time Written: 20091230075856.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=1f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Log: Logfile of random's system information tool 1.06 (written by random/random) Run by xxx at 2010-04-22 10:11:17 Microsoft Windows XP Professional Service Pack 2 System drive C: has 24 GB (48%) free of 50 GB Total RAM: 2046 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:23, on 22.04.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS.0\system32\hasplms.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\nvsvc32.exe C:\WINDOWS.0\system32\IoctlSvc.exe C:\WINDOWS.0\system32\svchost.exe C:\Programme\Viewpoint\Common\ViewpointService.exe C:\WINDOWS.0\SOUNDMAN.EXE C:\Programme\Brownie\BrstsWnd.exe C:\WINDOWS.0\system32\wuauclt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\WINDOWS.0\system32\RUNDLL32.EXE C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\WINDOWS.0\System32\svchost.exe C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS.0\system32\wscntfy.exe C:\Dokumente und Einstellungen\*\Desktop\RSIT.exe C:\Programme\trend micro\Berthold_Ketterer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 89.149.249.180 www.google.com O1 - Hosts: 89.149.249.180 www.google.de O1 - Hosts: 89.149.249.180 www.google.fr O1 - Hosts: 89.149.249.180 www.google.co.uk O1 - Hosts: 89.149.249.180 www.google.com.br O1 - Hosts: 89.149.249.180 www.google.it O1 - Hosts: 89.149.249.180 www.google.es O1 - Hosts: 89.149.249.180 www.google.co.jp O1 - Hosts: 89.149.249.180 www.google.com.mx O1 - Hosts: 89.149.249.180 www.google.ca O1 - Hosts: 89.149.249.180 www.google.com.au O1 - Hosts: 89.149.249.180 www.google.nl O1 - Hosts: 89.149.249.180 www.google.co.za O1 - Hosts: 89.149.249.180 www.google.be O1 - Hosts: 89.149.249.180 www.google.gr O1 - Hosts: 89.149.249.180 www.google.at O1 - Hosts: 89.149.249.180 www.google.se O1 - Hosts: 89.149.249.180 www.google.ch O1 - Hosts: 89.149.249.180 www.google.pt O1 - Hosts: 89.149.249.180 www.google.dk O1 - Hosts: 89.149.249.180 www.google.fi O1 - Hosts: 89.149.249.180 www.google.ie O1 - Hosts: 89.149.249.180 www.google.no O1 - Hosts: 89.149.249.180 search.yahoo.com O1 - Hosts: 89.149.249.180 us.search.yahoo.com O1 - Hosts: 89.149.249.180 uk.search.yahoo.com O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Programme\Gemeinsame Dateien\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS.0\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; Hotbar 10.2.236.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.munichbears.de/" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} (DownloadCtrl Class) - https://stream.web.de/v/notify/Download.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1c95c52d66c1150) (gupdate1c95c52d66c1150) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS.0\system32\hasplms.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS.0\system32\IoctlSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe -- End of file - 9551 bytes ======Scheduled tasks folder====== C:\WINDOWS.0\tasks\Google Software Updater.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696] {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Programme\Gemeinsame Dateien\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll [2009-03-02 333208] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS.0\SOUNDMAN.EXE [2008-10-10 577536] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664] "NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] "BrStsWnd"=C:\Programme\Brownie\BrstsWnd.exe [2008-01-08 864256] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-01-04 136600] "vspdfprsrv.exe"=C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe [2006-05-04 998912] "NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2005-12-10 7311360] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS.0\system32\NvMcTray.dll [2005-12-10 86016] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-04 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-04 39408] "WEB.DE Club E-Mail Alarm"=C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe [2010-04-08 2153472] "WEB.DE_WEB.DE SmartDrive Manager"=C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [2008-07-29 1204224] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS.0\system32\Adobe\Shockwave 11\SwHelper_1150595.exe [2009-03-19 460216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS.0\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\fsetup.exe"="D:\fsetup.exe:*:Enabled:AVM FSetup Application" "C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe" "C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe" "C:\Programme\FRITZ!DSL\WebwaIgd.exe"="C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-04-22 10:11:17 ----D---- C:\rsit 2010-04-22 10:11:17 ----D---- C:\Programme\trend micro 2010-04-22 08:58:23 ----D---- C:\Programme\CCleaner 2010-04-22 08:50:27 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Malwarebytes 2010-04-22 08:50:19 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-22 08:50:19 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes 2010-04-21 22:45:00 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\QuickScan 2010-04-21 21:55:01 ----D---- C:\WINDOWS.0\system32\NtmsData 2010-04-21 21:54:44 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Avira 2010-04-21 21:49:05 ----D---- C:\Programme\Avira 2010-04-21 21:49:05 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira 2010-04-21 07:27:00 ----N---- C:\WINDOWS.0\system32\browserchoice.exe 2010-04-16 19:16:02 ----HDC---- C:\WINDOWS.0\$NtUninstallKB979683$ 2010-04-16 19:15:53 ----HDC---- C:\WINDOWS.0\$NtUninstallKB980232$ 2010-04-16 19:15:50 ----A---- C:\WINDOWS.0\system32\MRT.INI 2010-04-16 19:12:43 ----HDC---- C:\WINDOWS.0\$NtUninstallKB978338$ 2010-04-16 19:12:37 ----HDC---- C:\WINDOWS.0\$NtUninstallKB977816$ 2010-04-16 19:12:32 ----HDC---- C:\WINDOWS.0\$NtUninstallKB978601$ 2010-04-16 19:12:23 ----HDC---- C:\WINDOWS.0\$NtUninstallKB979309$ 2010-04-16 19:12:04 ----HDC---- C:\WINDOWS.0\$NtUninstallKB979402_WM9L$ 2010-04-06 22:14:33 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\elsterformular 2010-04-06 08:44:04 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\elsterformular ======List of files/folders modified in the last 1 months====== 2010-04-22 10:11:17 ----RD---- C:\Programme 2010-04-22 10:11:02 ----D---- C:\WINDOWS.0\Prefetch 2010-04-22 10:10:40 ----D---- C:\WINDOWS.0\Temp 2010-04-22 10:10:17 ----D---- C:\WINDOWS.0\system32\CatRoot2 2010-04-22 10:10:10 ----D---- C:\WINDOWS.0 2010-04-22 10:10:08 ----A---- C:\WINDOWS.0\Brownie.ini 2010-04-22 10:10:06 ----SD---- C:\WINDOWS.0\Tasks 2010-04-22 10:09:17 ----D---- C:\WINDOWS.0\system32\drivers 2010-04-22 10:08:10 ----A---- C:\WINDOWS.0\SchedLgU.Txt 2010-04-22 10:07:53 ----HDC---- C:\WINDOWS.0\$MSI31Uninstall_KB893803v2$ 2010-04-22 10:07:13 ----D---- C:\WINDOWS.0\system32 2010-04-22 09:01:59 ----D---- C:\WINDOWS.0\Debug 2010-04-22 09:01:58 ----D---- C:\WINDOWS.0\Minidump 2010-04-22 08:26:13 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Google Updater 2010-04-22 08:25:13 ----D---- C:\WINDOWS.0\Registration 2010-04-21 21:55:07 ----HD---- C:\WINDOWS.0\inf 2010-04-21 21:55:01 ----D---- C:\WINDOWS.0\repair 2010-04-21 21:48:43 ----SHD---- C:\WINDOWS.0\Installer 2010-04-21 21:48:42 ----D---- C:\WINDOWS.0\WinSxS 2010-04-21 21:40:12 ----RSHDC---- C:\WINDOWS.0\system32\dllcache 2010-04-21 21:40:11 ----D---- C:\WINDOWS.0\system32\CatRoot 2010-04-21 09:39:18 ----AD---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\TEMP 2010-04-20 00:49:48 ----D---- C:\Programme\Google 2010-04-18 22:23:39 ----D---- C:\Programme\Mozilla Firefox 2010-04-16 19:15:58 ----HD---- C:\WINDOWS.0\$hf_mig$ 2010-04-16 19:12:27 ----D---- C:\WINDOWS.0\ie8updates 2010-04-07 23:04:45 ----SHD---- C:\System Volume Information 2010-04-07 23:04:45 ----D---- C:\WINDOWS.0\system32\Restore 2010-04-07 09:41:37 ----D---- C:\Programme\ElsterFormular 2010-04-06 19:52:54 ----A---- C:\WINDOWS.0\system32\MRT.exe 2010-04-05 23:58:57 ----D---- C:\Programme\VarBox 2010-04-05 23:24:53 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\SolidWorks 2010-03-31 22:01:39 ----D---- C:\Programme\Internet Explorer 2010-03-29 08:10:48 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 PQNTDrv;PQNTDrv; C:\WINDOWS.0\system32\drivers\PQNTDrv.sys [2001-08-10 3252] R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 uiwbrdr;uiwbrdr; C:\WINDOWS.0\System32\DRIVERS\uiwbrdr.sys [2008-07-29 149120] R2 aksfridge;aksfridge; \??