| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus + Trojaner ( TR/Crypt.XPACK.Gen3 ?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2010, 17:20
| #1 | |
| |  Virus + Trojaner ( TR/Crypt.XPACK.Gen3 ?) Ich muss gerade einen Rechner von einem Bekannten von einem Virus/Trojaner befreien. Ich vermute eine besonders aggressive Variante von TR/Crypt.XPACK.Gen3 Die Symptome sind folgende: - Abgesicherter Modus funktioniert nicht mehr / Bluescreen - Taskmanager wurde deaktiviert. - Rechtsklick funktioniert nur noch bedingt - Programme werden sofort wieder geschlossen bzw. starten nicht. - Ordner können nur willkürlich geöffnet werden. - Beim Start von windows treten Fehlermeldungen auf: -"svchosty.exe - Fehler in der Anwendung Anwendung Die Anweisung in "0x00000000 -- [...]- Auf USB-sticks wird eine Autorun.exe + Autorun.inf erstellt ( 66KB ) groß - Der Pc rechnet die ganze Zeit / ist sehr ausgelastet. Mit viel Glück konnte ich OTL starten. Hier sind die Logs. OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.10.2010 17:43:34 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\Bro\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 462,40 Gb Total Space | 412,48 Gb Free Space | 89,21% Space Free | Partition Type: NTFS Computer Name: CARSTEN | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2010.10.19 17:38:36 | 000,244,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\svchosty.exe PRC - [2010.10.13 13:46:04 | 000,246,272 | ---- | M] () -- C:\WINDOWS\wdmon.exe PRC - [2010.10.13 02:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Bro\Desktop\OTL.exe PRC - [2010.10.06 15:18:19 | 000,245,760 | ---- | M] () -- C:\WINDOWS\svw.exe PRC - [2010.10.06 15:18:18 | 000,245,248 | ---- | M] () -- C:\WINDOWS\svx.exe PRC - [2010.10.06 15:18:18 | 000,244,736 | ---- | M] () -- C:\WINDOWS\vlc.exe PRC - [2010.10.06 15:14:39 | 000,246,272 | ---- | M] () -- C:\WINDOWS\svc.exe PRC - [2010.10.06 15:14:19 | 000,274,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\fFollower.exe PRC - [2010.10.06 13:20:03 | 000,131,072 | ---- | M] (Microsoft) -- C:\Dokumente und Einstellungen\Bro\Anwendungsdaten\MSA\mscj.exe PRC - [2010.10.06 13:19:57 | 000,010,240 | ---- | M] (Microsoft) -- C:\Dokumente und Einstellungen\Bro\Anwendungsdaten\MSA\mscjm.exe PRC - [2009.05.21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2008.11.07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.11.07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.08.13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.02.12 22:11:34 | 000,079,360 | ---- | M] (Autodesk) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe PRC - [2008.01.11 23:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2007.09.07 12:16:50 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2007.09.07 12:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006.11.05 13:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe PRC - [2006.11.05 13:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe PRC - [2006.10.20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2006.10.03 13:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2006.09.29 13:48:06 | 000,065,536 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe PRC - [2006.08.17 11:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe ========== Modules (SafeList) ========== MOD - [2010.10.13 02:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Bro\Desktop\OTL.exe MOD - [2006.08.25 10:46:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004.08.04 16:00:00 | 001,392,671 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll MOD - [2004.08.04 16:00:00 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll MOD - [2004.08.04 16:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2004.08.04 16:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2004.08.04 16:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.10.06 15:14:19 | 000,274,432 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\fFollower.exe -- (Follower) SRV - [2008.11.07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.08.13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Programme\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008.02.13 14:02:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.02.12 22:11:34 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2007.09.07 12:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.11.05 13:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006.11.05 13:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.09.29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) SRV - [2006.09.14 16:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2004.10.22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010.09.13 23:29:36 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2008.09.26 09:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.09.26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.07.22 22:36:42 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2007.07.22 17:27:12 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.08 22:10:22 | 006,738,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007.06.20 20:45:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2007.02.16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.02.16 11:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2007.02.15 17:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2006.08.18 