| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimaleware-Doctor-Attacke und troj/FakeAV-***Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2010, 23:28
| #1 |
 |  Antimaleware-Doctor-Attacke und troj/FakeAV-*** Liebe Experten, nach vielen Stunden Arbeit und vielen hilfreichen Tipps hier aus dem Forum habe ich immer noch Probleme nach einer Antimaleware-Attacke und hoffe, dass ich hier Hilfe finde. Folgendes habe ich bereits getan: nach der Anleitung von Sophos im abgesicherten Modus gestartet und versucht die Trojaner manuell zu entfernen. Nachdem der Rechner 6 Stunden!!! dafür gebraucht hat, sollten alle Fieslinge entfernt sein. Doch beim normalen Start erwies sich dies als Fehlschluss. dann: rkill durchlaufen lassen dannach 2 mal Malwarebytes' Anti-Malware dann ccleaner dann rsit (s.u.) ach ja, zwischendurch habe ich noch eher zufällig über die Systemsteuerung -> software den AP Manager deinstalliert. Mein Problem ist folgendes: ich habe Sophos als Virenschutz, während der beiden Durchläufe von Malwarebytes' Anti Malware hat Sophos jedesmal Fehlermeldungen gegeben. In der Quarantäne sind auch nach dem 2. Durchlauf dort noch zwei Trojaner: FakeAV-BDW C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1143\A0773564.exe und FakeAV-BAG C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774723.dll von denen ich nicht weiß, wie ich sie loswerden soll. Vor dem zweiten Durchlauf habe ich versucht Sophos zu deaktivieren, dies ist mir jedoch nicht gelungen. Liegt die Fehlermeldung von Sophos nun daran, dass die beiden Programme sich nicht vertragen? Da ich wirklich wenig von PC-Interna verstehe, bin ich froh mit der Foren-Hilfe wenigstens soweit gekommen zu sein. Da ich aber jetzt nicht mehr weiter weiß, wäre es super, wenn mit jemand bei der Interpretation der Log-files helfen kann. Hier sind zunächst die Log-Dateien von Malwarebytes, und rist-log, auf Anfrage poste ich auch rsit-info (ist für ein Thema zu lang). Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4042 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 27.04.2010 19:36:48 mbam-log-2010-04-27 (19-36-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 259473 Laufzeit: 2 Stunde(n), 19 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 3 Infizierte Registrierungsschlüssel: 25 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 10 Infizierte Dateien: 18 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\wrpsiexd.dll (Trojan.Hiloti) -> Delete on reboot. C:\WINDOWS\system32\79c73821.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yctvvxhn.dll (Adware.EZlife) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e777c604-60ca-6283-6c03-aa644e7ed580} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e777c604-60ca-6283-6c03-aa644e7ed580} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CscrptXt.CscrptXt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{993d5f0b-b733-9e4a-5ef5-e387206345eb} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{993d5f0b-b733-9e4a-5ef5-e387206345eb} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b54055e1-984a-458f-8bbc-0a0cc44d07bf} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b54055e1-984a-458f-8bbc-0a0cc44d07bf} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6a3b97c-9769-45f0-9729-8a2c35db3ae0} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c6a3b97c-9769-45f0-9729-8a2c35db3ae0} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aquhes (Trojan.Hiloti) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apmanager.exe (Rogue.APManager) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wzuiqoerbp (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Programme\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Programme\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Programme\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Programme\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Programme\ezLife\ezLife\1.5.2.0 (Adware.EzLife) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\79c73821.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\wrpsiexd.dll (Trojan.Hiloti) -> Delete on reboot. C:\Dokumente und Einstellungen\***\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6\newupdate1142C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yctvvxhn.dll (Adware.EZlife) -> Delete on reboot. C:\Dokumente und Einstellungen\***\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6\hookdll.dll (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\stp04cbd.exe (Trojan.FraudTool) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\stp1f8ff.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\components\ffxShot.dll (Adware.Adrotator) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1144\A0773831.exe (Trojan.FraudTool) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1151\A0774405.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ybbt.tmp\svchost.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Programme\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully. C:\Programme\ezLife\ezLife\1.5.2.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\llscrhezpzq.dll (Trojan.Agent) -> Delete on reboot. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\wcraxsmnoe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dtpgypsa.dll (Trojan.BHO) -> Delete on reboot. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4042 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 27.04.2010 22:20:52 mbam-log-2010-04-27 (22-20-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 260622 Laufzeit: 2 Stunde(n), 12 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774723.dll (Rogue.Agent) -> Quarantined and deleted successfully. Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2010-04-27 23:26:42 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 31 GB (37%) free of 85 GB Total RAM: 1022 MB (49% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:26:57, on 27.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe c:\Programme\Sophos\AutoUpdate\ALsvc.exe C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Programme\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Samsung\DisplayManager\DisplayManager.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\Programme\Sophos\AutoUpdate\ALMon.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Windows Live\Contacts\wlcomm.exe C:\Programme\Java\jre6\bin\jucheck.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\trend micro\***.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://pm.profitizeme.biz/imprss/123go.php O1 - Hosts: 89.149.249.198 www.google.com O1 - Hosts: 89.149.249.198 www.google.de O1 - Hosts: 89.149.249.198 www.google.fr O1 - Hosts: 89.149.249.198 www.google.co.uk O1 - Hosts: 89.149.249.198 www.google.com.br O1 - Hosts: 89.149.249.198 www.google.it O1 - Hosts: 89.149.249.198 www.google.es O1 - Hosts: 89.149.249.198 www.google.co.jp O1 - Hosts: 89.149.249.198 www.google.com.mx O1 - Hosts: 89.149.249.198 www.google.ca O1 - Hosts: 89.149.249.198 www.google.com.au O1 - Hosts: 89.149.249.198 www.google.nl O1 - Hosts: 89.149.249.198 www.google.co.za O1 - Hosts: 89.149.249.198 www.google.be O1 - Hosts: 89.149.249.198 www.google.gr O1 - Hosts: 89.149.249.198 www.google.at O1 - Hosts: 89.149.249.198 www.google.se O1 - Hosts: 89.149.249.198 www.google.ch O1 - Hosts: 89.149.249.198 www.google.pt O1 - Hosts: 89.149.249.198 www.google.dk O1 - Hosts: 89.149.249.198 www.google.fi O1 - Hosts: 89.149.249.198 www.google.ie O1 - Hosts: 89.149.249.198 www.google.no O1 - Hosts: 89.149.249.198 www.google.ru O1 - Hosts: 89.149.249.198 www.google.ua O1 - Hosts: 89.149.249.198 www.google.pl O1 - Hosts: 89.149.249.198 www.google.ro O1 - Hosts: 89.149.249.198 www.google.co.nz O1 - Hosts: 89.149.249.198 www.google.in O1 - Hosts: 89.149.249.198 www.google.th O1 - Hosts: 89.149.249.198 www.google.tr O1 - Hosts: 89.149.249.198 www.google.hu O1 - Hosts: 89.149.249.198 www.google.cr O1 - Hosts: 89.149.249.198 www.google.lv O1 - Hosts: 89.149.249.198 www.google.lt O1 - Hosts: 89.149.249.198 www.google.bg O1 - Hosts: 89.149.249.198 www.google.be O1 - Hosts: 89.149.249.198 www.google.vn O1 - Hosts: 89.149.249.198 www.google.ve O1 - Hosts: 89.149.249.198 www.google.sw O1 - Hosts: 89.149.249.198 search.yahoo.com O1 - Hosts: 89.149.249.198 us.search.yahoo.com O1 - Hosts: 89.149.249.198 uk.search.yahoo.com O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DMLoader.exe O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4284AA5F-EAC1-43A8-95C2-5050604D007B}: NameServer = 132.252.3.10,132.252.1.7 O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC41B3B-6047-4906-9DA6-393D2C159AEE}: NameServer = 134.95.129.23,134.95.19.48 O17 - HKLM\System\CCS\Services\Tcpip\..\{70D88571-C811-4C97-BCCB-FCCB35F3CE9C}: NameServer = 132.252.3.10,132.252.1.7 O17 - HKLM\System\CS1\Services\Tcpip\..\{4284AA5F-EAC1-43A8-95C2-5050604D007B}: NameServer = 132.252.3.10,132.252.1.7 O17 - HKLM\System\CS2\Services\Tcpip\..\{4284AA5F-EAC1-43A8-95C2-5050604D007B}: NameServer = 132.252.3.10,132.252.1.7 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL O20 - Winlogon Notify: youja_ - C:\WINDOWS\SYSTEM32\youja_.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Programme\Sophos\AutoUpdate\ALsvc.exe O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 14638 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-17 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}] Sophos Web Content Scanner - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-02-07 240680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-12-19 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2008-12-19 136600] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-08 7340032] "nwiz"=nwiz.exe /install [] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696] "SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800] "SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204] "MagicKeyboard"=C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe [2005-04-11 151552] "farstone"= [] "RestoreIT!"=C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE [2004-09-23 114688] "DisplayManager"=C:\Programme\Samsung\DisplayManager\DMLoader.exe [2005-11-16 356352] "AVStation Premium 3.75"=C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe [2006-04-27 155648] "BatteryManager"=C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe [2006-04-25 2764800] "Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "B'sCLiP"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2006-05-30 700416] "Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328] ""= [] "IJNetworkScanUtility"=C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-11-19 128352] "CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624] "CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-06-17 198160] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-02-15 141608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792] "msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe AutoUpdate Monitor.lnk - C:\Programme\Sophos\AutoUpdate\ALMon.exe BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe MindManager PDF Writer.lnk - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-12-14 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\youja_] C:\WINDOWS\system32\youja_.dll [2010-04-26 