| |  Vermutung auf Trojaner - eventuell Rootkit
 Hallo an alle Board-Helfer,
ich habe hier einen Rechner der folgende Symptome zeigt:
1. Der AVG (Business) Antivirus ist der residente Schutz deaktiviert und lässt sich auch nicht aktivieren
2. MBAM startet, scannt aber nicht, auch nicht im abgesicherten Modus
3. Super Anti Spyware startet nur im abgesicherten Modus
4. Gmer bricht den Scan ab und beendet sich nch ca. 20 sek
5. Im Windows Verzeichnis ist eine Datei "563253144" mit null Byte Größe die auch als Prozess gestartet ist (auch im abgesicherten Modus).
Im Task Manager taucht sie als 1563253144:1738486146.exe mit 472k Größe auf. Ich kann sie nicht beenden und die Datei nicht löschen.
Der Rechner wurde vorher von jemand anderem mit Antivirenprogrammen bearbeitet, dabei wurden 24 Viren/Schadprogramme entfernt, leider ist mir nicht bekannt welche.
Der Rechner ist ein Firmenrechner auf dem mit AutoCAD gezeichnet wird. Da in das AutoCAD zahlreiche Erweiterungen und Anpassungen eingeklinkt wurden soll möglichst auf ein neu aufsetzen verzichtet werden. Onlinebanking wird im gesamten Netzwerk nicht gemacht. OTL.txt Zitat:
OTL logfile created on: 26.09.2011 10:16:42 - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = K:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,74 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 63,27% Memory free
4,03 Gb Paging File | 3,52 Gb Available in Paging File | 87,23% Paging File free
Paging file location(s): d:\pagefile.sys 2500 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 183,09 Gb Total Space | 154,50 Gb Free Space | 84,39% Space Free | Partition Type: NTFS
Drive D: | 244,17 Gb Total Space | 233,72 Gb Free Space | 95,72% Space Free | Partition Type: NTFS
Drive E: | 504,25 Gb Total Space | 493,19 Gb Free Space | 97,81% Space Free | Partition Type: NTFS
Drive K: | 14,91 Gb Total Space | 5,69 Gb Free Space | 38,17% Space Free | Partition Type: FAT32
Computer Name: PC-5 | User Name: 1-PC-5 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found -- C:\WINDOWS\1563253144:1738986146.exe
PRC - [2011.09.13 16:07:32 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2011.08.31 18:23:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2010.09.20 15:22:39 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.08.25 18:16:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.08.25 18:16:19 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgam.exe
PRC - [2010.08.25 18:16:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.04.30 10:06:27 | 000,816,320 | ---- | M] (ActFax Communication) -- C:\Programme\ActiveFax\Client\ActFaxClient.exe
PRC - [2010.04.16 09:22:16 | 005,206,824 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer.exe
PRC - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.02.25 07:14:14 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.02.25 07:14:12 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007.01.26 01:11:54 | 000,790,528 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
PRC - [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003.05.08 13:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE2.0\opwareSE2.exe
========== Modules (No Company Name) ==========
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.06.20 19:39:48 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008.06.20 19:39:48 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006.10.26 22:30:12 | 000,131,072 | ---- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll
MOD - [2005.07.20 04:53:04 | 000,966,765 | ---- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\acAuth.dll
MOD - [2004.08.04 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] () [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.08.25 18:16:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.04.30 09:55:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.02.25 07:14:14 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.02.25 07:14:12 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.12.16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008.10.09 09:40:27 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011.09.13 16:07:31 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.06 08:37:06 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.08.25 18:17:08 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.08.25 18:17:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.02.08 12:15:44 | 005,860,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.01.21 16:11:12 | 000,202,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.12.09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.09.17 06:54:14 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.08.20 08:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009.06.22 10:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.03.13 11:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2008.05.15 03:24:32 | 000,171,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007.01.29 21:15:26 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006.11.22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.08.04 14:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001.08.17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "NCH DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10
FF - prefs.js..keyword.URL: "hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_de&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2011.09.13 16:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.07 10:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.07 10:54:24 | 000,000,000 | ---D | M]
[2008.10.09 08:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\1-PC-5\Anwendungsdaten\Mozilla\Extensions
