Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Log-Analyse und Auswertung: Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 12.01.2013, 17:33   #16
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,


meines Wissens nach nicht.

Alt 13.01.2013, 16:02   #17
mersch2332
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Es geht wiedeer nicht, da ich, um ein Konto zu erstellen, Admin sein muss und dafür das Passwort brauche
__________________
Alt 13.01.2013, 19:38   #18
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,


ok, Planänderung.



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
Alt 14.01.2013, 17:49   #19
mersch2332
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Folgendes steht in OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.01.2013 19:49:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 182,58 Mb Available Physical Memory | 35,73% Memory free
1,22 Gb Paging File | 0,90 Gb Available in Paging File | 73,78% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,70 Gb Total Space | 26,26 Gb Free Space | 38,23% Space Free | Partition Type: FAT32
Drive D: | 24,41 Gb Total Space | 15,73 Gb Free Space | 64,43% Space Free | Partition Type: FAT32
Drive F: | 1,86 Gb Total Space | 1,69 Gb Free Space | 90,51% Space Free | Partition Type: FAT
 
Computer Name: ACERMDS | User Name: kinder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.07 17:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL\OTL.exe
PRC - [2007.06.28 07:42:40 | 000,949,376 | ---- | M] (Eset ) -- C:\Programme\ESET\nod32kui.exe
PRC - [2006.06.22 20:28:46 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006.06.22 09:34:14 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.bin
PRC - [2005.09.23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005.04.21 15:11:18 | 000,328,704 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2004.08.11 13:22:52 | 000,065,588 | ---- | M] (SafeNet) -- C:\Programme\Juniper\NetScreen-Remote\SafeCfg.exe
PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.10.07 06:44:12 | 000,561,152 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe
PRC - [2003.09.25 12:41:18 | 000,102,400 | ---- | M] (Nokia Corp.) -- C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
PRC - [2003.09.03 11:36:00 | 000,253,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\CPLBY31.EXE
PRC - [2003.08.05 13:59:54 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.05.16 17:09:34 | 000,509,952 | ---- | M] (Acer) -- C:\Programme\Acer\Notebook Manager\almxptray.exe
PRC - [2003.05.15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003.04.24 16:51:36 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.03.11 13:08:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2003.02.10 14:30:10 | 000,425,984 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
PRC - [2003.01.09 00:05:12 | 000,073,728 | ---- | M] (MyComp) -- C:\Programme\CRW\shwicon.exe
PRC - [2002.12.17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2002.06.21 15:55:56 | 000,208,896 | ---- | M] (The Webshots Corporation) -- C:\Programme\Webshots\WebshotsTray.exe
PRC - [2002.06.03 11:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Programme\ScanSoft\OmniPageSE\opware32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.06.28 07:42:42 | 000,105,528 | ---- | M] () -- C:\Programme\ESET\nod32rui.dll
MOD - [2007.06.28 07:42:42 | 000,060,544 | ---- | M] () -- C:\Programme\ESET\nodshex.dll
MOD - [2007.06.28 07:42:42 | 000,060,472 | ---- | M] () -- C:\Programme\ESET\pr_emon.dll
MOD - [2007.06.28 07:42:42 | 000,052,280 | ---- | M] () -- C:\Programme\ESET\pr_upd.dll
MOD - [2007.06.28 07:42:42 | 000,052,280 | ---- | M] () -- C:\Programme\ESET\pr_imon.dll
MOD - [2007.06.28 07:42:42 | 000,019,512 | ---- | M] () -- C:\Programme\ESET\pr_dmon.dll
MOD - [2006.05.13 05:36:58 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2002.12.17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
MOD - [2001.04.16 16:39:02 | 000,037,808 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
MOD - [1999.05.25 17:45:36 | 000,073,728 | ---- | M] () -- C:\Programme\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2007.06.28 07:42:40 | 000,552,064 | ---- | M] (Eset ) [Auto | Unknown] -- C:\Programme\ESET\nod32krn.exe -- (NOD32krn)
SRV - [2007.04.20 11:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Unknown] -- C:\Programme\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.03.17 11:40:48 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2004.08.11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) [Auto | Unknown] -- C:\Programme\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2004.08.11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) [Auto | Unknown] -- C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2004.08.04 00:57:40 | 000,089,088 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Unknown] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] --  -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\SCHLEI~1.PHY\LOKALE~1\Temp\krdpdre.sys -- (krdpdre)
DRV - File not found [Kernel | System | Unknown] --  -- (i2omgmt)
DRV - File not found [Kernel | Boot | Unknown] -- System32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - File not found [Kernel | System | Unknown] --  -- (Changer)
DRV - [2007.06.28 07:42:42 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007.06.28 07:42:40 | 000,015,424 | ---- | M] () [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2007.05.18 20:37:00 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)
DRV - [2007.02.23 04:29:02 | 000,028,160 | ---- | M] (F5 Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\urvpndrv.sys -- (urvpndrv)
DRV - [2006.11.10 11:15:44 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2006.11.10 11:15:44 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Unknown] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.11.10 11:15:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2006.08.16 10:37:30 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006.05.18 08:48:50 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005.12.15 08:41:22 | 000,010,256 | ---- | M] (F5 Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2005.11.06 14:17:10 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005.06.29 18:21:24 | 000,019,328 | R--- | M] (WideView Technology Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1)
DRV - [2005.04.21 15:06:06 | 000,019,328 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004.10.07 15:37:16 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180)
DRV - [2004.09.06 21:40:04 | 000,018,432 | R--- | M] (Computer & Entertainment, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0)
DRV - [2004.08.11 12:01:40 | 000,119,864 | ---- | M] (SafeNet) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2004.08.04 00:57:40 | 000,089,088 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2004.08.04 00:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.03 23:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004.07.30 13:20:58 | 000,521,786 | ---- | M] (SafeNet) [Kernel | Auto | Unknown] -- C:\WINDOWS\System32\drivers\Crypto.sys -- (Crypto)
DRV - [2003.11.19 15:41:18 | 001,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.11.18 12:01:34 | 000,062,673 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003.09.05 14:35:02 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003.08.07 22:15:06 | 000,404,608 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.08.05 14:51:10 | 000,460,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003.07.10 12:17:18 | 000,006,431 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\acernbm.sys -- (acernbm)
DRV - [2003.07.01 01:53:00 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp)
DRV - [2003.06.19 14:41:00 | 000,064,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.06.03 15:18:58 | 000,039,996 | ---- | M] (SMC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003.04.09 04:24:40 | 000,051,208 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2003.03.12 09:34:00 | 000,030,171 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2003.02.21 11:26:54 | 000,144,480 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2003.02.21 11:25:16 | 000,022,119 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2003.02.21 11:24:56 | 000,222,164 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003.02.21 11:23:14 | 001,149,978 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2001.12.14 16:26:06 | 000,036,188 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\vap.sys -- (DniVap)
DRV - [2001.08.17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Unknown] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.04.13 09:45:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.04.13 09:45:24 | 000,000,000 | ---D | M]
 
