|
Plagegeister aller Art und deren Bekämpfung: Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.04.2013, 10:00 | #1 |
| Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Hallo, ich hab folgendes Problem. Beim Nutzen von Suchmaschinen mit egal welchem Browser werden korrekte Suchmaschinentreffer angezeigt. Aber beim raufklicken auf diese Suchtreffer werde ich immer zu anderen Seiten (nicht die Suchtreffen Seiten) umgeleitet. Auch wenn ich die Suchtrefferlinks durch rechte MAustaste kopiere und dann in einen neuen TAB einfüge passiert die ungewollte Weiterleitung auch. Das ist echt ne fiese Angelegenheit Ich hab schon Malwarebytes, Spybot, Spybot2, CCleaner etc. installiert und laufen lassen. Das ergab keine Besserung. Auch habe ich schon eine Woche alle möglichen Foren durchsucht nach Lösungen - bin nun bei euch hier gelandet. Habe aber mitbekommen das es wohl keine allgemeine Lösung oder einen Hotfix dafür gibt sondern nur individuelle Lösungen. Ich habe WinXP Sp3, Symantec Endpoint Protektion, Rechner ist in einer Domäne registriert. Andere Clientrechner haben das nicht. Könnt ihr mir bitte helfen, eine Browserbenutzung ist so fast nicht mehr möglich. Was soll ich jetzt machen? Vielen Dank im voraus... Lauersau |
29.04.2013, 10:28 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Hallo und
__________________Zitat:
Zitat:
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
29.04.2013, 14:32 | #3 |
| Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Vielen Dank für den Willkommensgruß...
__________________Also, nein das ist kein Büro PC. Wir sind hier in einer WG mit 5 Rechnern und eine Etage drunter noch mal 4 Rechner. Und wir haben einen alten Server mit windows Server 2003. Wir haben hier auch zwei Computerspezies, aber davon ist eine rnicht da - der andere weiß auch nicht was das fürn Hack is. Hier das Log vom gefühlten 4 Stunden Scan mit Malwarebytes von meinem Rechner: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.29.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 jens-uwe :: WXP016 [Administrator] Schutz: Aktiviert 29.04.2013 13:15:10 mbam-log-2013-04-29 (13-15-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 523504 Laufzeit: 2 Stunde(n), 8 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Grüße |
29.04.2013, 14:39 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Sind as alle Logs? Sinnvollerweise stellt man hier Logs mit Funden rein, wenn es denn welche gab
__________________ Logfiles bitte immer in CODE-Tags posten |
29.04.2013, 15:09 | #5 |
| Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Ähm, dann noch den hier von Spybot2 Code:
ATTFilter Search results from Spybot - Search & Destroy 29.04.2013 16:05:14 Scan took 00:25:51. 49 items found. Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon\ Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Babylon\ Directory.subfile=C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Babylon\log_file.txt Directory.subfile.size=3148 Directory.subfile.md5=70E6280C1CE378119D4682F3C8DB80BE Directory.subfile.filedate=1366642864 Directory.subfile.filedatetext=2013-04-22 17:01:03 Babylon.Toolbar: [SBI $0C3B54D0] Program directory (Directory, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\Babylon\ Directory.subfile=C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\b_latest.zpb Directory.subfile.size=458070 Directory.subfile.md5=5D97041313422D2AF3D49D942AFB8DF1 Directory.subfile.filedate=1366642861 Directory.subfile.filedatetext=2013-04-22 17:01:00 Claro.Toolbar: [SBI $0DD86C01] IE toolbar (Registry Value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\Z3HTGG2J\cdn.movad.net\movad.sol Properties.size=67 Properties.md5=BE73660FD661549AF0E95DC58D23EFF9 