[2011.09.07 10:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\1-PC-5\Anwendungsdaten\Mozilla\Firefox\Profiles\p8befy6f.default\extensions
[2011.04.05 13:26:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\1-PC-5\Anwendungsdaten\Mozilla\Firefox\Profiles\p8befy6f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.07 10:54:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\1-PC-5\Anwendungsdaten\Mozilla\Firefox\Profiles\p8befy6f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.08.26 10:47:52 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Dokumente und Einstellungen\1-PC-5\Anwendungsdaten\Mozilla\Firefox\Profiles\p8befy6f.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2010.12.30 18:30:10 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\1-PC-5\Anwendungsdaten\Mozilla\Firefox\Profiles\p8befy6f.default\searchplugins\conduit.xml
[2011.09.07 10:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.13 11:59:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.09.23 08:20:19 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ActiveFax Client] C:\Programme\ActiveFax\Client\ActFaxClient.exe (ActFax Communication)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK USB Wireless LAN Utility.lnk = C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.100
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\1-PC-5\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\1-PC-5\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.09 08:41:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.03.17 15:13:30 | 000,102,400 | ---- | M] () - D:\AutoCAD-Architecture-2008-keygen.exe -- [ NTFS ]
O33 - MountPoints2\##server#ARCHIV#windows#offline_update#ctupdate50#client\Shell - "" = AutoRun
O33 - MountPoints2\##server#ARCHIV#windows#offline_update#ctupdate50#client\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##server#ARCHIV#windows#offline_update#ctupdate50#client\Shell\AutoRun\command - "" = Z:\UpdateInstaller.exe
O33 - MountPoints2\{645a2be9-9ffd-11dd-a34a-000fea390268}\Shell - "" = AutoRun
O33 - MountPoints2\{645a2be9-9ffd-11dd-a34a-000fea390268}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{645a2be9-9ffd-11dd-a34a-000fea390268}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{6c76d711-da07-11e0-b124-d02788322824}\Shell\AutoRun\command - "" = K:\Menu.exe
O33 - MountPoints2\{fcf558b2-fc12-11dd-a398-000fea390268}\Shell\AutoRun\command - "" = G:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.09.22 15:38:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\1-PC-5\DoctorWeb
[2011.09.22 10:32:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\1-PC-5\Anwendungsdaten\SUPERAntiSpyware.com
[2011.09.22 10:31:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2011.09.22 10:31:51 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.09.22 10:30:57 | 012,585,160 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2011.09.22 10:18:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2011.09.22 10:18:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.09.22 08:18:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.09.22 08:18:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.09.22 08:18:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.09.21 12:42:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.09.21 12:26:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2011.09.21 12:19:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.09.21 08:15:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.09.20 14:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2011.09.19 17:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2011.09.19 17:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2011.09.19 16:16:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pI04903PjJpL04903
[2011.09.15 16:10:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\1-PC-5\IECompatCache
[2011.09.15 16:08:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\1-PC-5\PrivacIE
[2011.09.15 16:07:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\1-PC-5\IETldCache
[2011.09.15 16:05:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.09.15 16:03:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.09.15 15:55:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011.09.15 15:55:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011.09.15 15:55:06 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011.09.15 15:55:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011.09.15 15:55:05 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011.09.15 13:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\1-PC-5\Eigene Dateien\Viptool 11
[2011.08.30 10:10:28 | 000,000,000 | ---D | C] -- C:\Bilder Detlef
[2011.03.15 15:11:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.09.26 10:18:03 | 086,637,674 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011.09.26 10:15:25 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\1-PC-5\defogger_reenable
[2011.09.26 10:14:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.09.26 10:14:25 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.09.26 10:14:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1563253144
[2011.09.26 10:14:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.23 08:20:19 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.09.22 14:12:05 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\1-PC-5\Desktop\Microsoft Office Outlook 2007.lnk
[2011.09.22 10:32:00 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.09.22 10:31:37 | 012,585,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2011.09.22 08:18:25 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 08:06:10 | 000,000,412 | ---- | M] () -- C:\Dokumente und Einstellungen\1-PC-5\Eigene Dateien\sicherung.reg
[2011.09.22 08:02:23 | 000,388,608 | ---- | M] () -- C:\Dokumente und Einstellungen\1-PC-5\Desktop\HisJackThis204.exe
