| |
| |||||||
Log-Analyse und Auswertung: € 50,- Trojaner und Windws XPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.02.2012, 07:52
| #1 |
| |  € 50,- Trojaner und Windws XP Hallo, auch ich habe mir den sogenannten 50,-€ Trojaner eingefangen. OTL Scan ist ausgeführt, hier die Log-Files: OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.02.2012 07:31:58 - Run 1 OTL by OldTimer - Version 3.2.33.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,04 Mb Total Physical Memory | 619,02 Mb Available Physical Memory | 60,51% Memory free 2,41 Gb Paging File | 2,08 Gb Available in Paging File | 86,51% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,78 Gb Total Space | 3,32 Gb Free Space | 5,95% Space Free | Partition Type: NTFS Drive D: | 55,89 Gb Total Space | 46,62 Gb Free Space | 83,42% Space Free | Partition Type: NTFS Computer Name: QOSMIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Herbert\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Microsoft\saletoc.exe () PRC - C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe (TOSHIBA Corp.) PRC - C:\Programme\Toshiba\TOSHIBA RAID\Console\kraidman.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) PRC - C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) PRC - C:\Programme\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Microsoft\saletoc.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll () MOD - C:\WINDOWS\system32\encdec.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\WINDOWS\system32\mpg2splt.ax () MOD - C:\WINDOWS\system32\vbicodec.ax () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () MOD - C:\WINDOWS\system32\TosHidAPI.dll () MOD - C:\WINDOWS\system32\TosCommAPI.dll () ========== Win32 Services (SafeList) ========== SRV - (NetTcpPortSharing) -- File not found SRV - (de_serv) -- File not found SRV - ( 11Fßä#·ºÄÖ`I) -- File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (Viewpoint Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (kraidsvc) -- C:\Programme\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION) DRV - (ttv200x) -- C:\WINDOWS\system32\drivers\ttv200x.sys (TOSHIBA) DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\Tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKLM\..\URLSearchHook: {B7A98462-DCAE-3EAB-3DD8-2CFD03210DA0} - SOFTWARE\Classes\CLSID\{B7A98462-DCAE-3EAB-3DD8-2CFD03210DA0}\InprocServer32 File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Class) - {52C881AE-E0BB-A519-E212-711BD6265712} - C:\WINDOWS\d3la32.dll File not found O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Class) - {6324094F-2875-EF02-7B79-E44ABD6291EB} - C:\WINDOWS\system32\sdkuq.dll File not found O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - No CLSID value found. O2 - BHO: (Class) - {9002785F-0FF6-6774-D6A1-0DFD53757E34} - C:\WINDOWS\system32\apiqo.dll File not found O2 - BHO: (Class) - {A0C52FB2-ADA0-FBFA-A397-D19AA1AFF234} - C:\WINDOWS\system32\atlca.dll File not found O2 - BHO: (Class) - {B7A98462-DCAE-3EAB-3DD8-2CFD03210DA0} - C:\WINDOWS\system32\ipam.dll File not found O2 - BHO: (Class) - {BF9FD1DE-F8B7-0B90-C8C8-E057F3E59535} - C:\WINDOWS\system32\netcp.dll File not found O2 - BHO: (Class) - {C0E37CC3-72DE-0D9D-FC4E-8DF8BB4A674A} - C:\WINDOWS\system32\d3nd.dll File not found O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (Class) - {E6A72EF0-3235-8BD6-C66C-9125C3686A14} - C:\WINDOWS\wineo32.dll File not found O2 - BHO: (Class) - {F026EABE-F0E6-C6C9-A5B5-AE5905B7958E} - C:\WINDOWS\d3ew32.dll File not found O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe () O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [apiqz.exe] C:\WINDOWS\apiqz.exe File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ipok.exe] C:\WINDOWS\system32\ipok.exe File not found O4 - HKLM..\Run: [Kraidman] C:\Programme\Toshiba\TOSHIBA RAID\Console\kraidman.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [mssa32.exe] C:\WINDOWS\system32\mssa32.exe File not found O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [TOSHIBA Picture Enhancement] C:\Programme\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [TosHKCW.exe] C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TouchED] C:\Programme\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [{A95DF38B-3294-11DA-9912-806D6172696F}] C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Microsoft\saletoc.exe () O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [Windows installer] C:\winstall.exe File not found O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; Media Center PC 3.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.cartoonnetwork.de/show/star-wars-the-clone-wars/games/der-pfad-des-jedi" File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} https://popssl.gfd.de/download/dolcontrol.cab (LotusDRSControl Class) O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://popssl.gfd.