Properties.filedate=1366982068 Properties.filedatetext=2013-04-26 15:14:28 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\Z3HTGG2J\secureinclude.ebaystatic.com\ebayLSO.sol Properties.size=131 Properties.md5=7550CF6B8B17FCF4227CDA426960B014 Properties.filedate=1366960964 Properties.filedatetext=2013-04-26 09:22:43 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\Z3HTGG2J\secureinclude.ebaystatic.com\ebayT.sol Properties.size=39 Properties.md5=B43F43445AA3414DDC22EC80FBB22871 Properties.filedate=1366960964 Properties.filedatetext=2013-04-26 09:22:43 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\Z3HTGG2J\www.paypalobjects.com\paypalLSO.sol Properties.size=111 Properties.md5=83A375D5EE83E7FBC91E775C855DE2FA Properties.filedate=1367219760 Properties.filedatetext=2013-04-29 09:16:00 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\Z3HTGG2J\www.paypalobjects.com\ppLsoTest.sol Properties.size=48 Properties.md5=74EE4375686A2069414EEF13E7B62789 Properties.filedate=1367219728 Properties.filedatetext=2013-04-29 09:15:27 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\Z3HTGG2J\skype.com\#ui\preferences.sol Properties.size=233 Properties.md5=42CDF42F43949885519DC0A6B91F984A Properties.filedate=1367216494 Properties.filedatetext=2013-04-29 08:21:34 Common Dialogs: [SBI $8E73A7FB] History (20 files) (Registry Key, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Log: [SBI $8E73A7FB] Activity: SchedLgU.Txt (File, nothing done) C:\WINDOWS\SchedLgU.Txt Properties.size=32634 Properties.md5=68775823C81519B966BA79AABC754BF7 Properties.filedate=1367236924 Properties.filedatetext=2013-04-29 14:02:03 Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wbemcore.log (File, nothing done) C:\WINDOWS\System32\wbem\logs\wbemcore.log Properties.size=12320 Properties.md5=FF0C57FBF551E2BA8A1C7488F2A1E2EA Properties.filedate=1367240461 Properties.filedatetext=2013-04-29 15:01:01 Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wbemess.log (File, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Properties.size=18927 Properties.md5=55A5040F47AAB766070F4B6A86C8EECE Properties.filedate=1367244190 Properties.filedatetext=2013-04-29 16:03:10 Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wbemprox.log (File, nothing done) C:\WINDOWS\System32\wbem\logs\wbemprox.log Properties.size=714 Properties.md5=E64AD8BC670769019FBA9B5617C6331B Properties.filedate=1366985028 Properties.filedatetext=2013-04-26 16:03:48 Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Properties.size=1259 Properties.md5=816295361F14A41BC25F6C06E5B679CB Properties.filedate=1367234358 Properties.filedatetext=2013-04-29 13:19:17 Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Internet Explorer\TypedURLs MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name MS Office 10.0: [SBI $A0473B14] Access recent file (Registry Key, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Office\10.0\Access\Settings MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry Value, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Office\10.0\Word\Data\Settings MS Office 10.0 (Excel): [SBI $16D8675C] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Office\10.0\Excel\Recent Files Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Cookie: [SBI $49804B54] Browser: Cookie (44) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (1056) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (67) (Browser: History, nothing done) Cache: [SBI $49804B54] Browser: Cache (73) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (19) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (192) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (14) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (15) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (44) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (10) (Browser: Cache, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (192) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (3) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (32) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (20) (Browser: Cookie, nothing done) Verlauf: [SBI $49804B54] Browser: History (68) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (208) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (2) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done) Verlauf: [SBI $49804B54] Browser: History (296) (Browser: History, nothing done) --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) --- 2012-11-13 blindman.exe (2.0.12.151) 2012-11-13 explorer.exe (2.0.12.173) 2012-11-13 SDBootCD.exe (2.0.12.109) 2012-11-13 SDCleaner.exe (2.0.12.110) 2012-11-13 SDDelFile.exe (2.0.12.94) 2012-11-13 SDFiles.exe (2.0.12.135) 2012-11-13 SDFileScanHelper.exe (2.0.12.1) 2012-11-13 SDFSSvc.exe (2.0.12.205) 2012-11-13 SDImmunize.exe (2.0.12.130) 2012-11-13 SDLogReport.exe (2.0.12.107) 2012-11-13 SDPESetup.exe (2.0.12.3) 2012-11-13 SDPEStart.exe (2.0.12.86) 2012-11-13 SDPhoneScan.exe (2.0.12.27) 2012-11-13 SDPRE.exe (2.0.12.13) 2012-11-13 SDPrepPos.exe (2.0.12.10) 2012-11-13 SDQuarantine.exe (2.0.12.103) 2012-11-13 SDRootAlyzer.exe (2.0.12.116) 2012-11-13 SDSBIEdit.exe (2.0.12.39) 2012-11-13 SDScan.exe (2.0.12.173) 2012-11-13 SDScript.exe (2.0.12.53) 2012-11-13 SDSettings.exe (2.0.12.130) 2012-11-13 SDShred.exe (2.0.12.105) 2012-11-13 SDSysRepair.exe (2.0.12.101) 2012-11-13 SDTools.exe (2.0.12.150) 2012-11-13 SDTray.exe (2.0.12.127) 2012-11-13 SDUpdate.exe (2.0.12.89) 2012-11-13 SDUpdSvc.exe (2.0.12.76) 2012-11-13 SDWelcome.exe (2.0.12.126) 2012-11-13 SDWSCSvc.exe (2.0.12.2) 2013-04-22 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98) 2012-11-13 SDECon32.dll (2.0.12.113) 2012-11-13 SDEvents.dll (2.0.12.2) 2012-11-13 SDFileScanLibrary.dll (2.0.12.9) 2012-11-13 SDHelper.dll (2.0.12.88) 2012-11-13 SDImmunizeLibrary.dll (2.0.12.2) 2012-11-13 SDLists.dll (2.0.12.4) 2012-11-13 SDResources.dll (2.0.12.7) 2012-11-13 SDScanLibrary.dll (2.0.12.131) 2012-11-13 SDTasks.dll (2.0.12.15) 2012-11-13 SDWinLogon.dll (2.0.12.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2012-11-13 Tools.dll (2.0.12.36) 2012-11-13 UninsSrv.dll (2.0.12.52) 2012-12-18 Includes\Adware.sbi (*) 2013-04-17 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2012-11-14 Includes\Dialer.sbi (*) 2012-11-14 Includes\DialerC.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2012-11-14 Includes\Hijackers.sbi (*) 2012-11-14 Includes\HijackersC.sbi (*) 2012-11-14 Includes\iPhone.sbi (*) 2012-11-14 Includes\Keyloggers.sbi (*) 2012-12-18 Includes\KeyloggersC.sbi (*) 2012-11-21 Includes\Malware.sbi (*) 2013-04-17 Includes\MalwareC.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2013-04-17 Includes\PUPSC.sbi (*) 2012-11-14 Includes\Security.sbi (*) 2012-11-14 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2013-04-09 Includes\Spyware.sbi (*) 2013-04-09 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2013-01-16 Includes\Trojans.sbi (*) 2013-03-19 Includes\TrojansC-02.sbi (*) 2013-04-17 Includes\TrojansC-03.sbi (*) 2013-03-14 Includes\TrojansC-04.sbi (*) 2013-04-12 Includes\TrojansC-05.sbi (*) 2013-03-01 Includes\TrojansC.sbi (*) grüße |
29.04.2013, 15:22 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Hast du mein Anliegen nicht verstanden? Bevor neue Scans gemacht werden will ich alle schon vorhandenen Logs mit Funden sehen...hatte Malwarebytes nun etwas gefunden oder nicht?