[2008.01.13 18:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\Mozilla\Firefox\Profiles\5wytbwa7.default\extensions
[2006.04.13 09:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.02.25 13:25:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2007.08.09 10:41:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007.02.25 13:25:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2007.08.02 08:14:58 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll
[2007.08.02 08:14:58 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll
[2007.08.02 08:15:00 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\myspell.dll
[2007.08.02 08:15:00 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\spellchk.dll
[2007.08.02 08:15:00 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll
[2007.02.22 19:19:00 | 000,165,248 | ---- | M] (F5 Networks) -- C:\Programme\mozilla firefox\plugins\NPuroamHost.dll
[2006.08.24 22:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 22:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2006.11.10 12:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.10 23:32:04 | 000,000,815 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.09.02 14:53:04 | 000,000,897 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 10.20.240.11	sql_mu
O1 - Hosts: 10.20.240.11	msgs110i.physical.de
O1 - Hosts: 10.20.50.100	SMB_PRI1
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcerNotebookManager] C:\Programme\Acer\Notebook Manager\almxptray.exe (Acer)
O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\CPLBY31.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [nod32kui] C:\Programme\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe (Nokia)
O4 - HKLM..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programme\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019" File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [windows auto update]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NetScreen-Remote.lnk = C:\Programme\Juniper\NetScreen-Remote\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\p6_19_erinnerung.lnk = C:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\kinder\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\kinder\Startmenü\Programme\Autostart\Webshots.lnk = C:\Programme\Webshots\WebshotsTray.exe (The Webshots Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\imon.dll (Eset )
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.msg.de/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327 (F5 Networks VPN Manager)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} hxxp://www.webshots.com/samplers/WSDownloader.ocx (WSDownloader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139402952203 (WUWebControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://vpn.msg.de/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314 (F5 Networks SSLTunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37917.4102893519 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.msg.de/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320 (F5 Networks SuperHost Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.msg.de/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312 (F5 Networks Host Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = physical.de
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {ab340860-fd81-4a65-b345-82eb77a66b5e} - featherweed - C:\WINDOWS\system32\jbtazy.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\kinder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\kinder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 20:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.06 17:33:48 | 000,000,000 | -HSD | C] -- C:\FOUND.012
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.14 19:47:34 | 004,410,054 | ---- | M] () -- C:\WINDOWS\WebshotsForKinder.bmp
[2013.01.14 19:46:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.14 19:46:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.14 19:45:58 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 20:11:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\kinder\defogger_reenable
 
========== Files Created - No Company Name ==========
 
[2013.01.10 20:59:39 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.07 20:11:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\kinder\defogger_reenable
[2006.02.09 14:39:27 | 000,002,412 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2005.05.26 03:17:16 | 000,110,657 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\UninstallDrv.exe
 
========== ZeroAccess Check ==========
 
[2005.10.30 21:46:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2006.10.23 16:18:00 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2004.08.04 00:57:20 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2004.08.04 00:57:38 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


Dies in Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.01.2013 19:49:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 182,58 Mb Available Physical Memory | 35,73% Memory free
1,22 Gb Paging File | 0,90 Gb Available in Paging File | 73,78% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,70 Gb Total Space | 26,26 Gb Free Space | 38,23% Space Free | Partition Type: FAT32
Drive D: | 24,41 Gb Total Space | 15,73 Gb Free Space | 64,43% Space Free | Partition Type: FAT32
Drive F: | 1,86 Gb Total Space | 1,69 Gb Free Space | 90,51% Space Free | Partition Type: FAT
 
Computer Name: ACERMDS | User Name: kinder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"5432:TCP" = 5432:TCP:*:Enabled:WeatherProfessional
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5432:TCP" = 5432:TCP:*:Enabled:WeatherProfessional
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\Vpn.exe" = C:\Programme\Juniper\NetScreen-Remote\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Spiele\Need For Speed6\NFSHP2.EXE" = C:\Spiele\Need For Speed6\NFSHP2.EXE:*:Enabled:NFSHP2 -- ()
"C:\Programme\Microsoft ActiveSync\WCESMGR.EXE" = C:\Programme\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\totalcmd\TOTALCMD.EXE" = C:\Programme\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\mybooxx\Fotobuch\mybooxx.exe" = C:\Programme\mybooxx\Fotobuch\mybooxx.exe:*:mybooxx.exe -- ()
"C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\Vpn.exe" = C:\Programme\Juniper\NetScreen-Remote\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0049F6AE-4FE2-4C43-A039-60FCE98A1986}" = Opera 9.01
"{03C1AFCE-94E5-475B-8BA3-607C4B6F4670}" = FW CURE
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F51A262-1ADF-4914-B448-78AC58C4178A}" = WIDCOMM Bluetooth Software
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CE59656-4104-44AA-00BF-D2546C7EA497}" = Tiger Woods PGA TOUR 06
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE0413-CEFC-4559-AC5F-855A1C006D2F}" = CRW Series Driver v1.17r019
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{471A9640-39F8-11D5-A07F-005004F915E3}" = Microsoft Games Pocket Pak for Pocket PC
"{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne
"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6991C042-73DB-11D6-A2F9-00105AF81F08}" = Der kleine Professor
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{77EDEF61-D63C-4441-9BEC-1874CE56FF6E}" = WeatherProfessional
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7FB70A9B-6591-42EB-BD84-6F9C55368E06}" = LEGO Creator Harry Potter
"{8AC3A65A-03B0-428A-A216-075687AA0F3F}" = Carcassonne Add-On
"{8C2FA1ED-8248-42DF-A78A-48D40133129E}" = Acer Notebook Manager
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8CDC6712-AF80-459E-911F-F1E156CB0AB0}" = hp deskjet 5600
"{911A0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{9D53CC39-7680-40D9-BC31-80AEC9B18C74}" = Nokia PC Suite 5.62
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{C186B723-E9E3-4AB1-BC5F-DD8A0FC8DD34}" = NAVIGON MobileNavigator|4
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD &  DVD-Maker
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}" = ATI-Treiber
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EAF5E394-BC2B-42D3-9A94-E0AD66851922}" = Vodafone Mobile Connect
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F455665A-A82D-485F-9E1E-7D6CDCEC338E}" = Wireless Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"3D Traumhaus Designer 7 Pro_is1" = DATA BECKER 3D Traumhaus Designer 7 Pro
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AmoK DateWizard" = AmoK DateWizard 1.1b
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AutoSketch v6.0" = AutoSketch v6.0
"Diercke Globus" = Diercke Globus
"DTV_1.0" = DVB-T USB 2.0 
"Eisenbahn.exe Professional 4.0" = Eisenbahn.exe Professional 4.0
"FileSync" = FileSync
"FlowFact" = FlowFact
"FTDICOMM" = USB Serial Converter Drivers
"German Railroads - DB 232" = German Railroads - DB 232
"German Railroads - Vol 1 - Biggetal" = German Railroads - Vol 1 - Biggetal
"German Railroads - Vol 2 - Rollbahn" = German Railroads - Vol 2 - Rollbahn
"GSpot" = GSpot Codec Information Appliance
"hp LaserJet 2300 Uninstaller" = hp LaserJet 2300-Deinstallationsprogramm
"hp print screen utility" = hp print screen utility
"Indeo® Software" = Indeo® Software
"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002
"InstallShield_{9D53CC39-7680-40D9-BC31-80AEC9B18C74}" = Nokia PC Suite 5.62
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold 
"InterActual Player" = InterActual Player
"iPhoto Plus 4" = iPhoto Plus 4
"KONICA MINOLTA magicolor 5430DL" = KONICA MINOLTA magicolor 5430DL
"LManager" = Launch Manager
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.6)" = Mozilla Firefox (2.0.0.6)
"mybooxx_is1" = mybooxx
"NASA World Wind 1.3" = NASA World Wind 1.3
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003
"NOD32" = NOD32 Antivirus System
"ODBC" = ODBC
"Organizer V97.1" = Lotus Organizer 97 GS
"PocketPlus" = PocketPlus
"PocketPlus_German" = PocketPlus_German
"PowerDVD" = PowerDVD
"ProTrain 3.1 3.1" = ProTrain 3.1 3.1
"ProTrain Rheintal 1.0" = ProTrain Rheintal 1.0
"ProTrain Tauernbahn 1.0" = ProTrain Tauernbahn 1.0
"Public Messenger ver 2.03" = Public Messenger ver 2.03
"QuickTime" = QuickTime
"Schiffsim" = Schiffsim 2006
"ShipSim2008" = Schiff-Simulator 2008
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus2000" = ThumbsPlus 2000-R
"Totalcmd" = Total Commander (Remove or Repair)
"Train Simulator 1.0" = Microsoft Train Simulator
"TravelMate540screen" = TravelMate540screen
"TreeSize Professional 2.4" = TreeSize Professional 2.4
"WeatherProfessional" = WeatherProfessional
"WEBPlotterX" = WEBPlotter ActiveX
"Webshots" = Webshots!
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPhlash" = WinPhlash
"WinRAR archiver" = WinRAR Archivierer
"ZoomPlayer" = Zoom Player (remove only)
 