\C:\WINDOWS.0\system32\drivers\aksfridge.sys [] R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 Hardlock;Hardlock; \??\C:\WINDOWS.0\system32\drivers\hardlock.sys [] R2 Haspnt;Haspnt; \??\C:\WINDOWS.0\system32\drivers\Haspnt.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS [2008-10-10 4024832] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2001-08-18 9600] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtnicxp.sys [2008-10-10 83968] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS.0\system32\DRIVERS\ATITool.sys [2006-11-10 24064] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\s716bus.sys [2007-06-28 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\s716mdfl.sys [2007-06-28 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS.0\system32\DRIVERS\s716mdm.sys [2007-06-28 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS.0\system32\DRIVERS\s716mgmt.sys [2007-06-28 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS.0\system32\DRIVERS\s716nd5.sys [2007-06-28 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS.0\system32\DRIVERS\s716obex.sys [2007-06-28 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS.0\system32\DRIVERS\s716unic.sys [2007-06-28 98952] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS.0\system32\DRIVERS\sr.sys [2004-08-04 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-21 267432] R2 hasplms;HASP License Manager; C:\WINDOWS.0\system32\hasplms.exe [2008-07-17 2549248] R2 IGDCTRL;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-01-04 152984] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2005-12-10 131139] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS.0\system32\IoctlSvc.exe [2006-12-19 81920] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.0\system32\wdfmgr.exe [2004-08-11 38912] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Programme\Viewpoint\Common\ViewpointService.exe [2008-09-08 24652] R3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S2 gupdate1c95c52d66c1150;Google Update Service (gupdate1c95c52d66c1150); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-14 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS.0\System32\svchost.exe [2004-08-04 14336] S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
22.04.2010, 20:20
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hallo und
__________________ Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
23.04.2010, 10:54
| #3 |
| | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hallo Arne,
__________________danke für die Unterstützung, hier mal die 2 Files: OTL: OTL logfile created on: 23.04.2010 10:55:20 - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 23,52 Gb Free Space | 48,17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 100,22 Gb Total Space | 70,26 Gb Free Space | 70,11% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 3,95 Gb Total Space | 1,24 Gb Free Space | 31,44% Space Free | Partition Type: FAT Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS.0\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE (WEB.DE GmbH) PRC - C:\WINDOWS.0\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programme\Brownie\BrStsWnd.exe (brother) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\WINDOWS.0\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\EXPLORERHOOK.DLL (WEB.DE GmbH) MOD - C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (Viewpoint Manager Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (hasplms) -- C:\WINDOWS.0\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS.0\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS.0\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Haspnt) -- C:\WINDOWS.0\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS.0\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (uiwbrdr) -- C:\WINDOWS.0\system32\drivers\uiwbrdr.SYS (WEB.DE GmbH) DRV - (aksfridge) -- C:\WINDOWS.0\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV - (Hardlock) -- C:\WINDOWS.0\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (s716mdm) -- C:\WINDOWS.0\system32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS.0\system32\drivers\s716mgmt.sys (MCCI Corporation) DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\WINDOWS.0\system32\drivers\s716unic.sys (MCCI Corporation) DRV - (s716obex) -- C:\WINDOWS.0\system32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\WINDOWS.0\system32\drivers\s716nd5.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\WINDOWS.0\system32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\WINDOWS.0\system32\drivers\s716bus.sys (MCCI Corporation) DRV - (ATITool) -- C:\WINDOWS.0\system32\drivers\ATITool.sys () DRV - (nv) -- C:\WINDOWS.0\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (PQNTDrv) -- C:\WINDOWS.0\system32\drivers\PQNTDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18 FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Programme\Hotbar\bin\10.2.236.0\firefox\extensions FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.07 23:06:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.07 23:06:36 | 000,000,000 | ---D | M] [2008.10.10 14:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.04.22 18:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\kxkf79ak.default\extensions [2009.12.26 16:52:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\kxkf79ak.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.21 22:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\kxkf79ak.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.04.22 18:12:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.22 23:18:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.22 23:18:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.22 23:18:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.22 23:18:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.22 23:18:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.07 22:52:45 | 000,000,846 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 89.149.249.180 www.google.com O1 - Hosts: 89.149.249.180 www.google.de O1 - Hosts: 89.149.249.180 www.google.fr O1 - Hosts: 89.149.249.180 www.google.co.uk O1 - Hosts: 89.149.249.180 www.google.com.br O1 - Hosts: 89.149.249.180 www.google.it O1 - Hosts: 89.149.249.180 www.google.es O1 - Hosts: 89.149.249.180 www.google.co.jp O1 - Hosts: 89.149.249.180 www.google.com.mx O1 - Hosts: 89.149.249.180 www.google.ca O1 - Hosts: 89.149.249.180 www.google.com.au O1 - Hosts: 89.149.249.180 www.google.nl O1 - Hosts: 89.149.249.180 www.google.co.za O1 - Hosts: 89.149.249.180 www.google.be O1 - Hosts: 89.149.249.180 www.google.gr O1 - Hosts: 89.149.249.180 www.google.at O1 - Hosts: 89.149.249.180 www.google.se O1 - Hosts: 89.149.249.180 www.google.ch O1 - Hosts: 89.149.249.180 www.google.pt O1 - Hosts: 89.149.249.180 www.google.dk O1 - Hosts: 89.149.249.180 www.google.fi O1 - Hosts: 89.149.249.180 www.google.ie O1 - Hosts: 89.149.249.180 www.google.no O1 - Hosts: 89.149.249.180 search.yahoo.com O1 - Hosts: 3 more lines... O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Programme\Gemeinsame Dateien\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKCU..\Run: [BrowserChoice] C:\WINDOWS.0\System32\browserchoice.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE) O4 - HKCU..