GVU Trojaner eingefangen und habe bereits mit OTL Bootdatei gebootet

t'john · 05.02.2013, 20:00

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Wähle Scanne Alle Benuzer
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
Unter Extra Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hangloose · 07.02.2013, 22:37

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.02.2013 22:24:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\MJ\Desktop\tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 59,94% Memory free
3,78 Gb Paging File | 3,09 Gb Available in Paging File | 81,78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 189,14 Gb Free Space | 63,45% Space Free | Partition Type: NTFS
Drive E: | 7,47 Gb Total Space | 0,66 Gb Free Space | 8,82% Space Free | Partition Type: FAT32
 
Computer Name: JUSTFIT-4MOBIL | User Name: MJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\MJ\Desktop\tools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Palm, Inc\novacomd\x86\novacomd.exe (Palm)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Software\XnShellEx\XnShellEx\XnViewShellExt.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7c4318061685bcd4eb2f07b05852ea82\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\16ec74b5ee19876f9b073c6abe989b15\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\95755998f4faebeacea7d4757894710a\IsdiInterop.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\833d48e6bae13f5553dd1cbc3de358f6\IAStorUtil.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\96514e8b86008d326abc59b8f2fe55da\IAStorDataMgr.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\5c6c2093f3a23ad82ead119e2453e065\IAStorDataMgrSvc.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacomd\x86\novacomd.exe (Palm)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://213.61.220.42/cyber/WebApp.html"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012.06.03 18:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:55:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012.06.03 18:51:20 | 000,000,000 | ---D | M]
 