========== Last 20 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
--- --- ---
Alt 14.01.2013, 18:12   #20
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,



wieso führst du OTL vom Laufwerk F:\ aus und nicht vom Desktop???


da ComboFix nicht läuft, manchen wir folgendes:




Schritt 1
Lade dir das Tool Avenger und speichere es auf dem Desktop:

  1. Kopiere nun folgenden Text in das weiße Feld (bei -> "input script here")
    Code:
    ATTFilter
    Drivers to disable:
krdpdre

Drivers to delete:
krdpdre

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | windows auto update
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler | {ab340860-fd81-4a65-b345-82eb77a66b5e}
  2. Setze den Haken bei Automatically disable any rootkits found
  3. Schließe alle laufenden Programme. Trenne Dich vom Internet.
  4. Starte Avenger mit Klick auf Execute
  5. Bestätige mit Yes den Neustart des Rechners.
  6. Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
    Poste mir in deiner nächsten Antwort den Inhalt der Avenger.txt





Schritt 2

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 3
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Gibt es immer noch Probleme mit dem BKA Trojaner?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von The Avenger,
  • die Logdatei des OTL-Fix,
  • die neue Logdatei von OTL,
  • die Beantwortung der gestellten Frage.
Alt 14.01.2013, 18:30   #21
mersch2332
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Mist, dass habe ich vergessen. Ist das schlimm??

Noch eine Frage:
Muss ich das alles im abgesicherten Modus ausführen, oder kann ich das normal ausführen, da ich wieder auf den Desktop zugreifen kann und bis jetzt der Trojaner nicht mehr aufgetaucht ist??-ich war aber noch nicht im Internet, falls das irgendwie im Zusammenhang steht.

Alt 14.01.2013, 19:31   #22
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,


führe die Schritte bitte im normalen Modus aus.

Alt 17.01.2013, 17:00   #23
mersch2332
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Wenn ich bei Avenger auf Execute drücke, kommt nach der Meldung, bei der ich auf "j" drücke, folgende Meldung:

Error: Could not open RunOnce key to register cleanup.
Aborting execution! (error 0: der Vorgang wurde erfolgreich beendet.)

Alt 17.01.2013, 17:08   #24
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,


wir können deinen Rechner nur schwer bereinigen, wenn wir keine Administratorrechte haben.


Gibt es vielleicht doch irgendwie die Möglichkeit, dass du an das Passwort kommst (jem. fragen, raten, etc.)?


Ansonsten wäre Neuaufsetzen eine gute Idee.

Alt 17.01.2013, 17:14   #25
mersch2332
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Müsste ich schauen, aber OTL hat was gefunden, schreib ich dir gleich, genauso wie der Quickscan von OTL.

Folgendes steht im Fix von OTL:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: schleim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: schleim.PHYSICAL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: richteu
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: sqlservice
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kinder
->Temp folder emptied: 194228 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172013_191119


Folgendes steht in OTL.txt vom Quickscan:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.01.2013 19:18:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\kinder\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 182,03 Mb Available Physical Memory | 35,62% Memory free
1,22 Gb Paging File | 0,90 Gb Available in Paging File | 73,78% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,70 Gb Total Space | 26,26 Gb Free Space | 38,22% Space Free | Partition Type: FAT32
Drive D: | 24,41 Gb Total Space | 15,73 Gb Free Space | 64,43% Space Free | Partition Type: FAT32
Drive F: | 1,86 Gb Total Space | 1,68 Gb Free Space | 90,46% Space Free | Partition Type: FAT
 