5136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Java\jre1.6.0_07\bin\javaw.exe"="C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe"="C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*  isabled:SPSS Basic Script Editor""C:\Programme\SPSSInc\Statistics17\statistics.com"="C:\Programme\SPSSInc\Statistics17\statistics.com:* isabled:Statistics17:com""C:\Programme\SPSSInc\Statistics17\statistics.exe"="C:\Programme\SPSSInc\Statistics17\statistics.exe:* isabled:Statistics17:exe""C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\TEMP\lroy.tmp\svchost.exe"="C:\WINDOWS\TEMP\lroy.tmp\svchost.exe:*:Enabled:svchost" "\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06ea45e-508a-11df-b812-0013773101e5}] shell\AutoRun\command - E:\AUTORUN\setup.exe shell\open\command - E:\AUTORUN\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4c031af-36a1-11df-b7fb-0013773101e5}] shell\AutoRun\command - F:\AUTORUN\setup.exe shell\open\command - F:\AUTORUN\setup.exe ======File associations====== .js - open - "C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-04-27 23:26:43 ----D---- C:\Programme\trend micro 2010-04-27 23:26:42 ----D---- C:\rsit 2010-04-27 23:09:56 ----D---- C:\Programme\CCleaner 2010-04-27 17:06:24 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2010-04-27 17:06:12 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-27 17:06:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-04-27 14:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-04-27 14:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-04-27 14:52:25 ----D---- C:\WINDOWS\SxsCaPendDel 2010-04-27 14:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-04-27 14:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-04-27 14:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-04-27 14:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-04-27 14:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-04-26 18:16:38 ----A---- C:\LOGFILE.TXT 2010-04-26 17:58:00 ----A---- C:\WINDOWS\lsrslt.ini 2010-04-26 17:25:27 ----A---- C:\WINDOWS\system32\f773bb69.exe 2010-04-26 17:24:44 ----A---- C:\WINDOWS\system32\mgvgyvzpjrwycmkyf.exe 2010-04-26 15:23:55 ----A---- C:\WINDOWS\system32\youja_.dll 2010-04-25 23:13:16 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6 2010-04-25 19:18:44 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM 2010-04-25 18:45:19 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-04-19 16:34:04 ----RSH---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe 2010-03-31 22:59:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real ======List of files/folders modified in the last 1 months====== 2010-04-27 23:26:43 ----RD---- C:\Programme 2010-04-27 23:22:40 ----D---- C:\Programme\Mozilla Firefox 2010-04-27 23:16:35 ----D---- C:\WINDOWS\Temp 2010-04-27 23:16:35 ----D---- C:\WINDOWS\Minidump 2010-04-27 23:16:35 ----D---- C:\WINDOWS\Debug 2010-04-27 23:16:35 ----D---- C:\WINDOWS 2010-04-27 22:24:16 ----SH---- C:\cj.ini 2010-04-27 22:22:54 ----A---- C:\WINDOWS\ModemLog_SENS LT56ADW Modem.txt 2010-04-27 22:22:09 ----D---- C:\WINDOWS\system32\drivers 2010-04-27 22:21:32 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-04-27 20:01:31 ----SHD---- C:\WINDOWS\Installer 2010-04-27 20:01:31 ----D---- C:\Config.Msi 2010-04-27 20:01:29 ----SD---- C:\WINDOWS\Tasks 2010-04-27 19:43:29 ----D---- C:\WINDOWS\Prefetch 2010-04-27 19:38:53 ----D---- C:\WINDOWS\system32 2010-04-27 16:20:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-04-27 16:17:45 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EndNote 2010-04-27 16:01:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton 2010-04-27 16:01:50 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2010-04-27 16:01:08 ----D---- C:\Programme\Gemeinsame Dateien\Apple 2010-04-27 15:24:08 ----D---- C:\Programme\DVDVideoSoft 2010-04-27 15:24:07 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2010-04-27 15:22:12 ----D---- C:\Programme\SlySoft 2010-04-27 15:21:15 ----D---- C:\Programme\Elaborate Bytes 2010-04-27 15:18:58 ----D---- C:\Programme\Canon 2010-04-27 14:59:32 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-04-27 14:59:31 ----HD---- C:\WINDOWS\inf 2010-04-27 14:55:00 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-27 14:53:49 ----HD---- C:\WINDOWS\$hf_mig$ 2010-04-27 14:41:14 ----A---- C:\WINDOWS\win.ini 2010-04-27 14:34:09 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-26 09:32:10 ----SD---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft 2010-04-25 18:57:19 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ 2010-04-25 18:52:29 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Real 2010-04-20 00:07:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-16 00:48:12 ----D---- C:\Programme\Mozilla Thunderbird 2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe 2010-04-01 12:16:17 ----D---- C:\WINDOWS\system32\de-de 2010-04-01 12:16:16 ----D---- C:\Programme\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-02-26 110848] R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-02-26 38528] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-09-27 271360] R2 BsUDF;B.H.A UDF Filesystem; C:\WINDOWS\system32\drivers\BsUDF.sys [2006-05-30 165248] R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS [] R2 FBAPI;FBAPI; \??