Schorsch En Hesse | 20.08.2010 15:26 | Hallo,
ich habe jetzt die Logfiles. Zunächst Malwarebytes:
[code]
HiJackthis Logfile: Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:30, on 20.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\Programme\Funkwerk Secure IPSec Client\ncpclcfg.exe
C:\Programme\Funkwerk Secure IPSec Client\ncprwsnt.exe
C:\Programme\Funkwerk Secure IPSec Client\ncpsec.exe
C:\Programme\Funkwerk Secure IPSec Client\rwsrsu.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programme\Funkwerk Secure IPSec Client\NcpBudgetGui.exe
C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\BitDefender\BitDefender 2009\seccenter.exe
D:\Dateien von XXX\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NcpBudgetGui] "C:\Programme\Funkwerk Secure IPSec Client\NcpBudgetGui.exe" -start
O4 - HKLM\..\Run: [NcpPopup] "C:\Programme\Funkwerk Secure IPSec Client\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: h**p://*.update.microsoft.com
O15 - Trusted Zone: h**p://download.windowsupdate.com
O15 - Trusted Zone: h**p://*.windowsupdate.com
O15 - Trusted Zone: h**p://download.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{231973D8-E8BD-4E3A-A7FB-A37B2499966A}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2AE8DAF-7E47-4CBE-9CDF-3ADD22455E8F}: NameServer = 192.168.2.1
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: i5postgres_port_5433 - PostgreSQL Global Development Group - H:/REACH/IUCLID5/Programm/postgres/bin/pg_ctl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Programme\Funkwerk Secure IPSec Client\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Programme\Funkwerk Secure IPSec Client\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Programme\Funkwerk Secure IPSec Client\ncpsec.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Programme\Funkwerk Secure IPSec Client\rwsrsu.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 6752 bytes --- --- ---
und dann OTL.txt
OTL Logfile: Code:
OTL logfile created on: 20.08.2010 15:15:36 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = D:\Dateien von XXX
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 662,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,18 Gb Total Space | 11,62 Gb Free Space | 34,00% Space Free | Partition Type: NTFS
Drive D: | 5,18 Gb Total Space | 1,06 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Drive E: | 5,08 Gb Total Space | 0,50 Gb Free Space | 9,81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 182,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 18,61 Gb Total Space | 17,04 Gb Free Space | 91,56% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: DENAUE
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - D:\Dateien von XXX\OTL.exe (OldTimer Tools)
PRC - C:\Programme\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Programme\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Programme\Funkwerk Secure IPSec Client\NcpBudgetGui.exe ()
PRC - C:\Programme\Funkwerk Secure IPSec Client\NCPRWSNT.EXE (NCP Engineering GmbH)
PRC - C:\Programme\Funkwerk Secure IPSec Client\ncpclcfg.exe (NCP engineering GmbH)
PRC - C:\Programme\Funkwerk Secure IPSec Client\rwsrsu.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAGENT.EXE (MicroWorld Technologies Inc.)
PRC - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Funkwerk Secure IPSec Client\NCPSEC.EXE ()
========== Modules (SafeList) ==========
MOD - D:\Dateien von XXX\OTL.exe (OldTimer Tools)
MOD - C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File not found
SRV - (VSSERV) -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (LIVESRV) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (scan) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe ()
SRV - (ncprwsnt) -- C:\Programme\Funkwerk Secure IPSec Client\NCPRWSNT.EXE (NCP Engineering GmbH)
SRV - (ncpclcfg) -- C:\Programme\Funkwerk Secure IPSec Client\ncpclcfg.exe (NCP engineering GmbH)
SRV - (rwsrsu) -- C:\Programme\Funkwerk Secure IPSec Client\rwsrsu.exe ()
SRV - (i5postgres_port_5433) -- H:\REACH\IUCLID5\Programm\postgres\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (MWAgent) -- C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (NcpSec) -- C:\Programme\Funkwerk Secure IPSec Client\NCPSEC.EXE ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
========== Driver Services (SafeList) ==========
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Trufos) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Profos) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (ncpvaxp) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFiltMP) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFilt) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (ACEDRV09) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Bonifay) -- C:\WINDOWS\system32\drivers\Bonifay.sys (Freecom)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (NETFRITZ) -- C:\WINDOWS\system32\drivers\NETFRITZ.SYS (AVM Berlin)
DRV - (AVMPORT) -- C:\WINDOWS\System32\drivers\avmport.sys (AVM Berlin)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///c:/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\FFToolbar\ [2009.11.26 21:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Browser\Firefox\components [2009.11.05 09:47:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Browser\Firefox\plugins [2009.11.05 09:47:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\tbextension\ [2009.07.14 23:05:54 | 000,000,000 | ---D | M]
[2009.01.12 22:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2009.09.30 21:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\t8lwc3lk.default\extensions
[2009.09.30 21:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\t8lwc3lk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O1 HOSTS File: ([2004.08.16 20:16:51 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\Funkwerk Secure IPSec Client\NcpBudgetGui.exe ()