Computer Name: ACERMDS | User Name: kinder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.07 17:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kinder\Desktop\OTL.exe
PRC - [2007.06.28 07:42:40 | 000,949,376 | ---- | M] (Eset ) -- C:\Programme\ESET\nod32kui.exe
PRC - [2006.06.22 20:28:46 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006.06.22 09:34:14 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.bin
PRC - [2005.09.23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005.04.21 15:11:18 | 000,328,704 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2004.08.11 13:22:52 | 000,065,588 | ---- | M] (SafeNet) -- C:\Programme\Juniper\NetScreen-Remote\SafeCfg.exe
PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.10.07 06:44:12 | 000,561,152 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe
PRC - [2003.09.25 12:41:18 | 000,102,400 | ---- | M] (Nokia Corp.) -- C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
PRC - [2003.09.03 11:36:00 | 000,253,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\CPLBY31.EXE
PRC - [2003.08.05 13:59:54 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.05.16 17:09:34 | 000,509,952 | ---- | M] (Acer) -- C:\Programme\Acer\Notebook Manager\almxptray.exe
PRC - [2003.05.15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003.04.24 16:51:36 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.03.11 13:08:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2003.02.10 14:30:10 | 000,425,984 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
PRC - [2003.01.09 00:05:12 | 000,073,728 | ---- | M] (MyComp) -- C:\Programme\CRW\shwicon.exe
PRC - [2002.12.17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2002.06.21 15:55:56 | 000,208,896 | ---- | M] (The Webshots Corporation) -- C:\Programme\Webshots\WebshotsTray.exe
PRC - [2002.06.03 11:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Programme\ScanSoft\OmniPageSE\opware32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.06.28 07:42:42 | 000,105,528 | ---- | M] () -- C:\Programme\ESET\nod32rui.dll
MOD - [2007.06.28 07:42:42 | 000,060,544 | ---- | M] () -- C:\Programme\ESET\nodshex.dll
MOD - [2007.06.28 07:42:42 | 000,060,472 | ---- | M] () -- C:\Programme\ESET\pr_emon.dll
MOD - [2007.06.28 07:42:42 | 000,052,280 | ---- | M] () -- C:\Programme\ESET\pr_upd.dll
MOD - [2007.06.28 07:42:42 | 000,052,280 | ---- | M] () -- C:\Programme\ESET\pr_imon.dll
MOD - [2007.06.28 07:42:42 | 000,019,512 | ---- | M] () -- C:\Programme\ESET\pr_dmon.dll
MOD - [2006.05.13 05:36:58 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2002.12.17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
MOD - [1999.05.25 17:45:36 | 000,073,728 | ---- | M] () -- C:\Programme\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2007.06.28 07:42:40 | 000,552,064 | ---- | M] (Eset ) [Auto | Unknown] -- C:\Programme\ESET\nod32krn.exe -- (NOD32krn)
SRV - [2007.04.20 11:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Unknown] -- C:\Programme\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.03.17 11:40:48 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2004.08.11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) [Auto | Unknown] -- C:\Programme\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2004.08.11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) [Auto | Unknown] -- C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2004.08.04 00:57:40 | 000,089,088 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Unknown] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] --  -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\SCHLEI~1.PHY\LOKALE~1\Temp\krdpdre.sys -- (krdpdre)
DRV - File not found [Kernel | System | Unknown] --  -- (i2omgmt)
DRV - File not found [Kernel | Boot | Unknown] -- System32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - File not found [Kernel | System | Unknown] --  -- (Changer)
DRV - [2007.06.28 07:42:42 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007.06.28 07:42:40 | 000,015,424 | ---- | M] () [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2007.05.18 20:37:00 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)
DRV - [2007.02.23 04:29:02 | 000,028,160 | ---- | M] (F5 Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\urvpndrv.sys -- (urvpndrv)
DRV - [2006.11.10 11:15:44 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2006.11.10 11:15:44 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Unknown] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.11.10 11:15:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2006.08.16 10:37:30 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006.05.18 08:48:50 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005.12.15 08:41:22 | 000,010,256 | ---- | M] (F5 Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2005.11.06 14:17:10 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005.06.29 18:21:24 | 000,019,328 | R--- | M] (WideView Technology Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1)
DRV - [2005.04.21 15:06:06 | 000,019,328 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004.10.07 15:37:16 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180)
DRV - [2004.09.06 21:40:04 | 000,018,432 | R--- | M] (Computer & Entertainment, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0)
DRV - [2004.08.11 12:01:40 | 000,119,864 | ---- | M] (SafeNet) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2004.08.04 00:57:40 | 000,089,088 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2004.08.04 00:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.03 23:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004.07.30 13:20:58 | 000,521,786 | ---- | M] (SafeNet) [Kernel | Auto | Unknown] -- C:\WINDOWS\System32\drivers\Crypto.sys -- (Crypto)
DRV - [2003.11.19 15:41:18 | 001,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.11.18 12:01:34 | 000,062,673 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003.09.05 14:35:02 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003.08.07 22:15:06 | 000,404,608 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.08.05 14:51:10 | 000,460,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003.07.10 12:17:18 | 000,006,431 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\acernbm.sys -- (acernbm)
DRV - [2003.07.01 01:53:00 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp)
DRV - [2003.06.19 14:41:00 | 000,064,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.06.03 15:18:58 | 000,039,996 | ---- | M] (SMC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003.04.09 04:24:40 | 000,051,208 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2003.03.12 09:34:00 | 000,030,171 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2003.02.21 11:26:54 | 000,144,480 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2003.02.21 11:25:16 | 000,022,119 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2003.02.21 11:24:56 | 000,222,164 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003.02.21 11:23:14 | 001,149,978 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2001.12.14 16:26:06 | 000,036,188 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\vap.sys -- (DniVap)
DRV - [2001.08.17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Unknown] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.04.13 09:45:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.04.13 09:45:24 | 000,000,000 | ---D | M]
 
[2008.01.13 18:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\Mozilla\Firefox\Profiles\5wytbwa7.default\extensions
[2006.04.13 09:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.02.25 13:25:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2007.08.09 10:41:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007.02.25 13:25:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2007.08.02 08:14:58 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll
[2007.08.02 08:14:58 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll
[2007.08.02 08:15:00 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\myspell.dll
[2007.08.02 08:15:00 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\spellchk.dll
[2007.08.02 08:15:00 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll
[2007.02.22 19:19:00 | 000,165,248 | ---- | M] (F5 Networks) -- C:\Programme\mozilla firefox\plugins\NPuroamHost.dll
[2006.08.24 22:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 22:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2006.11.10 12:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.10 23:32:04 | 000,000,815 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.09.02 14:53:04 | 000,000,897 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 10.20.240.11	sql_mu
O1 - Hosts: 10.20.240.11	msgs110i.physical.de
O1 - Hosts: 10.20.50.100	SMB_PRI1
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcerNotebookManager] C:\Programme\Acer\Notebook Manager\almxptray.exe (Acer)
O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\CPLBY31.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [nod32kui] C:\Programme\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe (Nokia)
O4 - HKLM..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programme\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019" File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [windows auto update]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NetScreen-Remote.lnk = C:\Programme\Juniper\NetScreen-Remote\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\p6_19_erinnerung.lnk = C:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\kinder\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\kinder\Startmenü\Programme\Autostart\Webshots.lnk = C:\Programme\Webshots\WebshotsTray.exe (The Webshots Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\imon.dll (Eset )
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.msg.de/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327 (F5 Networks VPN Manager)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} hxxp://www.webshots.com/samplers/WSDownloader.ocx (WSDownloader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139402952203 (WUWebControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://vpn.msg.de/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314 (F5 Networks SSLTunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37917.4102893519 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.msg.de/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320 (F5 Networks SuperHost Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.msg.de/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312 (F5 Networks Host Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = physical.de
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {ab340860-fd81-4a65-b345-82eb77a66b5e} - featherweed - C:\WINDOWS\system32\jbtazy.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\kinder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\kinder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.17 19:04:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kinder\Desktop\OTL.exe
[2013.01.10 20:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.06 17:33:48 | 000,000,000 | -HSD | C] -- C:\FOUND.012
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 19:14:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 19:14:52 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 18:59:10 | 004,410,054 | ---- | M] () -- C:\WINDOWS\WebshotsForKinder.bmp
[2013.01.17 18:53:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.17 16:53:14 | 000,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\kinder\Desktop\avenger.exe
[2013.01.07 20:11:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\kinder\defogger_reenable
[2013.01.07 17:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kinder\Desktop\OTL.exe
 
========== Files Created - No Company Name ==========
 
[2013.01.17 19:04:42 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\kinder\Desktop\avenger.exe
[2013.01.10 20:59:39 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.07 20:11:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\kinder\defogger_reenable
[2006.02.09 14:39:27 | 000,002,412 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2005.05.26 03:17:16 | 000,110,657 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\UninstallDrv.exe
 