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab (FlashXControl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E72B618-0DD8-4A67-8E22-56FB2F92EE8B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.02.17 08:39:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.08.22 15:09:21 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{f96babb0-7dd6-11de-9e96-000e7bb6c171}\Shell - "" = AutoRun O33 - MountPoints2\{f96babb0-7dd6-11de-9e96-000e7bb6c171}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f96babb0-7dd6-11de-9e96-000e7bb6c171}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Dokumente und Einstellungen\Herbert\Desktop\CA7AMDVR. [2012.02.19 07:24:55 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herbert\Desktop\OTL.exe [2012.02.18 07:00:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.01.28 07:08:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.01.28 06:56:18 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2012.01.28 06:54:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Dokumente und Einstellungen\Herbert\Desktop\CA7AMDVR. [2012.02.19 07:31:14 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.19 07:28:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.02.19 07:28:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.19 07:28:00 | 000,017,549 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.02.19 07:27:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.02.19 07:27:53 | 1072,807,936 | -HS- | M] () -- C:\hiberfil.sys [2012.02.19 07:24:56 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herbert\Desktop\OTL.exe [2012.02.18 09:59:57 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.18 09:58:39 | 000,463,288 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.02.18 09:58:39 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.02.18 09:58:39 | 000,086,142 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.02.18 09:58:39 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.02.18 09:47:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.02.18 06:47:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.29 09:07:33 | 000,206,367 | ---- | M] () -- C:\Dokumente und Einstellungen\Herbert\Desktop\ot-boot2012-308683838517786735600052.pdf [2012.01.28 07:08:13 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.01.26 04:38:19 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk [2012.01.22 23:46:04 | 023,370,178 | ---- | M] () -- C:\Dokumente und Einstellungen\Herbert\Desktop\Katalog Trem 2012.pdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.19 06:55:15 | 1072,807,936 | -HS- | C] () -- C:\hiberfil.sys [2012.02.18 06:47:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.17 22:27:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.17 22:27:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.01.29 09:07:33 | 000,206,367 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Desktop\ot-boot2012-308683838517786735600052.pdf [2012.01.28 07:08:13 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.01.22 23:46:02 | 023,370,178 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Desktop\Katalog Trem 2012.pdf [2010.04.04 11:08:33 | 000,045,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008.12.30 18:13:14 | 000,137,196 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2008.08.20 14:45:46 | 000,020,270 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceInstaller.xml [2008.07.29 23:55:13 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2007.11.10 17:19:15 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.05.17 18:49:29 | 000,051,314 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate [2006.05.27 06:18:07 | 000,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.10.23 23:02:26 | 000,015,186 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\wklnhst.dat [2005.10.01 17:19:13 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2006.02.06 22:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OLYMPUS [2009.04.25 11:03:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.06.05 07:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2010.04.01 03:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2005.12.10 11:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\FRITZ! [2005.10.01 17:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\InterVideo [2005.12.10 11:12:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Opera [2007.06.24 18:28:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\ScummVM [2008.08.20 20:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\toshiba [2009.04.25 11:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Viewpoint [2009.07.31 14:41:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Vodafone ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\TOSHIBA Satellite 1440x900.bmp:odsosl @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\ODBC.INI:uculdt @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\ocgen.log:fkebdq @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\KB885836.log:ppbdvf @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\_default.pif:yassch @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\_default.pif:pxvhbm @Alternate Data Stream - 197761 bytes -> C:\WINDOWS\TcdsASC2.ini:vchbyb @Alternate Data Stream - 197761 bytes -> C:\WINDOWS\ntbtlog.txt:cbbxbi @Alternate Data Stream - 197761 bytes -> C:\WINDOWS\msmqinst.log:ujmojf @Alternate Data Stream - 197761 bytes -> C:\WINDOWS\KB873339.log:xoqytv @Alternate Data Stream - 197761 bytes -> C:\WINDOWS\_default.pif:weduzc @Alternate Data Stream - 197761 bytes -> C:\WINDOWS\_default.pif:gzzeif @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\SYMEVENT.LOG:lkpwey @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\msmqinst.log:jajshy @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\MedCtrOC.log:cqbihd @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\_default.pif:nzpznu @Alternate Data Stream - 13581 bytes -> C:\WINDOWS\_default.pif:edkofr < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.02.2012 07:31:58 - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,04 Mb Total Physical Memory | 619,02 Mb Available Physical Memory | 60,51% Memory free