O4 - HKLM..\Run: [NcpPopup] C:\Programme\Funkwerk Secure IPSec Client\ncppopup.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebyte Anti-MalWare\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.04.22 11:15:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.06.17 06:16:00 | 000,368,128 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.17 06:16:00 | 000,000,049 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.08.20 13:05:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes
[2010.08.20 13:04:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.20 13:04:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.20 13:04:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.20 13:04:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebyte Anti-MalWare
[2010.08.20 12:29:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- D:\Dateien von XXX\OTL.exe
[2010.08.20 12:25:50 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- D:\Dateien von XXX\mbam-setup.exe
[2010.08.20 09:53:42 | 000,000,000 | ---D | C] -- D:\Dateien von XXX\HJT
[2010.08.07 16:32:30 | 000,186,592 | ---- | C] (Jungo) -- C:\WINDOWS\System32\drivers\windrvr6.sys
[2005.04.22 14:57:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2005.04.22 11:53:11 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[261 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.08.20 15:14:37 | 000,000,406 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.lnk
[2010.08.20 12:29:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Dateien von XXX\OTL.exe
[2010.08.20 12:25:53 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- D:\Dateien von XXX\mbam-setup.exe
[2010.08.20 10:06:08 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXX\NTUSER.DAT
[2010.08.20 10:06:08 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXX\ntuser.ini
[2010.08.20 07:35:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.20 00:26:25 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010.08.20 00:26:12 | 000,260,096 | ---- | M] () -- D:\Dateien von XXX\A Fr neu.doc
[2010.08.18 23:36:46 | 000,258,560 | ---- | M] () -- D:\Dateien von XXX\Sicherungskopie von A Fr neu.wbk
[2010.08.15 10:40:13 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.08.15 00:32:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.11 17:54:10 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.11 17:52:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.07 16:32:25 | 000,186,592 | ---- | M] (Jungo) -- C:\WINDOWS\System32\drivers\windrvr6.sys
[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.07.21 23:16:54 | 004,729,070 | ---- | M] () -- D:\Dateien von XXX\cam2pc-free.exe
[261 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.20 15:13:33 | 000,000,406 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.lnk
[2010.08.03 11:28:28 | 000,000,769 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\ElsterFormular.lnk
[2010.08.03 11:19:17 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.07.21 23:16:53 | 004,729,070 | ---- | C] () -- D:\Dateien von XXX\cam2pc-free.exe
[2009.02.25 14:22:57 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008.12.10 09:51:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008.10.09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008.07.14 07:34:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007.05.10 22:45:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2007.01.30 10:40:28 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[2007.01.30 10:40:27 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[2006.12.07 11:29:11 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006.10.27 21:33:46 | 000,000,355 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006.03.17 13:55:06 | 000,000,456 | ---- | C] () -- C:\Programme\INSTALL.LOG
[2006.02.16 12:13:34 | 000,003,195 | ---- | C] () -- C:\WINDOWS\tm.ini
[2005.12.22 21:33:29 | 000,011,264 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.04.24 23:08:16 | 000,000,236 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.04.22 15:08:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005.04.22 14:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005.04.22 14:58:23 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005.04.22 14:57:06 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005.04.22 14:57:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.04.22 14:57:05 | 000,060,928 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2005.04.22 14:57:05 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005.04.22 14:41:39 | 000,000,184 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.04.22 14:35:19 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.04.22 11:53:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.09.22 20:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.08.16 20:26:01 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004551_.tmp.dll
[2004.08.16 20:18:19 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004583_.tmp.dll
< End of report > --- --- ---
und noch Extras.txt
OTL Logfile: Code:
OTL Extras logfile created on: 20.08.2010 15:15:36 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = D:\Dateien von XXX
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 662,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,18 Gb Total Space | 11,62 Gb Free Space | 34,00% Space Free | Partition Type: NTFS
Drive D: | 5,18 Gb Total Space | 1,06 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Drive E: | 5,08 Gb Total Space | 0,50 Gb Free Space | 9,81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 182,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 18,61 Gb Total Space | 17,04 Gb Free Space | 91,56% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: DENAUE
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Browser\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Browser\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Programme\Browser\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE" = C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent -- (MicroWorld Technologies Inc.)
"C:\PROGRA~1\GEMEIN~1\MICROW~1\eScanRAD\ESCANRAD.EXE" = C:\PROGRA~1\GEMEIN~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE" = C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent -- (MicroWorld Technologies Inc.)