[2012.06.05 19:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Mozilla\Extensions
[2013.01.29 10:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Mozilla\Firefox\Profiles\u4bt0xz5.default\extensions
[2013.01.05 09:40:10 | 000,001,064 | ---- | M] () -- C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Mozilla\Firefox\Profiles\u4bt0xz5.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2012.06.05 19:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.05 19:55:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 17:33:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\CT2625848\ldrtbDVDV.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\CT2625848\ldrtbDVDV.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\CT2625848\ldrtbDVDV.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\MJ\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A0D87F5-B6BC-4B2C-A55E-29AA58CC71F2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phxzbypky) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.05 10:27:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.07 21:42:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MJ\Desktop\tools
[2013.02.04 08:41:37 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2013.02.04 08:21:22 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.04 08:21:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.04 08:21:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.04 08:21:15 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.29 07:42:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Malwarebytes
[2013.01.29 07:41:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.29 07:41:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.29 07:41:36 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.29 07:41:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.28 20:58:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.15 21:18:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MJ\Desktop\tmp
[2013.01.14 21:09:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
[2013.01.11 08:56:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Skype
[2013.01.11 08:56:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.01.11 08:56:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2013.01.11 08:56:30 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2013.01.11 08:56:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2011.10.11 09:07:37 | 003,623,592 | ---- | C] (Ask) -- C:\Programme\Gemeinsame Dateien\ApnToolbarInstaller.exe
[2011.10.11 09:07:37 | 000,143,240 | ---- | C] (Ask.com) -- C:\Programme\Gemeinsame Dateien\ApnStub.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.07 22:25:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.07 22:20:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.07 21:41:07 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013.02.07 21:36:44 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.07 21:36:18 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.07 21:36:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.07 19:31:33 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\MJ\Desktop\Outlook.lnk
[2013.02.06 20:33:59 | 000,495,834 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.06 20:33:59 | 000,475,642 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.06 20:33:59 | 000,091,468 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.06 20:33:59 | 000,076,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.04 08:21:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.04 08:21:00 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.04 08:21:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.04 08:20:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.04 08:20:59 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.02.04 08:20:58 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.02.04 08:20:58 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.02.03 11:24:40 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.02.02 12:29:33 | 000,000,583 | ---- | M] () -- C:\WINDOWS\System32\Verknüpfung mit mspaint.lnk
[2013.02.02 12:25:43 | 000,000,828 | ---- | M] () -- C:\Dokumente und Einstellungen\MJ\Desktop\mspaint.lnk
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013.01.29 07:53:39 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\MJ\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.01.29 07:53:12 | 000,001,009 | ---- | M] () -- C:\Dokumente und Einstellungen\MJ\Desktop\Dropbox.lnk
[2013.01.15 18:54:01 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.14 21:09:40 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
[2013.01.11 10:56:29 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.01.09 18:21:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.01.09 17:39:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 17:39:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.04 08:42:30 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.02.02 12:29:33 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\Verknüpfung mit mspaint.lnk
[2013.02.02 12:25:43 | 000,000,828 | ---- | C] () -- C:\Dokumente und Einstellungen\MJ\Desktop\mspaint.lnk
[2013.02.01 07:47:44 | 000,002,607 | ---- | C] () -- C:\Dokumente und Einstellungen\MJ\Desktop\Outlook.lnk
[2013.01.14 21:09:40 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
[2013.01.11 08:56:35 | 000,002,243 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.01.08 09:44:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.12 11:28:12 | 000,000,046 | ---- | C] () -- C:\WINDOWS\BRUNVPC.INI
[2012.06.11 22:40:34 | 000,420,904 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-861567501-484061587-1417001333-1005-0.dat
[2012.06.11 22:40:32 | 000,205,258 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.06 21:41:06 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.03 18:20:59 | 000,214,530 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2012.06.03 18:20:59 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2012.05.24 08:31:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\BRUNVPRNPC.EXE
[2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.05.09 07:06:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.12.12 12:01:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.12.12 12:01:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.10.11 10:01:09 | 000,661,408 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.10.11 09:07:38 | 000,444,283 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\WinPcapNmap.exe
[2011.10.04 16:45:44 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011.10.04 16:44:24 | 000,191,088 | ---- | C] () -- C:\WINDOWS\hppins10.dat
[2011.10.04 16:44:24 | 000,005,186 | ---- | C] () -- C:\WINDOWS\hppmdl10.dat
[2011.10.03 10:59:40 | 000,000,758 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011.10.03 10:58:42 | 000,000,623 | ---- | C] () -- C:\WINDOWS\System32\hppapr10.dat
[2011.09.13 10:35:13 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.09.12 09:46:35 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011.09.12 09:46:35 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011.09.12 09:46:34 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011.09.12 09:46:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\iglhsip32.dll
[2011.09.12 09:46:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\iglhcp32.dll
[2011.09.12 09:46:34 | 000,092,292 | ---- | C] () -- C:\WINDOWS\System32\igfcg500m.bin
[2011.09.12 09:46:34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011.09.12 09:44:43 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011.09.06 12:19:30 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.09.05 11:19:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.09.05 11:18:50 | 000,211,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.09.05 10:28:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.09.05 10:24:22 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.05.16 13:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
 
========== ZeroAccess Check ==========
 
[2011.09.09 12:02:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.06.21 19:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---
*****************************OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.02.2013 22:24:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\MJ\Desktop\tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 59,94% Memory free
3,78 Gb Paging File | 3,09 Gb Available in Paging File | 81,78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 189,14 Gb Free Space | 63,45% Space Free | Partition Type: NTFS
Drive E: | 7,47 Gb Total Space | 0,66 Gb Free Space | 8,82% Space Free | Partition Type: FAT32
 