\Run: [WEB.DE_WEB.DE SmartDrive Manager] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE (WEB.DE GmbH) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS.0\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} https://stream.web.de/v/notify/Download.cab (DownloadCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.08 23:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.23 10:51:58 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.22 23:05:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.04.22 10:11:17 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.22 10:11:17 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.22 09:03:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Reg-Sicherung [2010.04.22 08:58:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.22 08:50:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.22 08:50:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys [2010.04.22 08:50:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys [2010.04.22 08:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.22 08:50:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes [2010.04.21 22:45:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuickScan [2010.04.21 21:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData [2010.04.21 21:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.04.21 21:49:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avipbb.sys [2010.04.21 21:49:06 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntdd.sys [2010.04.21 21:49:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\ssmdrv.sys [2010.04.21 21:49:06 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntmgr.sys [2010.04.21 21:49:05 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.04.21 21:49:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira [2010.04.21 21:42:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads [2010.04.21 07:27:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\browserchoice.exe [2010.04.06 22:16:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\.assistant [2010.04.06 22:14:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2010.04.06 08:44:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\elsterformular [3 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ] [1 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.23 10:57:35 | 000,823,808 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\udmhz.sys [2010.04.23 10:51:59 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.23 10:48:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job [2010.04.23 10:41:32 | 000,001,044 | ---- | M] () -- C:\WINDOWS.0\tasks\Google Software Updater.job [2010.04.23 10:41:23 | 000,002,422 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl [2010.04.23 10:41:22 | 000,000,296 | ---- | M] () -- C:\WINDOWS.0\Brownie.ini [2010.04.23 10:41:15 | 000,043,573 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml [2010.04.23 10:41:13 | 000,001,084 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job [2010.04.23 10:40:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT [2010.04.23 10:40:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat [2010.04.23 10:40:45 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys [2010.04.22 23:05:49 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.04.22 23:05:42 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.04.22 08:58:24 | 000,001,521 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.22 08:58:02 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe [2010.04.22 08:50:24 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.22 08:12:12 | 004,240,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.04.21 22:09:34 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit Fahrtenbuch 2009.xls.lnk [2010.04.21 22:09:34 | 000,000,621 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit medi09b.xls.lnk [2010.04.21 22:09:33 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Fahrtenbuch 2008.xls.lnk [2010.04.21 22:09:33 | 000,000,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\St_08-priv.xls.lnk [2010.04.21 22:09:33 | 000,000,621 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\medi08b.xls.lnk [2010.04.21 21:49:20 | 000,001,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Avira AntiVir Control Center.lnk [2010.04.21 17:56:47 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Browserwahl.lnk [2010.04.20 00:50:02 | 000,001,900 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Google Earth.lnk [2010.04.16 19:15:50 | 000,000,215 | ---- | M] () -- C:\WINDOWS.0\System32\MRT.INI [2010.04.16 13:36:09 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\rasacd.sys [2010.04.16 11:29:51 | 000,000,878 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\WEB.DE Club E-Mail Alarm.lnk [2010.04.08 08:48:14 | 000,146,432 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gunar_Virus.doc [2010.04.07 12:49:06 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HEIMFAHRT.XLS [2010.04.06 08:44:04 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\ElsterFormular.lnk [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys [2010.03.29 08:10:49 | 000,451,970 | ---- | M] () -- C:\WINDOWS.0\System32\perfh007.dat [2010.03.29 08:10:49 | 000,435,260 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat [2010.03.29 08:10:49 | 000,080,928 | ---- | M] () -- C:\WINDOWS.0\System32\perfc007.dat [2010.03.29 08:10:49 | 000,068,156 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat [2010.03.29 08:10:48 | 001,050,716 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI [3 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ] [1 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.22 09:03:52 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe [2010.04.22 08:58:24 | 000,001,521 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.22 08:50:24 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.22 08:22:53 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys [2010.04.21 21:49:20 | 000,001,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Avira AntiVir Control Center.lnk [2010.04.21 17:56:47 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Browserwahl.lnk [2010.04.20 00:50:02 | 000,001,900 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Google Earth.lnk [2010.04.16 19:15:50 | 000,000,215 | ---- | C] () -- C:\WINDOWS.0\System32\MRT.INI [2010.04.08 08:43:03 | 000,146,432 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gunar_Virus.doc [2010.04.07 22:53:25 | 000,823,808 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\udmhz.sys [2010.04.06 08:44:04 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\ElsterFormular.lnk [2010.03.11 08:46:45 | 000,000,072 | ---- | C] () -- C:\WINDOWS.0\EurekaLog.ini [2009.10.11 15:46:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\WININIT.INI [2009.06.08 16:29:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS.0\NeroDigital.ini [2009.01.19 22:37:37 | 000,014,336 | ---- | C] () -- C:\WINDOWS.0\System32\vsmon1.dll [2008.11.03 18:01:02 | 000,000,142 | ---- | C] () -- C:\WINDOWS.0\BRVIDEO.INI [2008.11.03 18:01:02 | 000,000,114 | ---- | C] () -- C:\WINDOWS.0\System32\brlmw03a.ini [2008.11.03 18:01:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\brmx2001.ini [2008.11.03 18:01:01 | 000,009,853 | ---- | C] () -- C:\WINDOWS.0\HL-2150N.INI [2008.11.03 18:00:59 | 000,000,432 | ---- | C] () -- C:\WINDOWS.0\BRWMARK.INI [2008.11.03 18:00:16 | 000,000,296 | ---- | C] () -- C:\WINDOWS.0\Brownie.ini [2008.10.10 15:09:53 | 000,003,252 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\PQNTDRV.SYS [2008.10.10 14:42:09 | 000,000,406 | ---- | C] () -- C:\WINDOWS.0\ODBC.INI [2008.10.10 14:29:17 | 000,000,383 | ---- | C] () -- C:\WINDOWS.0\System32\haspdos.sys [2008.10.10 12:56:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS.0\System32\RTLCPAPI.dll [2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\ATITool.sys [2005.12.10 03:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS.0\System32\nvwdmcpl.dll [2005.12.10 03:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS.0\System32\nview.dll [2005.12.10 03:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS.0\System32\nvwimg.dll [2005.12.10 03:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS.0\System32\nvhwvid.dll [2005.12.10 03:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS.0\System32\nvshell.dll [2005.12.10 03:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS.0\System32\nvnt4cpl.dll [2005.12.10 03:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS.0\System32\nvapi.dll [2003.12.09 00:08:20 | 002,539,520 | ---- | C] () -- C:\WINDOWS.0\System32\Bbgspdf.dll [2003.12.02 13:39:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS.0\System32\InstallPrinter.