========== ZeroAccess Check ==========
 
[2005.10.30 21:46:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2006.10.23 16:18:00 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2004.08.04 00:57:20 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2004.08.04 00:57:38 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2006.01.30 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2006.01.30 11:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2006.10.02 17:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2006.11.10 11:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2007.12.16 22:15:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{62727C56-8352-4A6D-B7C7-D26378124ED0}
[2003.09.18 12:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\InterTrust
[2008.01.31 18:08:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\Diercke Globus
[2009.01.30 19:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\Wildlife Park 2
[2009.09.03 14:23:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\ProtectDisc
[2010.02.25 18:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\ScanSoft
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Und dies steht in Extras.txt vom Quickscan:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.01.2013 19:18:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\kinder\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 182,03 Mb Available Physical Memory | 35,62% Memory free
1,22 Gb Paging File | 0,90 Gb Available in Paging File | 73,78% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,70 Gb Total Space | 26,26 Gb Free Space | 38,22% Space Free | Partition Type: FAT32
Drive D: | 24,41 Gb Total Space | 15,73 Gb Free Space | 64,43% Space Free | Partition Type: FAT32
Drive F: | 1,86 Gb Total Space | 1,68 Gb Free Space | 90,46% Space Free | Partition Type: FAT
 
Computer Name: ACERMDS | User Name: kinder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"5432:TCP" = 5432:TCP:*:Enabled:WeatherProfessional
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5432:TCP" = 5432:TCP:*:Enabled:WeatherProfessional
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\Vpn.exe" = C:\Programme\Juniper\NetScreen-Remote\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Spiele\Need For Speed6\NFSHP2.EXE" = C:\Spiele\Need For Speed6\NFSHP2.EXE:*:Enabled:NFSHP2 -- ()
"C:\Programme\Microsoft ActiveSync\WCESMGR.EXE" = C:\Programme\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\totalcmd\TOTALCMD.EXE" = C:\Programme\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\mybooxx\Fotobuch\mybooxx.exe" = C:\Programme\mybooxx\Fotobuch\mybooxx.exe:*:mybooxx.exe -- ()
"C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\Vpn.exe" = C:\Programme\Juniper\NetScreen-Remote\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0049F6AE-4FE2-4C43-A039-60FCE98A1986}" = Opera 9.01
"{03C1AFCE-94E5-475B-8BA3-607C4B6F4670}" = FW CURE
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F51A262-1ADF-4914-B448-78AC58C4178A}" = WIDCOMM Bluetooth Software
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CE59656-4104-44AA-00BF-D2546C7EA497}" = Tiger Woods PGA TOUR 06
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE0413-CEFC-4559-AC5F-855A1C006D2F}" = CRW Series Driver v1.17r019
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{471A9640-39F8-11D5-A07F-005004F915E3}" = Microsoft Games Pocket Pak for Pocket PC
"{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne
"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6991C042-73DB-11D6-A2F9-00105AF81F08}" = Der kleine Professor
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{77EDEF61-D63C-4441-9BEC-1874CE56FF6E}" = WeatherProfessional
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7FB70A9B-6591-42EB-BD84-6F9C55368E06}" = LEGO Creator Harry Potter
"{8AC3A65A-03B0-428A-A216-075687AA0F3F}" = Carcassonne Add-On
"{8C2FA1ED-8248-42DF-A78A-48D40133129E}" = Acer Notebook Manager
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8CDC6712-AF80-459E-911F-F1E156CB0AB0}" = hp deskjet 5600
"{911A0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{9D53CC39-7680-40D9-BC31-80AEC9B18C74}" = Nokia PC Suite 5.62
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{C186B723-E9E3-4AB1-BC5F-DD8A0FC8DD34}" = NAVIGON MobileNavigator|4
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD &  DVD-Maker
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}" = ATI-Treiber
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EAF5E394-BC2B-42D3-9A94-E0AD66851922}" = Vodafone Mobile Connect
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F455665A-A82D-485F-9E1E-7D6CDCEC338E}" = Wireless Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"3D Traumhaus Designer 7 Pro_is1" = DATA BECKER 3D Traumhaus Designer 7 Pro
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AmoK DateWizard" = AmoK DateWizard 1.1b
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AutoSketch v6.0" = AutoSketch v6.0
"Diercke Globus" = Diercke Globus
"DTV_1.0" = DVB-T USB 2.0 
"Eisenbahn.exe Professional 4.0" = Eisenbahn.exe Professional 4.0
"FileSync" = FileSync
"FlowFact" = FlowFact
"FTDICOMM" = USB Serial Converter Drivers
"German Railroads - DB 232" = German Railroads - DB 232
"German Railroads - Vol 1 - Biggetal" = German Railroads - Vol 1 - Biggetal
"German Railroads - Vol 2 - Rollbahn" = German Railroads - Vol 2 - Rollbahn
"GSpot" = GSpot Codec Information Appliance
"hp LaserJet 2300 Uninstaller" = hp LaserJet 2300-Deinstallationsprogramm
"hp print screen utility" = hp print screen utility
"Indeo® Software" = Indeo® Software
"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002
"InstallShield_{9D53CC39-7680-40D9-BC31-80AEC9B18C74}" = Nokia PC Suite 5.62
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold 
"InterActual Player" = InterActual Player
"iPhoto Plus 4" = iPhoto Plus 4
"KONICA MINOLTA magicolor 5430DL" = KONICA MINOLTA magicolor 5430DL
"LManager" = Launch Manager
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.6)" = Mozilla Firefox (2.0.0.6)
"mybooxx_is1" = mybooxx
"NASA World Wind 1.3" = NASA World Wind 1.3
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003
"NOD32" = NOD32 Antivirus System
"ODBC" = ODBC
"Organizer V97.1" = Lotus Organizer 97 GS
"PocketPlus" = PocketPlus
"PocketPlus_German" = PocketPlus_German
"PowerDVD" = PowerDVD
"ProTrain 3.1 3.1" = ProTrain 3.1 3.1
"ProTrain Rheintal 1.0" = ProTrain Rheintal 1.0
"ProTrain Tauernbahn 1.0" = ProTrain Tauernbahn 1.0
"Public Messenger ver 2.03" = Public Messenger ver 2.03
"QuickTime" = QuickTime
"Schiffsim" = Schiffsim 2006
"ShipSim2008" = Schiff-Simulator 2008
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus2000" = ThumbsPlus 2000-R
"Totalcmd" = Total Commander (Remove or Repair)
"Train Simulator 1.0" = Microsoft Train Simulator
"TravelMate540screen" = TravelMate540screen
"TreeSize Professional 2.4" = TreeSize Professional 2.4
"WeatherProfessional" = WeatherProfessional
"WEBPlotterX" = WEBPlotter ActiveX
"Webshots" = Webshots!
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPhlash" = WinPhlash
"WinRAR archiver" = WinRAR Archivierer
"ZoomPlayer" = Zoom Player (remove only)
 
========== Last 20 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
--- --- ---

Müsste ich heute noch was erledigen, oder kann ich den Laptop schon herunterfahren??