__________________ --> Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten |
29.04.2013, 15:48 | #7 |
| Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten ... doch ich hab das doch verstanden. Menno, es waren immer 0 Fehler/Funde in den Logfiles von Malwarebyte. Aber dennoch werde ich von den Suchtreffern immer auf andere Seiten umgeleitet wenn ich draufklicke bei google. |
29.04.2013, 15:54 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Diese klare Aussage hab ich noch vermisst. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
30.04.2013, 09:14 | #9 |
| Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten So, als erstes wie beschrieben das log file von JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.3 (04.29.2013:2) OS: Microsoft Windows XP x86 Ran by jens-uwe on 30.04.2013 at 9:06:43,91 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] browser manager Failed to delete: [Service] browser manager ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\performersoft Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\claro ltd" Successfully deleted: [Folder] "C:\Programme\conduit" Successfully deleted: [Folder] "C:\Programme\savings sidekick" Successfully deleted: [Folder] "C:\Programme\specialsavings" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.04.2013 at 9:13:41,72 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.300 - Datei am 30/04/2013 um 09:16:53 erstellt # Aktualisiert am 28/04/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : jens-uwe - WXP016 # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\jens-uwe.HH\desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : SearchAnonymizer ***** [Dateien / Ordner] ***** Gelöscht mit Neustart : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\a55dd8fb769e515 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SpecialSavings Schlüssel Gelöscht : HKCU\Software\Claro LTD Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Savings Sidekick Schlüssel Gelöscht : HKLM\SOFTWARE\a55dd8fb769e515 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpecialSavings Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. -\\ Opera v12.11.1661.0 ************************* AdwCleaner[R1].txt - [5235 octets] - [30/04/2013 09:16:11] AdwCleaner[S1].txt - [4944 octets] - [30/04/2013 09:16:50] ########## EOF - Z:\AdwCleaner[S1].txt - [4944 octets] ########## OTL Code:
ATTFilter OTL logfile created on: 30.04.2013 09:42:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,80% Memory free 3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 113,58 Gb Free Space | 76,21% Space Free | Partition Type: NTFS Drive F: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Drive M: | 923,57 Gb Total Space | 903,98 Gb Free Space | 97,88% Space Free | Partition Type: NTFS Drive S: | 49,98 Gb Total Space | 48,26 Gb Free Space | 96,55% Space Free | Partition Type: NTFS Drive Z: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Computer Name: WXP016 | User Name: jens-uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\jens-uwe.HH\desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) PRC - C:\UPS\WSTD\UPSNA1Msgr.exe () PRC - C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\UPS\WSTD\UPSNA1Msgr.exe () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll () MOD - C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll () MOD - C:\UPS\WSTD\UPSResourceManager.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\ICQ\dll\mramenu.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\ssi2mlm.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\system32\redmonnt.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Programme\Spybot File not found SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation) SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130429.023\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130429.023\NAVENG.SYS (Symantec Corporation) DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (SSPORT) -- C:\WINDOWS\system32\drivers\SSPORT.sys (Samsung Electronics) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation) DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (k57w2k) -- C:\WINDOWS\system32\drivers\k57xp32.sys (Broadcom Corporation) DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042PR2) -- C:\WINDOWS\system32\drivers\L8042PR2.SYS (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{49BC12DF-D1B7-4E78-8D3F-9489BEBF5933}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{4CF787CA-B34D-447F-8DC5-EF5C212AD5DC}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{6B681554-66C2-45DC-8C03-8BC497B152F7}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{73D31A96-13DB-4C78-B477-B552CA39D74F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{A6772F5B-6A29-4C1F-AFF3-27C1220BD273}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{D2A4D64D-D14D-4E0D-A999-66E14E23B0FF}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 09:42:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,80% Memory free 3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 113,58 Gb Free Space | 76,21% Space Free | Partition Type: NTFS Drive F: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Drive M: | 923,57 Gb Total Space | 903,98 Gb Free Space | 97,88% Space Free | Partition Type: NTFS Drive S: | 49,98 Gb Total Space | 48,26 Gb Free Space | 96,55% Space Free | Partition Type: NTFS Drive Z: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Computer Name: WXP016 | User Name: jens-uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = SafariHTML] -- C:\Programme\Safari\Safari.exe (Apple Inc.) [HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) https [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== Ich weiß nicht ob dieses Umgeleite jetzt weg sein sollte, aber das "Redirecting" ist noch vorhanden. Nur so als Info. Grüße |