Computer Name: JUSTFIT-4MOBIL | User Name: MJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, XnView Software - Free graphic and photo viewer, converter, organizer)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\TeamViewer\Version8\TeamViewer.exe" = C:\Programme\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderCP2020
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5F39441-3414-4db2-9A71-0BA8AB3CB16A}" = HP Color LaserJet CP2020 Series 1.0
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.942
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.13.1212
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ie8" = Windows Internet Explorer 8
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.14.1738" = Opera 12.14
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPcapInst" = WinPcap 4.1.1
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XnView_is1" = XnView 1.99
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2013 04:00:04 | Computer Name = JUSTFIT-4MOBIL | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 11.01.2013 04:00:05 | Computer Name = JUSTFIT-4MOBIL | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 11.01.2013 04:00:07 | Computer Name = JUSTFIT-4MOBIL | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 17.01.2013 07:35:58 | Computer Name = JUSTFIT-4MOBIL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 28.01.2013 10:14:45 | Computer Name = JUSTFIT-4MOBIL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 29.01.2013 02:51:24 | Computer Name = JUSTFIT-4MOBIL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 03.02.2013 05:49:18 | Computer Name = JUSTFIT-4MOBIL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 05.02.2013 03:17:12 | Computer Name = JUSTFIT-4MOBIL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 05.02.2013 11:08:23 | Computer Name = JUSTFIT-4MOBIL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 05.02.2013 15:31:35 | Computer Name = JUSTFIT-4MOBIL | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 1.1.9103.0, P3 1.143.1611.0, P4 1.143.1611.0, P5 000000a70000000a_ad22b85812d0bd830a32a6471fcc56eed2db2439,
 P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 30.01.2013 02:54:41 | Computer Name = JUSTFIT-4MOBIL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
 E02A82E1B5C3 wurde durch  den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 30.01.2013 12:55:21 | Computer Name = JUSTFIT-4MOBIL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.101 für die Netzwerkkarte mit der Netzwerkadresse
 E02A82E1B5C3 wurde durch  den DHCP-Server 10.1.1.11 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 03.02.2013 05:49:18 | Computer Name = JUSTFIT-4MOBIL | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.143.1339.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9103.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 05.02.2013 03:17:12 | Computer Name = JUSTFIT-4MOBIL | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.143.1463.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9103.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 05.02.2013 10:57:11 | Computer Name = JUSTFIT-4MOBIL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
 E02A82E1B5C3 wurde durch  den DHCP-Server 10.1.1.11 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 05.02.2013 11:08:22 | Computer Name = JUSTFIT-4MOBIL | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.143.1463.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9103.0     Fehlercode:
 0x80072efd     Fehlerbeschreibung: A connection with the server could not be established
 
 
Error - 06.02.2013 10:07:21 | Computer Name = JUSTFIT-4MOBIL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
 E02A82E1B5C3 wurde durch  den DHCP-Server 10.1.1.11 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 07.02.2013 08:00:02 | Computer Name = JUSTFIT-4MOBIL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
 E02A82E1B5C3 wurde durch  den DHCP-Server 10.1.1.11 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 07.02.2013 09:52:50 | Computer Name = JUSTFIT-4MOBIL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.1.1.50 für die Netzwerkkarte mit der Netzwerkadresse
 E02A82E1B5C3 wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 07.02.2013 14:01:19 | Computer Name = JUSTFIT-4MOBIL | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.63 für die Netzwerkkarte mit der Netzwerkadresse
 E02A82E1B5C3 wurde durch  den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

--- --- ---

t'john · 08.02.2013, 03:02

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL

O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\CT2625848\ldrtbDVDV.dll File not found 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\CT2625848\ldrtbDVDV.dll File not found 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\CT2625848\ldrtbDVDV.dll File not found 
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phxzbypky) - File not found 
[2011.10.11 09:07:37 | 003,623,592 | ---- | C] (Ask) -- C:\Programme\Gemeinsame Dateien\ApnToolbarInstaller.exe 
[2011.10.11 09:07:37 | 000,143,240 | ---- | C] (Ask.com) -- C:\Programme\Gemeinsame Dateien\ApnStub.exe 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\MJ\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\*.tmp
C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Temp\*.exe
C:\Dokumente und Einstellungen\MJ\*.exe
C:\Dokumente und Einstellungen\MJ\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\MJ\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\
ipconfig /flushdns /c
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

t'john · 06.04.2013, 13:17

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GVU Trojaner eingefangen und habe bereits mit OTL Bootdatei gebootet

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangen und habe bereits mit OTL Bootdatei gebootet