Alt 17.01.2013, 17:32   #26
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,


wir versuchen folgendes:



Schritt 1
Start--> ausführen--> notepad (reinschreiben)--> ok

Kopiere nun bitte folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
"windows auto update"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"=-

[-HKEY_CLASSES_ROOT\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}]
  • Speichere es nun unter regfix.reg
  • achte darauf, dass bei Datei-Typ "Alle Dateien" angegeben ist
  • nun sollte auf Deinem Desktop erscheinen
  • Mache nun einen Doppelklick auf die Datei regfix.reg
  • Bestätige mit Ja, dann drücke OK
  • Starte den Rechner neu auf
Hier findest Du eine bebilderte Anleitung





Schritt 2
  • Klicke auf Start > Ausführen
  • Kopiere dir den Inhalt der folgenden Code-Box in die Kommandozeile:
    Code:
    ATTFilter
    sc stop krdpdre
  • Klicke Enter.
  • Kopiere dir den Inhalt der folgenden Code-Box in die Kommandozeile:
    Code:
    ATTFilter
    sc delete krdpdre
  • Klicke Enter.





Schritt 3
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL.
Alt 17.01.2013, 17:54   #27
mersch2332
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Folgendes steht in OTL.exe:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.01.2013 19:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\kinder\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 185,96 Mb Available Physical Memory | 36,39% Memory free
1,22 Gb Paging File | 0,90 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,70 Gb Total Space | 26,25 Gb Free Space | 38,22% Space Free | Partition Type: FAT32
Drive D: | 24,41 Gb Total Space | 15,73 Gb Free Space | 64,43% Space Free | Partition Type: FAT32
Drive F: | 1,86 Gb Total Space | 1,68 Gb Free Space | 90,46% Space Free | Partition Type: FAT
 
Computer Name: ACERMDS | User Name: kinder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.07 17:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kinder\Desktop\OTL.exe
PRC - [2007.06.28 07:42:40 | 000,949,376 | ---- | M] (Eset ) -- C:\Programme\ESET\nod32kui.exe
PRC - [2006.06.22 20:28:46 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006.06.22 09:34:14 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.bin
PRC - [2005.09.23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005.04.21 15:11:18 | 000,328,704 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2004.08.11 13:22:52 | 000,065,588 | ---- | M] (SafeNet) -- C:\Programme\Juniper\NetScreen-Remote\SafeCfg.exe
PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.10.07 06:44:12 | 000,561,152 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe
PRC - [2003.09.25 12:41:18 | 000,102,400 | ---- | M] (Nokia Corp.) -- C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
PRC - [2003.09.03 11:36:00 | 000,253,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\CPLBY31.EXE
PRC - [2003.08.05 13:59:54 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.05.16 17:09:34 | 000,509,952 | ---- | M] (Acer) -- C:\Programme\Acer\Notebook Manager\almxptray.exe
PRC - [2003.05.15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003.04.24 16:51:36 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.03.11 13:08:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2003.02.10 14:30:10 | 000,425,984 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
PRC - [2003.01.09 00:05:12 | 000,073,728 | ---- | M] (MyComp) -- C:\Programme\CRW\shwicon.exe
PRC - [2002.12.17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2002.06.21 15:55:56 | 000,208,896 | ---- | M] (The Webshots Corporation) -- C:\Programme\Webshots\WebshotsTray.exe
PRC - [2002.06.03 11:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Programme\ScanSoft\OmniPageSE\opware32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.06.28 07:42:42 | 000,105,528 | ---- | M] () -- C:\Programme\ESET\nod32rui.dll
MOD - [2007.06.28 07:42:42 | 000,060,472 | ---- | M] () -- C:\Programme\ESET\pr_emon.dll
MOD - [2007.06.28 07:42:42 | 000,052,280 | ---- | M] () -- C:\Programme\ESET\pr_upd.dll
MOD - [2007.06.28 07:42:42 | 000,052,280 | ---- | M] () -- C:\Programme\ESET\pr_imon.dll
MOD - [2007.06.28 07:42:42 | 000,019,512 | ---- | M] () -- C:\Programme\ESET\pr_dmon.dll
MOD - [2006.05.13 05:36:58 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2002.12.17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
MOD - [1999.05.25 17:45:36 | 000,073,728 | ---- | M] () -- C:\Programme\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2007.06.28 07:42:40 | 000,552,064 | ---- | M] (Eset ) [Auto | Unknown] -- C:\Programme\ESET\nod32krn.exe -- (NOD32krn)
SRV - [2007.04.20 11:22:22 | 000,079,324 | ---- | M] (PostgreSQL Global Development Group) [Auto | Unknown] -- C:\Programme\WeatherProfessional\database\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.03.17 11:40:48 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2004.08.11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) [Auto | Unknown] -- C:\Programme\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2004.08.11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) [Auto | Unknown] -- C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2004.08.04 00:57:40 | 000,089,088 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Unknown] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] --  -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\SCHLEI~1.PHY\LOKALE~1\Temp\krdpdre.sys -- (krdpdre)
DRV - File not found [Kernel | System | Unknown] --  -- (i2omgmt)
DRV - File not found [Kernel | Boot | Unknown] -- System32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - File not found [Kernel | System | Unknown] --  -- (Changer)
DRV - [2007.06.28 07:42:42 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007.06.28 07:42:40 | 000,015,424 | ---- | M] () [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2007.05.18 20:37:00 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)
DRV - [2007.02.23 04:29:02 | 000,028,160 | ---- | M] (F5 Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\urvpndrv.sys -- (urvpndrv)
DRV - [2006.11.10 11:15:44 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2006.11.10 11:15:44 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Unknown] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.11.10 11:15:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2006.08.16 10:37:30 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006.05.18 08:48:50 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005.12.15 08:41:22 | 000,010,256 | ---- | M] (F5 Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2005.11.06 14:17:10 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005.06.29 18:21:24 | 000,019,328 | R--- | M] (WideView Technology Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1)
DRV - [2005.04.21 15:06:06 | 000,019,328 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004.10.07 15:37:16 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180)
DRV - [2004.09.06 21:40:04 | 000,018,432 | R--- | M] (Computer & Entertainment, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0)
DRV - [2004.08.11 12:01:40 | 000,119,864 | ---- | M] (SafeNet) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2004.08.04 00:57:40 | 000,089,088 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2004.08.04 00:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.03 23:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004.07.30 13:20:58 | 000,521,786 | ---- | M] (SafeNet) [Kernel | Auto | Unknown] -- C:\WINDOWS\System32\drivers\Crypto.sys -- (Crypto)
DRV - [2003.11.19 15:41:18 | 001,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.11.18 12:01:34 | 000,062,673 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003.09.05 14:35:02 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003.08.07 22:15:06 | 000,404,608 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.08.05 14:51:10 | 000,460,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003.07.10 12:17:18 | 000,006,431 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\acernbm.sys -- (acernbm)
DRV - [2003.07.01 01:53:00 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp)
DRV - [2003.06.19 14:41:00 | 000,064,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.06.03 15:18:58 | 000,039,996 | ---- | M] (SMC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003.04.09 04:24:40 | 000,051,208 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2003.03.12 09:34:00 | 000,030,171 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2003.02.21 11:26:54 | 000,144,480 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2003.02.21 11:25:16 | 000,022,119 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2003.02.21 11:24:56 | 000,222,164 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003.02.21 11:23:14 | 001,149,978 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2001.12.14 16:26:06 | 000,036,188 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\vap.sys -- (DniVap)
DRV - [2001.08.17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Unknown] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.04.13 09:45:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.04.13 09:45:24 | 000,000,000 | ---D | M]
 