30.04.2013, 15:41 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Beide OTL-Logs sind unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2013, 08:17 | #11 |
| Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten Entschuldigung, hier nochmal die OTL logs OTL: Code:
ATTFilter OTL logfile created on: 30.04.2013 09:42:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,80% Memory free 3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 113,58 Gb Free Space | 76,21% Space Free | Partition Type: NTFS Drive F: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Drive M: | 923,57 Gb Total Space | 903,98 Gb Free Space | 97,88% Space Free | Partition Type: NTFS Drive S: | 49,98 Gb Total Space | 48,26 Gb Free Space | 96,55% Space Free | Partition Type: NTFS Drive Z: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Computer Name: WXP016 | User Name: jens-uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\jens-uwe.HH\desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) PRC - C:\UPS\WSTD\UPSNA1Msgr.exe () PRC - C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\UPS\WSTD\UPSNA1Msgr.exe () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll () MOD - C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll () MOD - C:\UPS\WSTD\UPSResourceManager.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\ICQ\dll\mramenu.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\ssi2mlm.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\system32\redmonnt.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Programme\Spybot File not found SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation) SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130429.023\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130429.023\NAVENG.SYS (Symantec Corporation) DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (SSPORT) -- C:\WINDOWS\system32\drivers\SSPORT.sys (Samsung Electronics) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation) DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (k57w2k) -- C:\WINDOWS\system32\drivers\k57xp32.sys (Broadcom Corporation) DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042PR2) -- C:\WINDOWS\system32\drivers\L8042PR2.SYS (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{49BC12DF-D1B7-4E78-8D3F-9489BEBF5933}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{4CF787CA-B34D-447F-8DC5-EF5C212AD5DC}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{6B681554-66C2-45DC-8C03-8BC497B152F7}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{73D31A96-13DB-4C78-B477-B552CA39D74F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{A6772F5B-6A29-4C1F-AFF3-27C1220BD273}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..\SearchScopes\{D2A4D64D-D14D-4E0D-A999-66E14E23B0FF}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6a44e1fc-e55f-4556-9bc9-bf78166e1574&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011.12.02 10:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.20 08:35:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} O1 HOSTS File: ([2013.04.22 16:37:13 | 000,447,215 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15355 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe () O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128..\Run: [icq] C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\icq.exe (ICQ) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS) O4 - Startup: C:\Dokumente und Einstellungen\jens-uwe.HH\Startmenü\Programme\Autostart\Versandhelfer.lnk = C:\Programme\Versandhelfer\Versandhelfer.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1 O7 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-57989841-1532298954-1417001333-2128\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB (Reg Error: Value error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252925802546 (MUWebControl Class) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.3 192.168.100.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hh.martechnic.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A15B09A-1CEB-4954-A511-222808D35D57}: DhcpNameServer = 192.168.100.3 192.168.100.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.16 21:18:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 09:41:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\OTL.exe [2013.04.30 08:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.04.30 08:48:21 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.30 08:46:31 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\JRT.exe [2013.04.29 11:45:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.29 11:45:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.29 11:45:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.04.29 08:30:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.04.29 08:30:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.04.29 08:30:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.04.26 09:21:00 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\jens-uwe.HH\Recent [2013.04.22 14:49:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2013.04.22 14:49:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 [2013.04.22 14:49:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013.04.22 14:49:38 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2013.04.22 13:49:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\Malwarebytes [2013.04.22 13:49:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.04.16 13:12:22 | 000,000,000 | ---D | C] -- C:\HP_P2055_default_install_v6.1_ww [2013.04.16 13:01:43 