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS.0\System32\OUTLPERF.INI [2003.01.30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS.0\System32\stlpmt45.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\TEMP:8FF81EB0 < End of report > Extra: OTL Extras logfile created on: 23.04.2010 10:55:20 - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 23,52 Gb Free Space | 48,17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 100,22 Gb Total Space | 70,26 Gb Free Space | 70,11% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 3,95 Gb Total Space | 1,24 Gb Free Space | 31,44% Space Free | Partition Type: FAT Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1947:TCP" = 1947:TCP:*:Enabled:HASP SRM "1947:UDP" = 1947:UDP:*:Enabled:HASP SRM ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300" = Canon iP5300 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{276C0170-2DA6-48BD-86C4-19EF6D832A98}" = SolidWorks 2005 SP0 "{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = HASP SRM Run-time "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{506302FB-8A23-481B-B5BE-A9F7B6107D2D}" = VarBox-Einzelplatz "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75CEDF0C-6531-41CB-BE6F-D2B111E6B77A}" = Brother HL-2150N "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{97917FA0-00C5-4351-AD6B-87AB99C52792}" = eDrawings 2005 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Canon iP5300 Benutzerregistrierung" = Canon iP5300 Benutzerregistrierung "Canon Setup Utility 2.3" = Canon Setup Utility 2.3 "CCleaner" = CCleaner "Easy-WebPrint" = Easy-WebPrint "ElsterFormular 11.2.0.4074" = ElsterFormular "FileZilla Client" = FileZilla Client 3.1.3.1 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "GPU Caps Viewer_is1" = GPU Caps Viewer v1.6.2 "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "Viewpoint Manager" = Viewpoint Manager (Remove Only) "Viewpoint Toolbar" = Viewpoint Toolbar "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.6 "WEB.DE Club E-Mail Alarm" = WEB.DE Club E-Mail Alarm "WEB.DE SmartDrive Manager" = WEB.DE SmartDrive Manager "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = WinRAR "xp-AntiSpy" = xp-AntiSpy 3.96-4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.03.2010 17:46:37 | Computer Name = *** | Source = Google Update | ID = 20 Description = Error - 19.03.2010 03:46:39 | Computer Name = *** | Source = Google Update | ID = 20 Description = Error - 07.04.2010 16:53:30 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung 3c.tmp, Version 3.2.1203.2000, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x002713c4. Error - 17.04.2010 04:15:14 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung myphoneexplorer.exe, Version 1.7.0.0, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.3541, Fehleradresse 0x00012a6b. Error - 21.04.2010 16:45:27 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated abnormally . Error - 21.04.2010 16:45:28 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 21.04.2010 16:45:33 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 21.04.2010 16:45:33 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 21.04.2010 16:45:50 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated abnormally . Error - 21.04.2010 16:45:50 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . [ System Events ] Error - 21.04.2010 15:57:24 | Computer Name = *** | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 21.04.2010 15:57:24 | Computer Name = *** | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 21.04.2010 17:05:00 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 21.04.2010 17:05:00 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 21.04.2010 17:05:00 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 21.04.2010 17:05:00 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 21.04.2010 17:05:00 | Computer Name = *** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip uiwbrdr Error - 21.04.2010 17:05:10 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 22.04.2010 02:11:52 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 22.04.2010 02:12:15 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > Viele Grüße Silver |
|
23.04.2010, 11:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2010.04.23 10:57:35 | 000,823,808 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\udmhz.sys
:Commands
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
23.04.2010, 13:06
| #5 |
| | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hallo, hab ich gemacht hier der LOG. All processes killed ========== OTL ========== File move failed. C:\WINDOWS.0\system32\drivers\udmhz.sys scheduled to be moved on reboot. ========== COMMANDS ========== C:\WINDOWS.0\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 30409725 bytes ->FireFox cache emptied: 3204845 bytes User: Administrator.*** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 55017 bytes User: All Users User: All Users.WINDOWS.0 User: ***r ->Temp folder emptied: 758547063 bytes ->Temporary Internet Files folder emptied: 6955728 bytes ->FireFox cache emptied: 25378218 bytes ->Flash cache emptied: 405 bytes User: *** ->Temp folder emptied: 856077284 bytes ->Temporary Internet Files folder emptied: 2266142 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 47784911 bytes ->Flash cache emptied: 1049 bytes User: BERTHO~1~BER User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User.WINDOWS.0 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService.NT-AUTORITÄT ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 4513047 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: NetworkService.NT-AUTORITÄT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 671771 bytes ->Flash cache emptied: 1318 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2114764 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3059700179 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.576,00 mb OTL by OldTimer - Version 3.2.2.0 log created on 04232010_125621 Files\Folders moved on Reboot... File move failed. C:\WINDOWS.0\system32\drivers\udmhz.sys scheduled to be moved on reboot. File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DF740C.tmp not found! File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DF8F94.tmp not found! File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DF97C0.tmp not found! File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DFA202.tmp not found! File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DFE3EF.tmp not found! C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QZOLREMD\default[2].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QZOLREMD\gayroyal_com[2].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QZOLREMD\left[2].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QZOLREMD\menu[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QZOLREMD\top[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LDQIHONM\form[1].htc moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E88JBNGR\default[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E88JBNGR\empty[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E88JBNGR\msg[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E88JBNGR\page28[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E88JBNGR\sniff[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1OHI90PC\default[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1OHI90PC\left[2].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS.0\temp\hlktmp scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
24.04.2010, 15:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Ok. Hast Du den Rechner danach mal neu gestartet? Da war eine Datei beim OTL-Fix, die er im laufenden Windows nicht verschieben konnte. Wenn Du den Neustart gemacht hast, bitte mal ein neues OTL Log posten.