[2011.09.21 14:59:27 | 000,007,500 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2011.09.21 14:45:02 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011.09.20 14:48:39 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.09.19 15:20:33 | 000,001,661 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Viptool Sales 3.lnk
[2011.09.19 15:19:48 | 000,001,640 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Viptool Building 11.lnk
[2011.09.19 15:18:41 | 000,001,965 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Viptool Piping 11 für AutoCAD Architecture 2008.lnk
[2011.09.15 16:05:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.09.15 16:00:41 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.09.13 16:07:31 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.09.26 10:15:25 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\1-PC-5\defogger_reenable
[2011.09.26 08:46:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1563253144
[2011.09.22 10:32:00 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.09.22 08:18:25 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 08:10:52 | 000,286,208 | ---- | C] () -- C:\gmer.exe
[2011.09.22 08:10:32 | 000,286,208 | ---- | C] () -- C:\Dokumente und Einstellungen\1-PC-5\Desktop\gmer.exe
[2011.09.22 08:06:10 | 000,000,412 | ---- | C] () -- C:\Dokumente und Einstellungen\1-PC-5\Eigene Dateien\sicherung.reg
[2011.09.22 08:02:23 | 000,388,608 | ---- | C] () -- C:\Dokumente und Einstellungen\1-PC-5\Desktop\HisJackThis204.exe
[2011.09.20 14:48:38 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.09.19 15:19:48 | 000,001,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Viptool Building 11.lnk
[2011.09.19 15:18:41 | 000,001,965 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Viptool Piping 11 für AutoCAD Architecture 2008.lnk
[2011.09.13 16:06:09 | 000,002,607 | ---- | C] () -- C:\Dokumente und Einstellungen\1-PC-5\Desktop\Microsoft Office Outlook 2007.lnk
[2011.09.07 11:11:33 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011.09.07 11:11:33 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011.09.07 10:54:27 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011.03.22 17:05:37 | 001,017,928 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.03.15 15:17:57 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.03.15 15:11:50 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011.03.15 15:11:50 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011.03.15 15:11:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011.03.15 15:03:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.02.02 13:49:44 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2010.11.25 12:54:48 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.11.22 11:05:59 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010.11.18 10:20:59 | 000,000,623 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009.11.16 11:19:07 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\1-PC-5\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.11.03 11:25:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Buderus.INI
[2009.07.16 13:30:22 | 000,003,090 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2009.07.08 07:39:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.02.13 08:01:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009.01.30 08:24:01 | 000,002,849 | ---- | C] () -- C:\WINDOWS\tm.ini
[2009.01.27 16:04:17 | 000,000,779 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2008.11.17 11:27:07 | 000,000,075 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008.10.29 15:36:08 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\1-PC-5\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.21 07:56:40 | 000,091,923 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008.10.21 07:56:40 | 000,076,956 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008.10.21 07:56:40 | 000,039,121 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008.10.21 07:56:40 | 000,027,965 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_JP.dat
[2008.10.13 15:38:41 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\EPFRM3.DAT
[2008.10.13 11:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008.10.13 08:13:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.13 07:20:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AVAIMP.INI
[2008.10.10 11:32:24 | 000,007,500 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.10.10 11:20:42 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008.10.09 09:32:08 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.09 09:31:01 | 000,427,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.10.09 09:05:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.10.09 08:52:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.10.09 08:43:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.10.09 08:38:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007.07.27 14:00:00 | 000,554,920 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2007.07.27 14:00:00 | 000,504,422 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007.07.27 14:00:00 | 000,115,720 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2007.07.27 14:00:00 | 000,088,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007.07.27 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 02:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002.03.21 16:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.21 14:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002.03.21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002.03.21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002.03.21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002.03.21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002.03.21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002.03.21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[1999.01.23 03:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== Alternate Data Streams ==========