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppccompio.dll [2013.04.16 13:01:42 | 000,189,952 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmml140.dll [2013.04.16 13:01:42 | 000,164,352 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmja140.dll [2013.04.16 13:01:42 | 000,151,552 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpm081.dll [2013.04.16 13:01:42 | 000,128,512 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmtp140.dll [2013.04.16 13:01:42 | 000,096,768 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpmlm135.dll [2013.04.16 13:01:42 | 000,056,320 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpw081.dll [2013.04.16 13:01:42 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmnque.dll [2013.04.16 13:01:42 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmnndps.dll [2013.04.16 13:01:41 | 000,391,680 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpcpn140.dll [2013.04.16 13:01:41 | 000,113,152 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpcjpm.dll [2013.04.16 13:01:40 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\fxcompchannel.dll [2013.04.16 13:00:27 | 000,000,000 | ---D | C] -- C:\Drivers [2013.04.16 12:23:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP [2013.04.16 09:53:27 | 000,000,000 | ---D | C] -- C:\HP_P2050_full_solution_v6.1_AM-EMEA [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.30 09:41:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\OTL.exe [2013.04.30 09:28:03 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.04.30 09:23:18 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2013.04.30 09:23:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.30 09:23:10 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.04.30 09:23:10 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.04.30 09:21:06 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\piuordq.job [2013.04.30 09:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.30 09:20:23 | 2012,856,320 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 09:17:39 | 000,001,464 | RHS- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\ntuser.pol [2013.04.30 09:15:55 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\adwcleaner.exe [2013.04.30 08:46:36 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\JRT.exe [2013.04.29 16:25:44 | 000,000,172 | ---- | M] () -- C:\WINDOWS\wininit.ini [2013.04.29 16:02:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.29 11:45:54 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 11:50:42 | 001,185,863 | ---- | M] () -- \\MARTECHNICSRV\USERS$\jens-uwe\ServiceIntervallE90.pdf [2013.04.24 06:55:11 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.04.24 06:55:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.04.23 08:23:38 | 000,459,588 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.23 08:23:38 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.23 08:23:38 | 000,084,960 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.04.23 08:23:38 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.04.22 16:57:25 | 000,592,120 | ---- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\pcpholasetup.exe [2013.04.22 16:37:13 | 000,447,215 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.04.22 14:50:04 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.04.22 14:50:04 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.04.22 14:49:52 | 000,001,806 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.04.22 09:49:45 | 000,002,689 | ---- | M] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.04.16 16:31:36 | 000,094,208 | RHS- | M] () -- C:\WINDOWS\System32\wintrust9.dll [2013.04.16 14:05:22 | 000,000,561 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini [2013.04.16 13:12:20 | 046,847,480 | ---- | M] () -- \\MARTECHNICSRV\USERS$\jens-uwe\P2055_default_install_v6.1_ww.exe [2013.04.16 13:01:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HPMProp.INI [2013.04.16 13:00:08 | 016,951,168 | ---- | M] () -- \\MARTECHNICSRV\USERS$\jens-uwe\upd-pcl6-x32-5.6.0.14430.exe [2013.04.16 11:53:49 | 005,115,208 | ---- | M] () -- C:\HPPSdr.exe [2013.04.10 09:04:11 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.30 09:15:50 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\adwcleaner.exe [2013.04.29 11:45:54 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 11:50:40 | 001,185,863 | ---- | C] () -- \\MARTECHNICSRV\USERS$\jens-uwe\ServiceIntervallE90.pdf [2013.04.22 16:56:32 | 000,592,120 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\pcpholasetup.exe [2013.04.22 15:38:32 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013.04.22 14:50:04 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.04.22 14:50:04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.04.22 14:50:03 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.04.22 14:49:52 | 000,001,812 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk [2013.04.22 14:49:52 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.04.22 09:49:45 | 000,002,689 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.04.16 16:31:38 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\piuordq.job [2013.04.16 16:31:36 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\System32\wintrust9.dll [2013.04.16 13:11:55 | 046,847,480 | ---- | C] () -- \\MARTECHNICSRV\USERS$\jens-uwe\P2055_default_install_v6.1_ww.exe [2013.04.16 13:01:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2013.04.16 12:59:44 | 016,951,168 | ---- | C] () -- \\MARTECHNICSRV\USERS$\jens-uwe\upd-pcl6-x32-5.6.0.14430.exe [2013.04.16 11:53:25 | 005,115,208 | ---- | C] () -- C:\HPPSdr.exe [2013.03.11 14:08:08 | 000,000,284 | ---- | C] () -- C:\WINDOWS\GvSaveImage.ini [2013.03.11 14:08:08 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GeoLan.ini [2013.03.11 14:02:48 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.28 09:51:23 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2012.12.06 17:41:38 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe [2012.12.06 17:40:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll [2012.12.06 14:22:21 | 000,000,381 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\dpdhl.versandhelfer_state.xml [2012.05.03 09:04:56 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2012.05.03 08:55:18 | 000,000,561 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2012.05.03 08:53:02 | 000,093,406 | ---- | C] () -- C:\WINDOWS\hppins05.dat [2012.05.03 08:53:02 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat [2012.04.24 09:19:36 | 001,105,417 | ---- | C] () -- C:\WINDOWS\HPISExe.dat [2012.04.18 08:34:08 | 000,001,464 | RHS- | C] () -- C:\Dokumente und Einstellungen\jens-uwe.HH\ntuser.pol [2012.04.10 14:29:20 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssi2mlm.dll [2012.02.15 09:23:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.06 14:34:52 | 000,076,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.05.10 14:43:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.09.18 10:13:20 | 000,010,188 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== ZeroAccess Check ========== [2009.03.16 21:28:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 07:35:26 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 09:42:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,80% Memory free 3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 113,58 Gb Free Space | 76,21% Space Free | Partition Type: NTFS Drive F: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Drive M: | 923,57 Gb Total Space | 903,98 Gb Free Space | 97,88% Space Free | Partition Type: NTFS Drive S: | 49,98 Gb Total Space | 48,26 Gb Free Space | 96,55% Space Free | Partition Type: NTFS Drive Z: | 136,21 Gb Total Space | 5,22 Gb Free Space | 3,83% Space Free | Partition Type: NTFS Computer Name: WXP016 | User Name: jens-uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = SafariHTML] -- C:\Programme\Safari\Safari.exe (Apple Inc.) [HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) https [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation) "C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation) "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\hp_LJ_P2015_Full_Solution\setup\HPZnet01.exe" = C:\hp_LJ_P2015_Full_Solution\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard) "C:\hp_LJ_P2015_Full_Solution\setup\hppapd.exe" = C:\hp_LJ_P2015_Full_Solution\setup\hppapd.exe:*:Enabled:hppapd.exe -- () "C:\hp_LJ_P2015_Full_Solution\setup\hpntwkexe.exe" = C:\hp_LJ_P2015_Full_Solution\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe -- (Hewlett-Packard) "C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\icq.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Anwendungsdaten\ICQM\icq.exe:*:Enabled:ICQ -- (ICQ) "C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint01.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe -- (Hewlett-Packard) "C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint64.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe -- (Hewlett-Packard) "C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppnicifs01.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe -- () "C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hpbtpg.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe -- (Hewlet-Packard) "C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\LaunchApp.exe" = C:\HP_P2050_full_solution_v6.1_AM-EMEA\setup\LaunchApp.exe:*:Enabled:launchapp.exe -- (Hewlett Packard) "C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS7E2C\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS7E2C\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS2CD2\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS2CD2\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS45ED\HPDiagnosticCoreUI.exe" = C:\Dokumente und Einstellungen\jens-uwe.HH\Lokale Einstellungen\Temp\7zS45ED\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe -- (Hewlett-Packard) "C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe -- (Hewlett-Packard) "C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe -- () "C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe -- (Hewlet-Packard) "C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe" = C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe:*:Enabled:launchapp.exe -- (Hewlett Packard) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F68F89-FC69-CA21-EC2C-0BF8BAC84CE8}" = Versandhelfer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{1EB9429A-A874-4BF0-961D-BDAAFB1641A6}" = Microsoft SQL Server 2005 Backward compatibility "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FAF0F08-7120-4192-BF6A-B1EC7E26A935}" = UPSVCMM "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8 "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5540F934-06D9-4DCE-B7D4-93DBA58D0338}" = WorldShip "{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 "{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF "{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth "{7ECB87DE-FF47-4A8F-97FD-1024F7885BB3}" = FOSS "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp "{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC "{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM "{98C4DE92-27C8-482C-8431-514828756E80}" = Reconciler "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X "{B20A5104-24DD-4435-B965-ED84BE258F59}" = 32 Bit HP CIO Components Installer "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM "{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility "{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}" = ReportServer "{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting "{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System "{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E85B767C-AD1B-41FA-8CEF-C927ABB1D275}" = AlignmentUtility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4FDE018-28CF-47AC-9B01-E5F63D9F5BC1}" = ImpExpSafety "{FAAF59A3-4B9A-4B8F-A43F-821E8DA8DA95}" = WSShared "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12 "CCleaner" = CCleaner (remove only) "DiskAid_is1" = DiskAid 5.41 "dpdhl.versandhelfer" = Versandhelfer "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FreePDF_XP" = FreePDF (Remove only) "GIMP-2_is1" = GIMP 2.8.2 "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MODupRemover-E-MailDuplikateentfernen" = MODupRemover - Outlook E-Mail Duplikate entfernen "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Opera 12.11.1661" = Opera 12.11 "Pidgin" = Pidgin "Redirection Port Monitor" = RedMon - Redirection Port Monitor "UPS WorldShip" = UPS WorldShip "VLC media player" = VideoLAN VLC media player 0.8.6i "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-57989841-1532298954-1417001333-2128\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ICQ" = ICQ 8.0 (build 5990, für aktuellen Benutzer) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.04.2013 08:15:40 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711726 Description = Sicherheitsrisiko gefunden!Adware.Crossid in Datei: C:\Programme\Savings Sidekick\ButtonUtil.dll von: - Auto-Protect-Scan. Aktion: Isolieren erfolgreich. Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert. Error - 22.04.2013 08:15:42 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711685 Description = Risiko gefunden!Adware.Crossid in Datei: c:\programme\savings sidekick\buttonutil.dll von: - Auto-Protect-Scan. Aktion: Isolieren erfolgreich. Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert. Error - 22.04.2013 08:18:48 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711731 Description = Sicherheitsrisiko gefunden!Adware.Crossid in Datei: C:\Programme\Savings Sidekick\ButtonUtil.dll von: - Auto-Protect-Scan. Aktion: Isolieren erfolgreich : Zugriff verweigert. Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert. Error - 22.04.2013 08:38:03 | Computer Name = WXP016 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 22.04.2013 10:19:50 | Computer Name = WXP016 | Source = SescLU | ID = 13 Description = LiveUpdate returned a non-critical error. Available content updates may have failed to install. Error - 22.04.2013 10:40:30 | Computer Name = WXP016 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung WorldShipTD.exe, Version 16.0.31.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 22.04.2013 10:42:46 | Computer Name = WXP016 | Source = Application Hang | ID = 1001 Description = Fehlerhafter Speicherbereich -812496469. Error - 29.04.2013 07:35:00 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711726 Description = Sicherheitsrisiko gefunden!Adware.Gen in Datei: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\Quarantine\APQ30D.tmp von: - Auto-Protect-Scan. Aktion: Bereinigt durch Löschen. Beschreibung der Aktion: Die Datei wurde erfolgreich gelöscht. Error - 29.04.2013 07:35:38 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711731 Description = Sicherheitsrisiko gefunden!Adware.Gen in Datei: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\Quarantine\APQ30D.tmp von: - Auto-Protect-Scan. Aktion: Bereinigt durch Löschen. Beschreibung der Aktion: Die Datei wurde erfolgreich gelöscht. Error - 30.04.2013 03:17:01 | Computer Name = WXP016 | Source = Symantec AntiVirus | ID = 16711725 Description = SYMANTEC MANIPULATIONSSCHUTZ WARNMELDUNG Ziel: C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe Ereignisinformationen: Beenden Vorgang Durchgeführte Aktion: Protokolliert Angreifender Prozess: C:\Dokumente und Einstellungen\jens-uwe.HH\Desktop\adwcleaner.exe (PID 1876) Zeit: Dienstag, 30. April 2013 09:17:01 [ System Events ] Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst SearchAnonymizer. Error - 30.04.2013 03:04:49 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 30.04.2013 03:09:44 | Computer Name = WXP016 | Source = Print | ID = 23 Description = Der Drucker HP LaserJet 2200 #2 konnte nicht initialisiert werden, da der Treiber HP LaserJet P2015 Series PCL 5e nicht gefunden wurde. Error - 30.04.2013 03:23:03 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 30.04.2013 03:23:03 | Computer Name = WXP016 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 30.04.2013 03:25:30 | Computer Name = WXP016 | Source = EventLog | ID = 6004 Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig. Die Daten sind das Paket. Error - 30.04.2013 03:25:30 | Computer Name = WXP016 | Source = EventLog | ID = 6004 Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig. Die Daten sind das Paket. Error - 30.04.2013 03:47:31 | Computer Name = WXP016 | Source = Print | ID = 23 Description = Der Drucker HP LaserJet 2200 #2 konnte nicht initialisiert werden, da der Treiber HP LaserJet P2015 Series PCL 5e nicht gefunden wurde. < End of report > |
13.05.2013, 10:48 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen SeitenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten |
browser, ccleaner, fix, folge, foren, hotfix, infektion, installiert, malwarebytes, maus, neue, neuen, nicht mehr, nutzen, rechner, seite, seiten, sp3, spybot, suchmaschine, symantec, tab, ungewollte, weiterleitung, winxp |