[2008.01.13 18:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\Mozilla\Firefox\Profiles\5wytbwa7.default\extensions
[2006.04.13 09:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.02.25 13:25:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2007.08.09 10:41:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007.02.25 13:25:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2007.08.02 08:14:58 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll
[2007.08.02 08:14:58 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll
[2007.08.02 08:15:00 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\myspell.dll
[2007.08.02 08:15:00 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\spellchk.dll
[2007.08.02 08:15:00 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll
[2007.02.22 19:19:00 | 000,165,248 | ---- | M] (F5 Networks) -- C:\Programme\mozilla firefox\plugins\NPuroamHost.dll
[2006.08.24 22:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 22:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2006.11.10 12:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.10 23:32:04 | 000,000,815 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.09.02 14:53:04 | 000,000,897 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 10.20.240.11	sql_mu
O1 - Hosts: 10.20.240.11	msgs110i.physical.de
O1 - Hosts: 10.20.50.100	SMB_PRI1
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcerNotebookManager] C:\Programme\Acer\Notebook Manager\almxptray.exe (Acer)
O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Nokia\Nokia PC Suite 5\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\CPLBY31.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [nod32kui] C:\Programme\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe (Nokia)
O4 - HKLM..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programme\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019" File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [windows auto update]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NetScreen-Remote.lnk = C:\Programme\Juniper\NetScreen-Remote\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\p6_19_erinnerung.lnk = C:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\kinder\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\kinder\Startmenü\Programme\Autostart\Webshots.lnk = C:\Programme\Webshots\WebshotsTray.exe (The Webshots Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\imon.dll (Eset )
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.msg.de/vdesk/terminal/urxvpn.cab#version=6010,2007,0223,0327 (F5 Networks VPN Manager)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} hxxp://www.webshots.com/samplers/WSDownloader.ocx (WSDownloader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139402952203 (WUWebControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://vpn.msg.de/vdesk/terminal/urTermProxy.cab#version=6010,2007,0223,0314 (F5 Networks SSLTunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37917.4102893519 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.msg.de/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320 (F5 Networks SuperHost Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.msg.de/vdesk/terminal/urxhost.cab#version=6010,2007,0223,0312 (F5 Networks Host Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = physical.de
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {ab340860-fd81-4a65-b345-82eb77a66b5e} - featherweed - C:\WINDOWS\system32\jbtazy.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\kinder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\kinder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.17 19:57:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kinder\Desktop\OTL.exe
[2013.01.10 20:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.06 17:33:48 | 000,000,000 | -HSD | C] -- C:\FOUND.012
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 19:51:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 19:51:48 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 19:48:40 | 000,000,340 | ---- | M] () -- C:\Dokumente und Einstellungen\kinder\Eigene Dateien\regfix.reg
[2013.01.17 18:59:10 | 004,410,054 | ---- | M] () -- C:\WINDOWS\WebshotsForKinder.bmp
[2013.01.17 18:53:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.07 20:11:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\kinder\defogger_reenable
[2013.01.07 17:34:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\kinder\Desktop\OTL.exe
 
========== Files Created - No Company Name ==========
 
[2013.01.17 19:48:39 | 000,000,340 | ---- | C] () -- C:\Dokumente und Einstellungen\kinder\Eigene Dateien\regfix.reg
[2013.01.10 20:59:39 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.07 20:11:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\kinder\defogger_reenable
[2006.02.09 14:39:27 | 000,002,412 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2005.05.26 03:17:16 | 000,110,657 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\UninstallDrv.exe
 
========== ZeroAccess Check ==========
 
[2005.10.30 21:46:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2006.10.23 16:18:00 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2004.08.04 00:57:20 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2004.08.04 00:57:38 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2006.01.30 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2006.01.30 11:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2006.10.02 17:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2006.11.10 11:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2007.12.16 22:15:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{62727C56-8352-4A6D-B7C7-D26378124ED0}
[2003.09.18 12:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\InterTrust
[2008.01.31 18:08:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\Diercke Globus
[2009.01.30 19:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\Wildlife Park 2
[2009.09.03 14:23:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\ProtectDisc
[2010.02.25 18:45:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kinder\Anwendungsdaten\ScanSoft
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Dies in Extras.exe :
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.01.2013 19:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\kinder\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 185,96 Mb Available Physical Memory | 36,39% Memory free
1,22 Gb Paging File | 0,90 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,70 Gb Total Space | 26,25 Gb Free Space | 38,22% Space Free | Partition Type: FAT32
Drive D: | 24,41 Gb Total Space | 15,73 Gb Free Space | 64,43% Space Free | Partition Type: FAT32
Drive F: | 1,86 Gb Total Space | 1,68 Gb Free Space | 90,46% Space Free | Partition Type: FAT
 