"C:\PROGRA~1\GEMEIN~1\MICROW~1\eScanRAD\ESCANRAD.EXE" = C:\PROGRA~1\GEMEIN~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool -- File not found
"C:\Programme\Funkwerk Secure IPSec Client\NCPMON.exe" = C:\Programme\Funkwerk Secure IPSec Client\NCPMON.exe:*:Disabled:ncpmon.exe -- (NCP engineering GmbH)
"C:\Programme\Colormailer\ColorMailer Photobücher\Editor.exe" = C:\Programme\Colormailer\ColorMailer Photobücher\Editor.exe:*:Enabled:Editor -- File not found
"C:\Programme\Browser\Opera\opera.exe" = C:\Programme\Browser\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46E0C50A-1F67-46B9-B4A6-B153245ECFE7}" = BitDefender Total Security 2009
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{AA52E3D6-E486-4628-9C40-54E1F7583B53}" = Riven
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}" = Crazy Machines - Neues aus dem Labor
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DF18FC19-CC69-495C-AB4C-169125272156}" = WebEx-Support-Manager für Mozilla Firefox/Netscape Navigator
"{E8D9D05C-0EF5-436D-BD1A-A8310DE7E154}" = Colormailer Photo Service
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F354F255-CD79-438C-B0CC-106665D0A2AB}" = IUCLID5
"{F959B396-6E53-4B2D-88AF-5B65FAF9F4D5}" = BitDefender Total Security 2009
"3D-Labyrinth" = 3D-Labyrinth 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"Celestia_is1" = Celestia 1.3.2
"Crazy Matrix_is1" = Crazy Matrix V2.2
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ElsterFormular 11.3.0.4235" = ElsterFormular
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Freecom Personal Media Suite_is1" = Freecom Personal Media Suite 1.21
"FRITZ! 2.0" = AVM FRITZ!
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"NCP RWS/GA" = FEC Secure IPSec Client
"PartitionExpert" = Acronis*PartitionExpert
"QuickTime" = QuickTime
"Stellarium_is1" = Stellarium 0.9.1
"U.B. Funkeys" = U.B. Funkeys
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.10
"WinGTK-2_is1" = GTK+ 2.8.9 runtime environment
"WinRAR archiver" = WinRAR Archivierer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.06.2009 02:25:53 | Computer Name = DENAUE | Source = .NET Runtime | ID = 0
Description =
Error - 22.06.2009 02:28:11 | Computer Name = DENAUE | Source = .NET Runtime | ID = 0
Description =
Error - 22.06.2009 02:28:11 | Computer Name = DENAUE | Source = .NET Runtime | ID = 0
Description =
Error - 09.07.2009 04:28:33 | Computer Name = DENAUE | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
faulting module winword.exe, version 11.0.5604.0, stamp 3f314a2f, debug? 0, fault
address 0x00068dd6.
Error - 09.07.2009 10:03:32 | Computer Name = DENAUE | Source = .NET Runtime | ID = 0
Description =
Error - 14.07.2009 16:29:07 | Computer Name = DENAUE | Source = Ci | ID = 4124
Description = Der Inhaltsindex auf c:\system volume information\catalog.wci ist
beschädigt. Fahren Sie den Indexdienst (cisvc) herunter, und starten Sie ihn erneut.
Error - 14.07.2009 16:29:07 | Computer Name = DENAUE | Source = Ci | ID = 4126
Description = Die Metadaten des Inhaltsindex auf c:\system volume information\catalog.wci
werden aufgeräumt. Wiederherstellen des Indexes erfolgt automatisch durch erneutes
Filtern aller Dokumente.
Error - 14.07.2009 17:04:47 | Computer Name = DENAUE | Source = MsiInstaller | ID = 11704
Description = Produkt: BitDefender Total Security 2009 -- Fehler 1704. Eine Installation
von BitDefender Total Security 2009 ist im Augenblick unterbrochen. Sie müssen
die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie
den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig machen?
Error - 14.07.2009 17:15:52 | Computer Name = DENAUE | Source = Arrakis3 | ID = 131073
Description = An error has occurred (StartServiceCtrlDispatcher failed with 997).
Error - 18.07.2009 01:11:40 | Computer Name = DENAUE | Source = .NET Runtime | ID = 0
Description =
[ System Events ]
Error - 15.08.2010 16:57:15 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 16.08.2010 05:07:27 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 16.08.2010 16:20:17 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 17.08.2010 02:03:48 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 17.08.2010 16:29:36 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 18.08.2010 02:55:58 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 18.08.2010 16:06:21 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 19.08.2010 01:57:02 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 19.08.2010 17:21:02 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 20.08.2010 01:36:35 | Computer Name = DENAUE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
< End of report > --- --- ---
Danke fürs Drüberschauen!
Gruß, Schorsch |