2,41 Gb Paging File | 2,08 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,78 Gb Total Space | 3,32 Gb Free Space | 5,95% Space Free | Partition Type: NTFS
Drive D: | 55,89 Gb Total Space | 46,62 Gb Free Space | 83,42% Space Free | Partition Type: NTFS
Computer Name: QOSMIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Herbert\Desktop\SweetImSetup.exe" = C:\Dokumente und Einstellungen\Herbert\Desktop\SweetImSetup.exe:*:Enabled:SweetIM Installer
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Benutzerhandbücher
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{3E6FA9D9-D4CA-492B-AE98-83A2D853A355}" = TOSHIBA RAID Dienstprogramm
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3F6A5F11-EC99-44DD-A27E-C5C61E47CE48}" = TIxx21/x515
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{47DC4B39-B1F6-498A-AFFE-E78FDAF34D1F}" = TOSHIBA Picture Enhancement
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{822536A7-080B-4308-A34F-B0A97ABE0858}" = MpegDJ Encoder
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect Lite
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7646-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVMFBox" = FRITZ!Box
"BearShare" = BearShare
"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000
"Casino-Club Deutsch" = Casino-Club Deutsch
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EH_Bew_Engl" = Die besten Bewerbungsmuster - Englisch
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3F6A5F11-EC99-44DD-A27E-C5C61E47CE48}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"kim Possible" = kim Possible Screen Saver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Mayspies Print Designer_is1" = Mayspies Print Designer V1.3
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MpegDJ GoWave!" = MpegDJ GoWave!
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera" = Opera
"PartyPoker" = PartyPoker
"PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool
"PDFCreator Toolbar" = PDFCreator Toolbar
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Power Saver" = TOSHIBA Power Saver
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Runtime" = Haufe Runtime
"ScummVM_is1" = ScummVM 0.10.0
"Shockwave" = Shockwave
"TDspBtn" = TOSHIBA Utility zum Bildschirmwechsel
"TFNF5" = TOSHIBA Hotkey Utility für Anzeigegeräte
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA Touchpad Ein/Aus Utility V2.05.00
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2005Setup" = Setup-Start von Microsoft Works 2005
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.02.2012 02:26:30 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 18.02.2012 04:40:25 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 18.02.2012 04:42:33 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 18.02.2012 05:00:16 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 18.02.2012 05:13:11 | Computer Name = QOSMIO | Source = nview_info | ID = 11141121
Description =
Error - 19.02.2012 01:02:24 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 19.02.2012 01:55:29 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 19.02.2012 02:11:45 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 19.02.2012 02:28:08 | Computer Name = QOSMIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 19.02.2012 02:31:09 | Computer Name = QOSMIO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.33.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 18.02.2012 01:53:45 | Computer Name = QOSMIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom WS2IFSL
Error - 18.02.2012 01:54:40 | Computer Name = QOSMIO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 18.02.2012 01:54:53 | Computer Name = QOSMIO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 18.02.2012 02:00:45 | Computer Name = QOSMIO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 18.02.2012 02:01:56 | Computer Name = QOSMIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
eeCtrl Fips intelppm Tosrfcom
Error - 18.02.2012 02:02:33 | Computer Name = QOSMIO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 18.02.2012 02:25:15 | Computer Name = QOSMIO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 19.02.2012 01:50:28 | Computer Name = QOSMIO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 19.02.2012 01:51:33 | Computer Name = QOSMIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
eeCtrl Fips intelppm Tosrfcom
Error - 19.02.2012 01:54:17 | Computer Name = QOSMIO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
Danke vorab für die Unterstützung. Gruß |
| Themen zu € 50,- Trojaner und Windws XP |
| 0x00000001, adobe, adobe flash player, alternate, bho, bonjour, canon, dsl, einstellungen, error, explorer, fehler, format, google earth, homepage, intranet, launch, logfile, m.exe, mdm.exe, microsoft, nvidia, object, plug-in, registry, rundll, scan, secure, software, symantec, thotkey.exe, trojaner, udp, version=1.0, vodafone, windows internet |
Baum-Darstellung