Computer Name: ACERMDS | User Name: kinder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"5432:TCP" = 5432:TCP:*:Enabled:WeatherProfessional
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5432:TCP" = 5432:TCP:*:Enabled:WeatherProfessional
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\Vpn.exe" = C:\Programme\Juniper\NetScreen-Remote\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Spiele\Need For Speed6\NFSHP2.EXE" = C:\Spiele\Need For Speed6\NFSHP2.EXE:*:Enabled:NFSHP2 -- ()
"C:\Programme\Microsoft ActiveSync\WCESMGR.EXE" = C:\Programme\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\totalcmd\TOTALCMD.EXE" = C:\Programme\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\mybooxx\Fotobuch\mybooxx.exe" = C:\Programme\mybooxx\Fotobuch\mybooxx.exe:*:mybooxx.exe -- ()
"C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Programme\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Programme\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Programme\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Programme\Juniper\NetScreen-Remote\Vpn.exe" = C:\Programme\Juniper\NetScreen-Remote\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0049F6AE-4FE2-4C43-A039-60FCE98A1986}" = Opera 9.01
"{03C1AFCE-94E5-475B-8BA3-607C4B6F4670}" = FW CURE
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F51A262-1ADF-4914-B448-78AC58C4178A}" = WIDCOMM Bluetooth Software
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CE59656-4104-44AA-00BF-D2546C7EA497}" = Tiger Woods PGA TOUR 06
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE0413-CEFC-4559-AC5F-855A1C006D2F}" = CRW Series Driver v1.17r019
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{471A9640-39F8-11D5-A07F-005004F915E3}" = Microsoft Games Pocket Pak for Pocket PC
"{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne
"{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = Drive Image
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6991C042-73DB-11D6-A2F9-00105AF81F08}" = Der kleine Professor
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{77EDEF61-D63C-4441-9BEC-1874CE56FF6E}" = WeatherProfessional
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7FB70A9B-6591-42EB-BD84-6F9C55368E06}" = LEGO Creator Harry Potter
"{8AC3A65A-03B0-428A-A216-075687AA0F3F}" = Carcassonne Add-On
"{8C2FA1ED-8248-42DF-A78A-48D40133129E}" = Acer Notebook Manager
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8CDC6712-AF80-459E-911F-F1E156CB0AB0}" = hp deskjet 5600
"{911A0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{9D53CC39-7680-40D9-BC31-80AEC9B18C74}" = Nokia PC Suite 5.62
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{C186B723-E9E3-4AB1-BC5F-DD8A0FC8DD34}" = NAVIGON MobileNavigator|4
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD &  DVD-Maker
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}" = ATI-Treiber
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EAF5E394-BC2B-42D3-9A94-E0AD66851922}" = Vodafone Mobile Connect
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F455665A-A82D-485F-9E1E-7D6CDCEC338E}" = Wireless Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"3D Traumhaus Designer 7 Pro_is1" = DATA BECKER 3D Traumhaus Designer 7 Pro
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AmoK DateWizard" = AmoK DateWizard 1.1b
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AutoSketch v6.0" = AutoSketch v6.0
"Diercke Globus" = Diercke Globus
"DTV_1.0" = DVB-T USB 2.0 
"Eisenbahn.exe Professional 4.0" = Eisenbahn.exe Professional 4.0
"FileSync" = FileSync
"FlowFact" = FlowFact
"FTDICOMM" = USB Serial Converter Drivers
"German Railroads - DB 232" = German Railroads - DB 232
"German Railroads - Vol 1 - Biggetal" = German Railroads - Vol 1 - Biggetal
"German Railroads - Vol 2 - Rollbahn" = German Railroads - Vol 2 - Rollbahn
"GSpot" = GSpot Codec Information Appliance
"hp LaserJet 2300 Uninstaller" = hp LaserJet 2300-Deinstallationsprogramm
"hp print screen utility" = hp print screen utility
"Indeo® Software" = Indeo® Software
"InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}" = PowerQuest Drive Image 2002
"InstallShield_{9D53CC39-7680-40D9-BC31-80AEC9B18C74}" = Nokia PC Suite 5.62
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold 
"InterActual Player" = InterActual Player
"iPhoto Plus 4" = iPhoto Plus 4
"KONICA MINOLTA magicolor 5430DL" = KONICA MINOLTA magicolor 5430DL
"LManager" = Launch Manager
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.6)" = Mozilla Firefox (2.0.0.6)
"mybooxx_is1" = mybooxx
"NASA World Wind 1.3" = NASA World Wind 1.3
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003
"NOD32" = NOD32 Antivirus System
"ODBC" = ODBC
"Organizer V97.1" = Lotus Organizer 97 GS
"PocketPlus" = PocketPlus
"PocketPlus_German" = PocketPlus_German
"PowerDVD" = PowerDVD
"ProTrain 3.1 3.1" = ProTrain 3.1 3.1
"ProTrain Rheintal 1.0" = ProTrain Rheintal 1.0
"ProTrain Tauernbahn 1.0" = ProTrain Tauernbahn 1.0
"Public Messenger ver 2.03" = Public Messenger ver 2.03
"QuickTime" = QuickTime
"Schiffsim" = Schiffsim 2006
"ShipSim2008" = Schiff-Simulator 2008
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus2000" = ThumbsPlus 2000-R
"Totalcmd" = Total Commander (Remove or Repair)
"Train Simulator 1.0" = Microsoft Train Simulator
"TravelMate540screen" = TravelMate540screen
"TreeSize Professional 2.4" = TreeSize Professional 2.4
"WeatherProfessional" = WeatherProfessional
"WEBPlotterX" = WEBPlotter ActiveX
"Webshots" = Webshots!
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPhlash" = WinPhlash
"WinRAR archiver" = WinRAR Archivierer
"ZoomPlayer" = Zoom Player (remove only)
 
========== Last 20 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
--- --- ---
Alt 17.01.2013, 19:54   #28
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,


ohne Administratorrechte wird das nichts.


Kommst du an das Passwort?

Alt 18.01.2013, 19:07   #29
mersch2332
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Muss ich fragen....Mal schauen. Ist das denn sehr wichtig??

Was genau müssen wir denn da noch machen??

Alt 19.01.2013, 15:55   #30
M-K-D-B
/// TB-Ausbilder
 
Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Standard

Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


Servus,


Zitat:
Zitat von mersch2332 Beitrag anzeigen
Muss ich fragen....Mal schauen. Ist das denn sehr wichtig??

Was genau müssen wir denn da noch machen??
Ohne Administratorrechte können wir bestimmte Tools nicht starten und damit auch nicht die komplette Malware entfernen.

Entweder du besorgst dir innerhalb der nächsten 3 Tage das Passwort oder ich schlage vor, du setzt deinen Rechner neu auf.

Antwort
Seite 2 von 3 1 2 3

Themen zu Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld
abgesicherten, alten, funktioniert, geld, gesperrt, gestartet, hilfe!, hoffe, inhalt, laptop, lieben, meldung, modus, neu, nichts, problem, programm, regeln, schicken, schnelle, sperrung, virus, windows, windows xp


« Malwarebytes zeigt 7 mit PUP.LoadTubes infizierte Dateien. | Fund: Variante von Win32/InstallCore.D Anwendung »


Ähnliche Themen: Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld


  1. Windows XP Laptop gesperrt durch BKA Trojaner/ startet im abgesicherten Modus von alleine neu!
    Log-Analyse und Auswertung - 28.03.2014 (7)
  2. Mozilla Firefox durch Bundespolizei gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (9)
  3. Win 8 Browser durch Bundespolizei(Trojaner?) gesperrt, was tun ?
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (1)
  4. PC durch Bundespolizei gesperrt
    Log-Analyse und Auswertung - 20.11.2013 (1)
  5. Laptop gesperrt aufgrund von Trojanern (Geldzahlung verlangt zur Entsperrung)
    Log-Analyse und Auswertung - 25.02.2013 (19)
  6. computer gesperrt durch bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (2)
  7. Computer gesperrt durch Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (19)
  8. PC angeblich gesperrt durch Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (6)
  9. Computer gesperrt durch Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (35)
  10. Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (22)
  11. Computer gesperrt durch Bundespolizei
    Log-Analyse und Auswertung - 06.09.2012 (8)
  12. BUNDESPOLIZEI - durch das System der automatischen Informationskontrolle gesperrt(Exploit.Drop.UR.2)
    Log-Analyse und Auswertung - 23.08.2012 (15)
  13. Gesperrt durch Bundespolizei (Trojan.Phex.THAGen7 gefunden)
    Log-Analyse und Auswertung - 06.08.2012 (11)
  14. Ihr Computer wurde gesperrt - Bundespolizei, Entsperrung mit Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (2)
  15. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt - Bundespolizei
    Log-Analyse und Auswertung - 15.06.2012 (1)
  16. Laptop gesperrt, durch Trojaner im EmailAnhang
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (1)
  17. Laptop gesperrt durch Virus gesperrt. Zahlung von 50 Euro etc.
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld - Servus, meines Wissens nach nicht. - Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld...
Archiv
Du betrachtest: Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55