__________________ --> Trojaner eingefangen, weiß nicht ob System jetzt sauber... |
|
25.04.2010, 12:39
| #7 |
| | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hi, Rechner wurde neu gestartet, wir haben das fixing nochmal durchgeführt hier der Log: All processes killed Error: Unable to interpret <OTL> in the current context! Error: Unable to interpret <[2010.04.23 10:57:35 | 000,823,808 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\udmhz.sys> in the current context! ========== COMMANDS ========== C:\WINDOWS.0\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Administrator.***-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: All Users.WINDOWS.0 User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 656089 bytes ->Temporary Internet Files folder emptied: 9877846 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 1142 bytes User: BERTHO~1~BER User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS.0 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.NT-AUTORITÄT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 110988 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.NT-AUTORITÄT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 505 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 10,00 mb OTL by OldTimer - Version 3.2.2.0 log created on 04252010_125539 Files\Folders moved on Reboot... File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DF317F.tmp not found! File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DF39D9.tmp not found! File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DFC335.tmp not found! File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\~DFCF03.tmp not found! C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YIKJMRVJ\default[2].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YIKJMRVJ\default[3].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YIKJMRVJ\gayroyal_com[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YIKJMRVJ\startseite[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\W0B9XX7V\left[2].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\W0B9XX7V\menu[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PCICBHXP\blank[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PCICBHXP\frame[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JKA7D72X\left[2].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JKA7D72X\menu[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JKA7D72X\sniff[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JKA7D72X\top[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GMTDLOEF\ChatStatus[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GMTDLOEF\msg[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5LRP51OM\form[1].htc moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5LRP51OM\lesen[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5LRP51OM\NGHourCount[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5LRP51OM\text_popup[5].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3K0O8WEV\refresh_session[1].htm moved successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS.0\temp\hlktmp scheduled to be moved on reboot. Registry entries deleted on Reboot... VG Silver |
|
25.04.2010, 13:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Du solltest ein neues OTL-Log zur Kontrolle erstellen und posten und eigentlich nicht das gleiche Fixing nochmal machen. Wo hast Du das herausgelesen?
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
25.04.2010, 19:21
| #9 |
| | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Entschuldige, das habe ich falsch interpretiert hier noch mal die 2 log Files vom OTL, ich hoffe das die jetzt richtig sind. OTL Extras logfile created on: 25.04.2010 18:40:56 - Run 2 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,97 Gb Free Space | 57,28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 100,22 Gb Total Space | 70,26 Gb Free Space | 70,11% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 3,95 Gb Total Space | 1,24 Gb Free Space | 31,44% Space Free | Partition Type: FAT Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1947:TCP" = 1947:TCP:*:Enabled:HASP SRM "1947:UDP" = 1947:UDP:*:Enabled:HASP SRM ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300" = Canon iP5300 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{276C0170-2DA6-48BD-86C4-19EF6D832A98}" = SolidWorks 2005 SP0 "{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = HASP SRM Run-time "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{506302FB-8A23-481B-B5BE-A9F7B6107D2D}" = VarBox-Einzelplatz "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75CEDF0C-6531-41CB-BE6F-D2B111E6B77A}" = Brother HL-2150N "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{97917FA0-00C5-4351-AD6B-87AB99C52792}" = eDrawings 2005 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Canon iP5300 Benutzerregistrierung" = Canon iP5300 Benutzerregistrierung "Canon Setup Utility 2.3" = Canon Setup Utility 2.3 "CCleaner" = CCleaner "Easy-WebPrint" = Easy-WebPrint "ElsterFormular 11.2.0.4074" = ElsterFormular "FileZilla Client" = FileZilla Client 3.1.3.1 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "GPU Caps Viewer_is1" = GPU Caps Viewer v1.6.2 "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "Viewpoint Manager" = Viewpoint Manager (Remove Only) "Viewpoint Toolbar" = Viewpoint Toolbar "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.6 "WEB.DE Club E-Mail Alarm" = WEB.DE Club E-Mail Alarm "WEB.DE SmartDrive Manager" = WEB.DE SmartDrive Manager "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = WinRAR "xp-AntiSpy" = xp-AntiSpy 3.96-4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.03.2010 17:46:37 | Computer Name = *** | Source = Google Update | ID = 20 Description = Error - 19.03.2010 03:46:39 | Computer Name = *** | Source = Google Update | ID = 20 Description = Error - 07.04.2010 16:53:30 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung 3c.tmp, Version 3.2.1203.2000, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x002713c4. Error - 17.04.2010 04:15:14 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung myphoneexplorer.exe, Version 1.7.0.0, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.3541, Fehleradresse 0x00012a6b. Error - 21.04.2010 16:45:27 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated abnormally . Error - 21.04.2010 16:45:28 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 21.04.2010 16:45:33 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 21.04.2010 16:45:33 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 21.04.2010 16:45:50 | Computer Name = **** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated abnormally . Error - 21.04.2010 16:45:50 | Computer Name = *** | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . [ System Events ] Error - 23.04.2010 06:56:22 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "NMIndexingService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 23.04.2010 06:56:22 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "PLFlash DeviceIoControl Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "AVM IGD CTRL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "HASP License Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Nero BackItUp Scheduler 3" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Viewpoint Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "NMIndexingService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.04.2010 06:55:40 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > ---------- OTL logfile created on: 25.04.2010 18:40:55 - Run 2 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,97 Gb Free Space | 57,28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 100,22 Gb Total Space | 70,26 Gb Free Space | 70,11% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 3,95 Gb