15:18:06 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006.08.18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006.08.18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.08.18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.08.18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.08.18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.08.18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.08.18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.08.11 13:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2006.08.11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006.08.11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2006.07.21 13:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2004.08.12 19:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004.08.04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2004.08.04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2001.08.18 06:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080208 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/hws/sb/dell-row/de/side.html?channel=de-smb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080208 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080208 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/hws/sb/dell-row/de/side.html?channel=de-smb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080208 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.06 15:36:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.22 14:02:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 17:43:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.05 12:33:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2010.08.04 15:30:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.04 15:30:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.04 15:30:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.04 15:30:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.04 15:30:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [binfix7080010000.exe] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\binfix7080010000.exe () O4 - HKLM..\Run: [C:\DOKUME~1\Bro\LOKALE~1\Temp\ope21.exe ] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\ope21.exe () O4 - HKLM..\Run: [C:\DOKUME~1\Bro\LOKALE~1\Temp\ope33.exe ] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\ope33.exe () O4 - HKLM..\Run: [C:\DOKUME~1\Bro\LOKALE~1\Temp\ope4C.exe ] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\ope4C.exe () O4 - HKLM..\Run: [C:\WINDOWS\TEMP\ope11.exe ] C:\WINDOWS\Temp\ope11.exe () O4 - HKLM..\Run: [C:\WINDOWS\TEMP\ope44.exe ] C:\WINDOWS\Temp\ope44.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [khijhfsys] C:\WINDOWS\System32\effcdd.dll (foobar2000.org) O4 - HKLM..\Run: [netc] C:\WINDOWS\svc.exe () O4 - HKLM..\Run: [netw] C:\WINDOWS\svw.exe () O4 - HKLM..\Run: [netx] C:\WINDOWS\svx.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [sstutsaudio] C:\WINDOWS\System32\vtustr.dll (foobar2000.org) O4 - HKLM..\Run: [vlc] C:\WINDOWS\vlc.exe () O4 - HKLM..\Run: [wdmon] C:\WINDOWS\wdmon.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.244,93.188.160.54 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O30 - LSA: Authentication Packages - (effcdd.dll) - C:\WINDOWS\System32\effcdd.dll (foobar2000.org) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.10.19 16:45:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.19 16:45:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.19 16:45:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.19 16:45:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.06 16:21:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Thunderbird [2010.10.06 15:40:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.10.06 15:40:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.10.06 15:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.10.06 15:36:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.10.06 15:36:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Mozilla [2010.10.06 15:19:53 | 000,116,224 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\vtustr.dll [2010.10.06 15:14:42 | 000,108,032 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\effcdd.dll [2010.09.13 23:29:37 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys [2010.09.13 23:29:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010.09.13 23:29:10 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson [2008.02.16 14:38:25 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.10.19 17:38:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.19 17:38:24 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys [2010.10.19 17:24:25 | 001,605,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.19 16:45:19 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 15:45:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.13 13:46:04 | 000,246,272 | ---- | M] () -- C:\WINDOWS\wdmon.exe [2010.10.06 15:19:53 | 000,116,224 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\vtustr.dll [2010.10.06 15:18:19 | 000,245,760 | ---- | M] () -- C:\WINDOWS\svw.exe [2010.10.06 15:18:18 | 000,245,248 | ---- | M] () -- C:\WINDOWS\svx.exe [2010.10.06 15:18:18 | 000,244,736 | ---- | M] () -- C:\WINDOWS\vlc.exe [2010.10.06 15:14:45 | 000,047,620 | ---- | M] () -- C:\WINDOWS\System32\logon.exe [2010.10.06 15:14:42 | 000,108,032 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\effcdd.dll [2010.10.06 15:14:39 | 000,246,272 | ---- | M] () -- C:\WINDOWS\svc.exe [2010.10.04 09:20:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null [2010.09.13 23:29:36 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.19 16:45:19 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.06 15:17:03 | 000,246,272 | ---- | C] () -- C:\WINDOWS\wdmon.exe [2010.10.06 15:17:03 | 000,245,760 | ---- | C] () -- C:\WINDOWS\svw.exe [2010.10.06 15:17:03 | 000,245,248 | ---- | C] () -- C:\WINDOWS\svx.exe [2010.10.06 15:17:03 | 000,244,736 | ---- | C] () -- C:\WINDOWS\vlc.exe [2010.10.06 15:14:49 | 000,047,620 | ---- | C] () -- C:\WINDOWS\System32\logon.exe [2010.10.06 15:14:21 | 000,246,272 | ---- | C] () -- C:\WINDOWS\svc.exe [2010.02.22 20:23:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Legendgenerator.INI [2008.02.16 15:56:41 | 000,000,150 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini [2008.02.16 14:38:26 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2008.02.16 14:38:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll [2008.02.12 19:43:24 | 000,000,033 | ---- | C] () -- C:\WINDOWS\alltop.17.0.INI [2008.02.12 19:36:30 | 000,006,067 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2008.02.07 19:40:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.02.07 19:34:18 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2008.02.07 19:34:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008.02.07 19:11:14 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll [2008.02.07 19:09:52 | 000,001,507 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.11.07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.09.17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006.09.17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2004.08.13 15:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 15:02:49 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.08.13 14:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.13 14:47:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.08.13 14:40:41 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004.08.13 14:40:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll ========== LOP Check ========== [2008.02.12 22:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2008.02.07 19:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SupportSoft ========== Purity Check ========== < End of report > [/code] Und die Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.10.2010 17:43:34 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\Bro\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 462,40 Gb Total Space | 412,48 Gb Free Space | 89,21% Space Free | Partition Type: NTFS
Computer Name: CARSTEN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Autodesk\3ds Max 9\3dsmax.exe" = C:\Programme\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\monitor.exe" = C:\Programme\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\manager.exe" = C:\Programme\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\server.exe" = C:\Programme\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\DOKUME~1\Bro\LOKALE~1\Temp\4_pinnew.exe" = C:\DOKUME~1\Bro\LOKALE~1\Temp\4_pinnew.exe:*:Enabled:Enabled -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2008
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A88EFF90-6DA0-4468-85D4-62543AD92A83}" = Nemetschek Allplan 2008
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Hardlock Device Driver" = Hardlock Device Driver
"Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Miranda IM" = Miranda IM 0.7.3
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Stifttablett
"PRJPRO" = Microsoft Office Project Professional 2007
"SearchAssist" = SearchAssist
"V-Ray for 3dsmax R9 for x86" = V-Ray for 3dsmax R9 for x86
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.10.2010 11:28:16 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
Error - 17.10.2010 11:29:50 | Computer Name = CARSTEN | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 17.10.2010 11:29:50 | Computer Name = CARSTEN | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 17.10.2010 11:31:59 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
Error - 19.10.2010 09:46:26 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
Error - 19.10.2010 10:03:41 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
Error - 19.10.2010 10:18:53 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
Error - 19.10.2010 10:44:30 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
Error - 19.10.2010 11:25:23 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
Error - 19.10.2010 11:39:35 | Computer Name = CARSTEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a61ae.
[ System Events ]
Error - 19.10.2010 11:08:11 | Computer Name = CARSTEN | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 13 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 19.10.2010 11:18:28 | Computer Name = CARSTEN | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 19.10.2010 11:18:28 | Computer Name = CARSTEN | Source = Service Control Manager | ID = 7034
Description = Dienst "COM+-Ereignissystem" wurde unerwartet beendet. Dies ist bereits
19 Mal passiert.
Error - 19.10.2010 11:18:28 | Computer Name = CARSTEN | Source = Service Control Manager | ID = 7034
Description = Dienst "Systemereignisbenachrichtigung" wurde unerwartet beendet.
Dies ist bereits 19 Mal passiert.