@Alternate Data Stream - 784 bytes -> C:\WINDOWS\1563253144:1738986146.exe
< End of report >
|
Extras.TXT Zitat:
OTL Extras logfile created on: 26.09.2011 09:46:30 - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = K:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,74 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 84,75% Memory free
4,04 Gb Paging File | 3,99 Gb Available in Paging File | 98,70% Paging File free
Paging file location(s): d:\pagefile.sys 2500 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 183,09 Gb Total Space | 154,51 Gb Free Space | 84,39% Space Free | Partition Type: NTFS
Drive D: | 244,17 Gb Total Space | 233,72 Gb Free Space | 95,72% Space Free | Partition Type: NTFS
Drive E: | 504,25 Gb Total Space | 493,19 Gb Free Space | 97,81% Space Free | Partition Type: NTFS
Drive K: | 14,91 Gb Total Space | 5,69 Gb Free Space | 38,17% Space Free | Partition Type: FAT32
Computer Name: PC-5 | User Name: 1-PC-5 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate
"C:\Programme\HOAI\EasyBrowse2K2.exe" = C:\Programme\HOAI\EasyBrowse2K2.exe:* isabled:EB.2go -- (EasyBrowse® GmbH)
"C:\Programme\ActiveFax\Client\ActFaxClient.exe" = C:\Programme\ActiveFax\Client\ActFaxClient.exe:*:Enabled:ActiveFax Client -- (ActFax Communication)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\AVG\AVG9\avgdiagex.exe" = C:\Programme\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgam.exe" = C:\Programme\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\hasplms.exe" = C:\WINDOWS\system32\hasplms.exe:*:Enabled:HASP LLM -- (SafeNet Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F1B2A7D-3B05-4842-AF02-9BB9910D9378}" = HP Instant Printing Utility 3.5
"{127D2B62-12CB-4156-878A-622C440C8D4B}" = Viptool Sales 3
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = Sentinel HASP Run-time
"{2C87B4B0-19CB-4789-10B9-415A6FFBA398}" = Viptool Building 8
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-6004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2008 - Deutsch
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AA9FA4B-1218-42D5-8950-C78095DE6273}" = HP Webregistrierung
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6CD099A7-9E10-5B7F-A904-D8888DE52281}" = liNear Updater
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B939B63-2716-4575-B5D5-BF6D4B827398}" = Viptool Building 11
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A06E54AA-6FE5-491B-936D-BED4D831144D}" = Buderus CAD-Browser
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B798130D-C65F-4340-823E-54C37074D6C9}" = Viptool Piping 10
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D350F810-D30D-4133-B747-C9378C2B42A1}" = Viptool Piping 6
"{D68D2422-8A54-44A1-A76B-DA61244E6FEA}" = HP ICC Profiles
"{DA439B84-98F6-4e48-94D3-EF8E56591D67}" = Viptool Building 10
"{DEC4EA11-F15A-4b62-9ED3-E5165C15E0C4}" = Viptool Piping 11
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"ActiveFax" = ActiveFax
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AutoCAD Architecture 2008 - Deutsch" = AutoCAD Architecture 2008 - Deutsch
"AVG9Uninstall" = AVG 9.0
"Buderus CAD-Browser" = Buderus CAD-Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HP Designjet T1100 Printer Series" = HP Designjet T1100 Printer Series
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"liNear Updater" = Viega Online-Update
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"QuickTime" = QuickTime
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"UTAX TA Product Library" = UTAX TA Product Library
"Viptool Building 10" = Viptool Building 10
"Viptool Building 11" = Viptool Building 11
"Viptool Building 8" = Viptool Building 8
"Viptool Piping 10" = Viptool Piping 10
"Viptool Piping 11" = Viptool Piping 11
"Viptool Piping 6" = Viptool Piping 6
"Viptool Sales 3" = Viptool Sales 3
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Die neue HOAI 2009" = Die neue HOAI 2009
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.09.2011 02:00:51 | Computer Name = PC-5 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 22.09.2011 02:00:51 | Computer Name = PC-5 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5D003860F002ED829DEAA41868F788186D62127F.crt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 22.09.2011 04:25:31 | Computer Name = PC-5 | Source = Windows Search Service | ID = 3100
Description = Der Filterhostprozess kann nicht initialisiert werden. Der Vorgang
wird abgebrochen. Details: Der Computer wird heruntergefahren. (0x8007045b)
Error - 22.09.2011 05:45:58 | Computer Name = PC-5 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated
abnormally .
Error - 22.09.2011 05:45:58 | Computer Name = PC-5 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 22.09.2011 08:12:17 | Computer Name = PC-5 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
Error - 22.09.2011 09:30:49 | Computer Name = PC-5 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated
abnormally .
Error - 22.09.2011 09:30:49 | Computer Name = PC-5 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 22.09.2011 09:32:13 | Computer Name = PC-5 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated
abnormally .
Error - 22.09.2011 09:32:13 | Computer Name = PC-5 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
[ OSession Events ]
Error - 02.04.2009 05:37:50 | Computer Name = PC-5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 71
seconds with 60 seconds of active time. This session ended with a crash.