Total Space | 1,24 Gb Free Space | 31,44% Space Free | Partition Type: FAT Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS.0\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE (WEB.DE GmbH) PRC - C:\WINDOWS.0\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programme\Brownie\BrStsWnd.exe (brother) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\WINDOWS.0\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\EXPLORERHOOK.DLL (WEB.DE GmbH) MOD - C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (Viewpoint Manager Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (hasplms) -- C:\WINDOWS.0\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS.0\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS.0\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Haspnt) -- C:\WINDOWS.0\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS.0\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (uiwbrdr) -- C:\WINDOWS.0\system32\drivers\uiwbrdr.SYS (WEB.DE GmbH) DRV - (aksfridge) -- C:\WINDOWS.0\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV - (Hardlock) -- C:\WINDOWS.0\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (s716mdm) -- C:\WINDOWS.0\system32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS.0\system32\drivers\s716mgmt.sys (MCCI Corporation) DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\WINDOWS.0\system32\drivers\s716unic.sys (MCCI Corporation) DRV - (s716obex) -- C:\WINDOWS.0\system32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\WINDOWS.0\system32\drivers\s716nd5.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\WINDOWS.0\system32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\WINDOWS.0\system32\drivers\s716bus.sys (MCCI Corporation) DRV - (ATITool) -- C:\WINDOWS.0\system32\drivers\ATITool.sys () DRV - (nv) -- C:\WINDOWS.0\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (PQNTDrv) -- C:\WINDOWS.0\system32\drivers\PQNTDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18 FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Programme\Hotbar\bin\10.2.236.0\firefox\extensions FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.07 23:06:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.07 23:06:36 | 000,000,000 | ---D | M] [2008.10.10 14:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.04.22 18:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\kxkf79ak.default\extensions [2009.12.26 16:52:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\kxkf79ak.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.21 22:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\kxkf79ak.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.04.22 18:12:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.22 23:18:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.22 23:18:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.22 23:18:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.22 23:18:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.22 23:18:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.25 12:55:40 | 000,000,098 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Programme\Gemeinsame Dateien\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE) O4 - HKCU..\Run: [WEB.DE_WEB.DE SmartDrive Manager] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE (WEB.DE GmbH) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS.0\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} https://stream.web.de/v/notify/Download.cab (DownloadCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.08 23:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.24 12:08:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.04.23 12:56:21 | 000,000,000 | ---D | C] -- C:\_OTL [2010.04.23 10:51:58 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.22 10:11:17 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.22 10:11:17 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.22 09:03:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Reg-Sicherung [2010.04.22 08:58:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.22 08:50:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.22 08:50:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys [2010.04.22 08:50:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys [2010.04.22 08:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.22 08:50:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes [2010.04.21 22:45:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuickScan [2010.04.21 21:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData [2010.04.21 21:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.04.21 21:49:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avipbb.sys [2010.04.21 21:49:06 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntdd.sys [2010.04.21 21:49:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\ssmdrv.sys [2010.04.21 21:49:06 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntmgr.sys [2010.04.21 21:49:05 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.04.21 21:49:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira [2010.04.21 21:42:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads [2010.04.21 07:27:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\browserchoice.exe [2010.04.06 22:16:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\.assistant [2010.04.06 22:14:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2010.04.06 08:44:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\elsterformular ========== Files - Modified Within 30 Days ========== [2010.04.25 18:42:42 | 000,823,808 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\udmhz.sys [2010.04.25 17:48:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job [2010.04.25 14:16:10 | 000,001,044 | ---- | M] () -- C:\WINDOWS.0\tasks\Google Software Updater.job [2010.04.25 12:58:21 | 000,000,296 | ---- | M] () -- C:\WINDOWS.0\Brownie.ini [2010.04.25 12:58:19 | 000,043,573 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml [2010.04.25 12:57:43 | 000,002,422 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl [2010.04.25 12:57:41 | 000,001,084 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job [2010.04.25 12:57:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT [2010.04.25 12:57:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat [2010.04.25 12:57:15 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys [2010.04.25 12:55:57 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.04.25 12:55:57 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.04.25 12:55:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\Hosts [2010.04.23 10:51:59 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.22 08:58:24 | 000,001,521 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.22 08:58:02 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe [2010.04.22 08:50:24 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.22 08:12:12 | 004,240,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.04.21 22:09:34 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit Fahrtenbuch 2009.xls.lnk [2010.04.21 22:09:34 | 000,000,621 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit medi09b.xls.lnk [2010.04.21 22:09:33 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Fahrtenbuch 2008.xls.lnk [2010.04.21 22:09:33 | 000,000,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\St_08-priv.xls.lnk [2010.04.21 22:09:33 | 000,000,621 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\medi08b.xls.lnk [2010.04.21 21:49:20 | 000,001,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Avira AntiVir Control Center.lnk [2010.04.21 17:56:47 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Browserwahl.lnk [2010.04.20 00:50:02 | 000,001,900 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Google Earth.lnk [2010.04.16 19:15:50 | 000,000,215 | ---- | M] () -- C:\WINDOWS.0\System32\MRT.INI [2010.04.16 13:36:09 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\rasacd.sys [2010.04.16 11:29:51 | 000,000,878 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\WEB.DE Club E-Mail Alarm.lnk [2010.04.08 08:48:14 | 000,146,432 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gunar_Virus.doc [2010.04.07 12:49:06 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HEIMFAHRT.XLS [2010.04.06 08:44:04 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\ElsterFormular.lnk [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys [2010.03.29 08:10:49 | 000,451,970 | ---- | M] () -- C:\WINDOWS.0\System32\perfh007.dat [2010.03.29 08:10:49 | 000,435,260 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat [2010.03.29 08:10:49 | 000,080,928 | ---- | M] () -- C:\WINDOWS.0\System32\perfc007.dat [2010.03.29 08:10:49 | 000,068,156 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat [2010.03.29 08:10:48 | 001,050,716 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2010.04.22 09:03:52 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe [2010.04.22 08:58:24 | 000,001,521 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.22 08:50:24 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.22 08:22:53 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys [2010.04.21 21:49:20 | 000,001,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Avira AntiVir Control Center.lnk [2010.04.21 17:56:47 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Browserwahl.lnk [2010.04.20 00:50:02 | 000,001,900 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Google Earth.lnk [2010.04.16 19:15:50 | 000,000,215 | ---- | C] () -- C:\WINDOWS.0\System32\MRT.INI [2010.04.08 08:43:03 | 000,146,432 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gunar_Virus.doc [2010.04.07 22:53:25 | 000,823,808 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\udmhz.sys [2010.04.06 08:44:04 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\ElsterFormular.lnk [2010.03.11 08:46:45 | 000,000,072 | ---- | C] () -- C:\WINDOWS.0\EurekaLog.ini [2009.10.11 15:46:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\WININIT.INI [2009.06.08 16:29:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS.0\NeroDigital.ini [2009.01.19 22:37:37 | 000,014,336 | ---- | C] () -- C:\WINDOWS.0\System32\vsmon1.dll [2008.11.03 18:01:02 | 000,000,142 | ---- | C] () -- C:\WINDOWS.0\BRVIDEO.INI [2008.11.03 18:01:02 | 000,000,114 | ---- | C] () -- C:\WINDOWS.0\System32\brlmw03a.ini [2008.11.03 18:01:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\brmx2001.ini [2008.11.03 18:01:01 | 000,009,853 | ---- | C] () -- C:\WINDOWS.0\HL-2150N.INI [2008.11.03 18:00:59 | 000,000,432 | ---- | C] () -- C:\WINDOWS.0\BRWMARK.INI [2008.11.03 18:00:16 | 000,000,296 | ---- | C] () -- C:\WINDOWS.0\Brownie.ini [2008.10.10 15:09:53 | 000,003,252 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\PQNTDRV.SYS [2008.10.10 14:42:09 | 000,000,406 | ---- | C] () -- C:\WINDOWS.0\ODBC.INI [2008.10.10 14:29:17 | 000,000,383 | ---- | C] () -- C:\WINDOWS.0\System32\haspdos.sys [2008.10.10 12:56:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS.0\System32\RTLCPAPI.dll [2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\ATITool.sys [2005.12.10 03:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS.0\System32\nvwdmcpl.dll [2005.12.10 03:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS.0\System32\nview.dll [2005.12.10 03:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS.0\System32\nvwimg.dll [2005.12.10 03:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS.0\System32\nvhwvid.dll [2005.12.10 03:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS.0\System32\nvshell.dll [2005.12.10 03:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS.0\System32\nvnt4cpl.dll [2005.12.10 03:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS.0\System32\nvapi.dll [2003.12.09 00:08:20 | 002,539,520 | ---- | C] () -- C:\WINDOWS.0\System32\Bbgspdf.dll [2003.12.02 13:39:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS.0\System32\InstallPrinter.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS.0\System32\OUTLPERF.INI [2003.01.30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS.0\System32\stlpmt45.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\TEMP:8FF81EB0 < End of report > |
|
26.04.2010, 22:22
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Die Datei ist immer noch da  Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
C:\WINDOWS.0\System32\drivers\udmhz.sys
drivers to delete:
udmhz.sys
udmhz
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
28.04.2010, 08:50
| #11 |
| | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hallo, hier hab ich mal das Logfile vom Avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS.0\System32\drivers\udmhz.sys" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\udmhz.sys" not found! Deletion of driver "udmhz.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "udmhz" deleted successfully. Completed script processing. ******************* Finished! Terminate. Scheint ja jetzt clean zu sein. Gruß Silverdrow |
|
28.04.2010, 09:04
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Ok. Denk ans Hochladen der Backup.zip. Mach bitte wieder frische Logs mit OTL und poste sie. Am besten auch noch welche mit GMER und OSAM.
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
28.04.2010, 21:03
| #13 |
| | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hi, also hier der link: hxxp://www.file-upload.net/download-2473650/backup.zip.html Ich bin mir jetzt nicht sicher ob das richtig ist. Mein Bekannter wollte noch eine 2. Zipdatei schicken, da hatte aber Avira sofort gemeckert, das da ein Rootkit vorhanden wäre. Er hat dieses Zip-File gelöscht. Gruß Silverdrow |
|
29.04.2010, 09:17
| #14 |
| | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hallo, hier noch die GMER und OSAM logs, OTL machen wir auch noch: GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-04-28 23:30:17 Windows 5.1.2600 Service Pack 2 Running: 4dfhcuqy.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\kwdyikow.sys ---- System - GMER 1.0.15 ---- SSDT BA70BCD4 ZwCreateThread SSDT BA70BCE3 ZwDeleteKey SSDT BA70BCED ZwDeleteValueKey SSDT BA70BCF2 ZwLoadKey SSDT BA70BCC0 ZwOpenProcess SSDT BA70BCC5 ZwOpenThread SSDT BA70BCFC ZwReplaceKey SSDT BA70BCF7 ZwRestoreKey SSDT BA70BCE8 ZwSetValueKey SSDT \WINDOWS.0\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateKey [0x80542071] SSDT \WINDOWS.0\system32\ntkrnlpa.exe[unknown section] [80542071] ZwCreateKey [0x80542071] SSDT \WINDOWS.0\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKey [0x80542076] SSDT \WINDOWS.0\system32\ntkrnlpa.exe[unknown section] [80542076] ZwOpenKey [0x80542076] INT 0x03 \WINDOWS.0\system32\ntkrnlpa.exe[unknown section] 8054207B INT 0x06 \??\C:\WINDOWS.0\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B505216D INT 0x0E \??\C:\WINDOWS.0\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B5051FC2 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2710 80501600 4 Bytes CALL E30A86C1 .text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9A56360, 0x20598D, 0xE8000020] .text C:\WINDOWS.0\system32\drivers\aksfridge.sys section is writeable [0xB4DC7000, 0x48011, 0xE0000020] .init C:\WINDOWS.0\system32\drivers\aksfridge.sys entry point in ".init" section [0xB4E1C224] .init C:\WINDOWS.0\system32\drivers\aksfridge.sys unknown last code section [0xB4E1C000, 0x4000, 0xE20000E0] .text C:\WINDOWS.0\system32\drivers\hardlock.sys section is writeable [0xB4C6E400, 0x6E1B2, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB4CF8220] C:\WINDOWS.0\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB4CF8220] .protectÿÿÿÿhardlockunknown last code section [0xB4CF8000, 0x50EA, 0xE0000020] C:\WINDOWS.0\system32\drivers\hardlock.sys unknown last code section [0xB4CF8000, 0x50EA, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 1002059F C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 100205DE C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 10020533 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!GetScrollInfo 7E370DA2 7 Bytes JMP 100204E2 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!ShowScrollBar 7E37F2B3 2 Bytes JMP 10020584 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!ShowScrollBar + 3 7E37F2B6 2 Bytes [CA, 91] .