Error - 19.10.2010 11:18:28 | Computer Name = CARSTEN | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 19 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 19.10.2010 11:19:18 | Computer Name = CARSTEN | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 19.10.2010 11:24:39 | Computer Name = CARSTEN | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 19.10.2010 11:24:39 | Computer Name = CARSTEN | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 19.10.2010 11:38:53 | Computer Name = CARSTEN | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 19.10.2010 11:38:53 | Computer Name = CARSTEN | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
< End of report >
Was muss ich nun tun ? Malwarebytes' Anti-Malware lässt sich nicht starten. Allgemein ist es sau schwer irgendwelche Programme auszuführen da das Virus es nicht zulässt. Ich bitte um Hilfe. Oder hilft da nur noch formatieren ? Also soweit mein Halbwissen reicht müssten Folgende Datein die übeltäter sein: Code:
ATTFilter PRC - [2010.10.19 17:38:36 | 000,244,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\svchosty.exe
PRC - [2010.10.06 15:18:19 | 000,245,760 | ---- | M] () -- C:\WINDOWS\svw.exe
PRC - [2010.10.06 15:18:18 | 000,245,248 | ---- | M] () -- C:\WINDOWS\svx.exe
PRC - [2010.10.06 15:18:18 | 000,244,736 | ---- | M] () -- C:\WINDOWS\vlc.exe
PRC - [2010.10.06 15:14:39 | 000,246,272 | ---- | M] () -- C:\WINDOWS\svc.exe
PRC - [2010.10.06 15:14:19 | 000,274,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\fFollower.exe
PRC - [2010.10.06 13:20:03 | 000,131,072 | ---- | M] (Microsoft) -- C:\Dokumente und Einstellungen\Bro\Anwendungsdaten\MSA\mscj.exe
PRC - [2010.10.06 13:19:57 | 000,010,240 | ---- | M] (Microsoft) -- C:\Dokumente und Einstellungen\Bro\Anwendungsdaten\MSA\mscjm.exe
O4 - HKLM..\Run: [binfix7080010000.exe] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\binfix7080010000.exe ()
O4 - HKLM..\Run: [C:\DOKUME~1\Bro\LOKALE~1\Temp\ope21.exe ] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\ope21.exe ()
O4 - HKLM..\Run: [C:\DOKUME~1\Bro\LOKALE~1\Temp\ope33.exe ] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\ope33.exe ()
O4 - HKLM..\Run: [C:\DOKUME~1\Bro\LOKALE~1\Temp\ope4C.exe ] C:\Dokumente und Einstellungen\Bro\Lokale Einstellungen\Temp\ope4C.exe ()
O4 - HKLM..\Run: [C:\WINDOWS\TEMP\ope11.exe ] C:\WINDOWS\Temp\ope11.exe ()
O4 - HKLM..\Run: [C:\WINDOWS\TEMP\ope44.exe ] C:\WINDOWS\Temp\ope44.exe ()
[2010.10.06 15:19:53 | 000,116,224 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\vtustr.dll
[2010.10.06 15:14:42 | 000,108,032 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\effcdd.dll
Bei folgenden Datein bin ich mir nicht sicher. Sie wurden am gleichen Tag geändert / erstellt: Zitat:
|
|
| Themen zu Virus + Trojaner ( TR/Crypt.XPACK.Gen3 ?) |
| 0x00000001, 32-bit, abgesicherter modus funktioniert nicht, aufrufe, bho, bonjour, components, device driver, error, excel, firefox, firefox.exe, flash player, funktioniert nicht mehr, home, homepage, iastor.sys, indesign, location, logfile, microsoft office word, monitor.exe, mozilla, mozilla thunderbird, oldtimer, plug-in, realtek, registry, routine, rundll, saver, scan, searchplugins, security, service pack 1, shell32.dll, software, start von windows, starten, starten., svchost.exe, system restore, taskmanager, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, unerwarteter fehler, usb, virus, virus/trojaner, windows |
Linear-Darstellung