Error - 16.04.2010 01:55:21 | Computer Name = PC-5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2279
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 19.07.2010 01:42:20 | Computer Name = PC-5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2337
seconds with 780 seconds of active time. This session ended with a crash.
Error - 15.09.2010 05:11:51 | Computer Name = PC-5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 15106
seconds with 900 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.09.2011 03:37:23 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 26.09.2011 03:37:23 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 26.09.2011 03:38:01 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 26.09.2011 03:38:01 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 26.09.2011 03:46:00 | Computer Name = PC-5 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 26.09.2011 03:46:45 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.09.2011 03:46:45 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.09.2011 03:46:45 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.09.2011 03:46:45 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.09.2011 03:46:45 | Computer Name = PC-5 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip
< End of report >
|
GMER.txt (unvollständig) Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-26 10:33:58
Windows 5.1.2600 Service Pack 2
Running: 93yrv0ln.exe; Driver: C:\DOKUME~1\1-ekh-5\LOKALE~1\Temp\pxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateKey [0x804D7FE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FE2] ZwCreateKey [0x804D7FE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKey [0x804D7FE7]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FE7] ZwOpenKey [0x804D7FE7]
INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D7FFB
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IoReuseIrp + 8B 804EF823 7 Bytes CALL 8A0735F5
.text serial.sys!YwGrqxRxypwc B8936000 31 Bytes [3B, FB, 89, 7D, F8, 0F, 84, ...]
.text serial.sys!YwGrqxRxypwc B8936020 4 Bytes [CA, 56, 83, E1]
.text serial.sys!YwGrqxRxypwc B8936025 82 Bytes [68, 01, 01, 00, 00, F3, AA, ...]
.text serial.sys!MzRioixnVihbluXx + 4F B8936078 53 Bytes [F4, 50, FF, D6, 68, 36, 61, ...]
.text serial.sys!MzRioixnVihbluXx + 85 B89360AE 93 Bytes [15, 0C, 83, 93, B8, 8B, F8, ...]
.text serial.sys!MzRioixnVihbluXx + E3 B893610C 10 Bytes [74, 00, 4E, 00, 61, 00, 6D, ...] {JZ 0x2; DEC ESI; ADD [ECX+0x0], AH; INSD ; ADD [EBP+0x0], AH}
.text serial.sys!MzRioixnVihbluXx + EE B8936117 57 Bytes [00, 00, 00, 5C, 00, 00, 00, ...]
.text serial.sys!MzRioixnVihbluXx + 128 B8936151 5 Bytes [FF, 55, 8B, EC, 56] {CALL [EBP-0x75]; IN AL, DX ; PUSH ESI}
.text ...
.text serial.sys!YwGrqxRxypwc + 3B B89363A3 7 Bytes [FF, 8B, 48, 38, 85, C9, C6]
.text serial.sys!YwGrqxRxypwc + 43 B89363AB 48 Bytes [24, 01, 0F, 84, E8, F7, FF, ...]
.text serial.sys!YwGrqxRxypwc + 74 B89363DC 38 Bytes [93, B8, 83, 26, 00, E9, C5, ...]
.text serial.sys!YwGrqxRxypwc + 9B B8936403 3 Bytes [35, 58, 84]
.text serial.sys!YwGrqxRxypwc + A0 B8936408 18 Bytes JMP B893660F \SystemRoot\system32\DRIVERS\serial.sys (Treiber für serielle Geräte/Microsoft Corporation)
.text ...
? C:\WINDOWS\system32\DRIVERS\serial.sys suspicious PE modification
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xA6CA9000, 0x49379, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xA6CFF224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xA6CFF000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA6B28400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA6BB2C20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA6BB2C20]
.protectÿÿÿÿhardlockunknown last code section [0xA6BB2A00, 0x50CA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA6BB2A00, 0x50CA, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[420] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B4000C
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!GetForegroundWindow 77D1C4AE 5 Bytes JMP 0200000A
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!GetCursorPos 77D1C566 5 Bytes JMP 01FE000A
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!WindowFromPoint 77D1C57E 5 Bytes JMP 01FF000A
.text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoCreateInstance 774F6009 5 Bytes JMP 01FD000A
.text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0273000A
.text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 0274000A
.text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0272000C
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
|
|
26.09.2011, 10:21
Linear-Darstellung