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!GetScrollPos 7E37F6C4 5 Bytes JMP 100204FD C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!SetScrollPos 7E37F710 5 Bytes JMP 1002054E C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!GetScrollRange 7E37F747 5 Bytes JMP 10020518 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!SetScrollRange 7E37F95B 5 Bytes JMP 10020569 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) .text C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] USER32.dll!EnableScrollBar 7E3B7DDD 7 Bytes JMP 100204C7 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS.0\system32\wscntfy.exe[584] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\WINDOWS.0\Explorer.EXE[928] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\Programme\Brownie\BrstsWnd.exe[1584] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\WINDOWS.0\SOUNDMAN.EXE[1648] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe[1888] @ C:\WINDOWS.0\system32\shell32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\WINDOWS.0\system32\RUNDLL32.EXE[1960] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1980] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\WINDOWS.0\system32\ctfmon.exe[2056] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe[2072] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2092] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe[2124] @ C:\WINDOWS.0\system32\shell32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) IAT C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2148] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll (WEB.DE SmartDrive Manager/WEB.DE GmbH) ---- Devices - GMER 1.0.15 ---- Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:44:58 on 28.04.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ALSNDMGR.CPL" - ? - C:\WINDOWS.0\system32\ALSNDMGR.CPL (File signed by Microsoft | File found, but it contains no detailed information) "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS.0\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS.0\system32\javacpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS.0\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS.0\System32\DRIVERS\ATITool.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS.0\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS.0\System32\DRIVERS\avipbb.sys "Changer" (Changer) - ? - C:\WINDOWS.0\system32\drivers\Changer.sys (File not found) "Haspnt" (Haspnt) - "Aladdin Knowledge Systems" - C:\WINDOWS.0\system32\drivers\Haspnt.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS.0\system32\drivers\i2omgmt.sys (File not found) "kwdyikow" (kwdyikow) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\kwdyikow.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS.0\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS.0\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS.0\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS.0\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS.0\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS.0\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - ? - C:\WINDOWS.0\system32\drivers\PQNTDrv.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS.0\System32\DRIVERS\ssmdrv.sys "uiwbrdr" (uiwbrdr) - "WEB.DE GmbH" - C:\WINDOWS.0\System32\DRIVERS\uiwbrdr.sys "WDICA" (WDICA) - ? - C:\WINDOWS.0\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS.0\system32\Rundll32.exe C:\WINDOWS.0\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS.0\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS.0\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS.0\system32\mscoree.dll {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - "Google Inc." - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS.0\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS.0\system32\nvshell.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS.0\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS.0\system32\dfshim.dll {42368EF3-D9FE-4bc4-9FD5-01903EB21F53} "ShellContextMenuHandler Class" - "WEB.DE GmbH" - C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS.DLL {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS.0\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} "{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Programme\DivX\DivX Web Player\npdivx32.dll / hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} "DownloadCtrl Class" - "WEB.DE AG, Karlsruhe" - C:\WINDOWS.0\system32\Connect.dll / https://stream.web.de/v/notify/Download.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS.0\Downloaded Program Files\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS.0\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} "{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll {F8AD5AA5-D966-4667-9DAF-2561D68B2012} "Viewpoint Toolbar" - "Viewpoint Corporation" - C:\Programme\Gemeinsame Dateien\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WEB.DE Club E-Mail Alarm" - "WEB.DE" - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe "WEB.DE_WEB.DE SmartDrive Manager" - "WEB.DE GmbH" - "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS.0\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; Hotbar 10.2.236.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.munichbears.de/" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BrStsWnd" - "brother" - C:\Programme\Brownie\BrstsWnd.exe Autorun "NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "vspdfprsrv.exe" - ? - C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "WEB.DE SmartDrive" - "WEB.DE GmbH" - C:\WINDOWS.0\System32\uiwbnp.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINDOWS.0\system32\avmprmon.dll "Bluebeam PDF Monitor" - "Bluebeam Software, Inc." - C:\WINDOWS.0\system32\BBPDFPortMon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS.0\system32\mdimon.dll "VSP1:" - ? - C:\WINDOWS.0\system32\vsmon1.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE "getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c95c52d66c1150)" (gupdate1c95c52d66c1150) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS.0\system32\IoctlSvc.exe "Viewpoint Manager Service" (Viewpoint Manager Service) - "Viewpoint Corporation" - C:\Programme\Viewpoint\Common\ViewpointService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS.0\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Gruß Silverdrow |
|
29.04.2010, 09:34
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen, weiß nicht ob System jetzt sauber... Sieht gut aus. Das OTL Log bräuchte ich noch. Falls sich jmd an diesem stört (aus dem OSAM-Log), das Teil gehört zu GMER und ist okay: Zitat:
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
| Themen zu Trojaner eingefangen, weiß nicht ob System jetzt sauber... |
| adware.casino, adware.hotbar, adware.seekmo, adware.softomate, adware.zango, antivir, antivir guard, avgntflt.sys, browser, desktop, dll, e-mail, einstellungen, excel, explorer, firefox, flash player, fontcache, ftp, gupdate, helper, hkus\s-1-5-18, install.exe, installation, logfile, malware, msiexec.exe, opera.exe, pdf, registry, rundll, software, static, stolen.data, system, temp, trojan.downloader, trojan.ertfor, trojaner, trojaner eingefangen, updates, windows internet, windows internet explorer, windows xp |