\C:\WINDOWS\system32\drivers\FBAPI.sys [] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-09-27 18048] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-25 140288] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960] R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-12-02 65016] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-10-02 126864] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-10-12 6912] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-08 3611168] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096] R3 wowfilter;WOW XT Filter Driver; C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 19456] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 AX88172;Belkin USB 2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AX88172.sys [2003-02-14 17648] S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-07-22 134272] S3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2005-12-02 328141] S3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-12-02 30363] S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-12-02 148488] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315] S3 Dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2002-04-03 18102] S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2002-04-03 49457] S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1354620] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SSB2413;SSB2413 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\SSB2413.sys [2006-01-16 470112] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SUEPD;SUE NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2005-05-24 19840] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-10-01 14976] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-19 152984] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-01-20 73728] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-08 143426] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2005-01-31 143360] R2 SAVAdminService;Sophos Anti-Virus Statusreporter; c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-11-02 80936] R2 SAVService;Sophos Anti-Virus; c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe [2008-10-01 98304] R2 SNM WLAN Service;SNM WLAN Service; C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; c:\Programme\Sophos\AutoUpdate\ALsvc.exe [2009-07-01 172032] R2 SRS_PostInstaller;SRS PostInstaller Service; C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [2005-11-28 31744] R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 Samsung Update Plus;Samsung Update Plus; C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2006-07-21 57344] S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-02-15 545576] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- Ich freue mich wirklich sehr über Hilfe!!  viele grüße mäander |
|
29.04.2010, 15:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Hallo und
__________________ Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
29.04.2010, 22:09
| #3 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Hallo cosinus,
__________________danke schon mal für die Unterstützung!! hier sind die scans: OTL logfile created on: 29.04.2010 22:57:03 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 510,00 Mb Available Physical Memory | 50,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,62 Gb Total Space | 30,28 Gb Free Space | 36,64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.) PRC - C:\Programme\SAMSUNG\AVStation Premium 3.75\AVSAgent.exe () PRC - C:\Programme\SAMSUNG\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\SAMSUNG\DisplayManager\DisplayManager.exe (SAMSUNG) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) PRC - C:\Programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\PAStiSvc.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) MOD - C:\WINDOWS\system32\mfc42u.dll (Microsoft Corporation) MOD - C:\Programme\SAMSUNG\AVStation Premium 3.75\KBDHook.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SAVAdminService) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (Sophos AutoUpdate Service) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SAVService) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (SRS_PostInstaller) -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe () SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc) DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc) DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\BsUDF.sys (CyberLink Corporation.) DRV - (BsStor) -- C:\WINDOWS\system32\drivers\BsStor.sys (Cyberlink Co.,Ltd.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys () DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys () DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (RITCPT) -- C:\WINDOWS\system32\drivers\RITCPT.SYS () DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys () DRV - (AX88172) -- C:\WINDOWS\system32\drivers\AX88172.sys (ASIX Electronics Corp.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\FTSER2K.SYS (FTDI Ltd.) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\FTDIBUS.SYS (FTDI Ltd.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15015&l=dis IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {02ffb056-3abb-320b-d592-c3921c590a22}:4.6.6.6 FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.17 20:55:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.25 23:13:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.01 21:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 00:47:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.06 15:21:26 | 000,000,000 | ---D | M] [2008.09.04 09:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.04.28 14:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions [2010.04.16 08:17:24 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.04.16 08:17:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.16 08:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\isreaditlater@ideashower.com [2010.04.26 07:01:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\toolbar@ask.com [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\askcom.xml [2010.04.26 00:06:28 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-1.xml [2008.07.06 23:16:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-2.xml [2008.07.09 14:32:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-3.xml [2008.08.02 12:21:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-4.xml [2008.08.07 20:10:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-5.xml [2008.08.11 18:16:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-6.xml [2008.08.22 22:09:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-7.xml [2008.08.24 18:25:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-8.xml [2008.08.25 10:52:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-9.xml [2008.04.25 19:10:00 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin.xml [2010.04.29 22:03:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.26 17:25:27 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22} [2009.09.04 14:00:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.09.04 14:00:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.09.04 14:00:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.11 13:33:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.09.04 14:00:45 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.26 15:23:55 | 000,002,154 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 89.149.249.198 www.google.com O1 - Hosts: 89.149.249.198 www.google.de O1 - Hosts: 89.149.249.198 www.google.fr O1 - Hosts: 89.149.249.198 www.google.co.uk O1 - Hosts: 89.149.249.198 www.google.com.br O1 - Hosts: 89.149.249.198 www.google.it O1 - Hosts: 89.149.249.198 www.google.es O1 - Hosts: 89.149.249.198 www.google.co.jp O1 - Hosts: 89.149.249.198 www.google.com.mx O1 - Hosts: 89.149.249.198 www.google.ca O1 - Hosts: 89.149.249.198 www.google.com.au O1 - Hosts: 89.149.249.198 www.google.nl O1 - Hosts: 89.149.249.198 www.google.co.za O1 - Hosts: 89.149.249.198 www.google.be O1 - Hosts: 89.149.249.198 www.google.gr O1 - Hosts: 89.149.249.198 www.google.at O1 - Hosts: 89.149.249.198 www.google.se O1 - Hosts: 89.149.249.198 www.google.ch O1 - Hosts: 89.149.249.198 www.google.pt O1 - Hosts: 89.149.249.198 www.google.dk O1 - Hosts: 89.149.249.198 www.google.fi O1 - Hosts: 89.149.249.198 www.google.ie O1 - Hosts: 89.149.249.198 www.google.no O1 - Hosts: 89.149.249.198 www.google.ru O1 - Hosts: 19 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\SAMSUNG\AVStation Premium 3.75\AVSAgent.exe () O4 - HKLM..\Run: [BatteryManager] C:\Programme\SAMSUNG\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [B'sCLiP] C:\Programme\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DisplayManager] C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe (SAMSUNG) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [farstone] File not found O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE (FarStone Tech. Inc.) O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKCU..\Run: [PowerBar] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99***-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - c:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe) - C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe () O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\youja_: DllName - youja_.dll - C:\WINDOWS\System32\youja_.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\alles\anke\fotos\frankreich_2007\Paris\IMG_0128.JPG O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.05 13:49:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{10cb6d60-***c8-11dd-b6ec-0013773101e5}\Shell - "" = AutoRun O33 - MountPoints2\{10cb6d60-***c8-11dd-b6ec-0013773101e5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{10cb6d60-***c8-11dd-b6ec-0013773101e5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{12b5415b-c63d-11dd-b6f6-0013773101e5}\Shell - "" = AutoRun O33 - MountPoints2\{12b5415b-c63d-11dd-b6f6-0013773101e5}\Shell\Auto\command - "" = E:\,.exe -- File not found O33 - MountPoints2\{12b5415b-c63d-11dd-b6f6-0013773101e5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{37a54290-4c5f-11de-b730-0013773101e5}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found O33 - MountPoints2\{aff37830-463f-11dc-b65c-008000009887}\Shell - "" = AutoRun O33 - MountPoints2\{aff37830-463f-11dc-b65c-008000009887}\Shell\Auto\command - "" = RavMon.exe O33 - MountPoints2\{aff37830-463f-11dc-b65c-008000009887}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.29 22:18:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.28 14:29:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.27 23:26:43 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.27 23:26:42 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.27 23:09:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.27 17:06:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.27 17:06:12 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.27 14:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2010.04.25 18:45:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.31 22:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.29 22:18:09 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.29 22:11:59 | 000,000,073 | -HS- | M] () -- C:\cj.ini [2010.04.29 22:11:52 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2010.04.29 22:11:48 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.04.29 22:11:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.29 21:57:26 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.04.29 21:55:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.29 21:55:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.29 21:55:39 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys [2010.04.28 17:59:22 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.04.28 17:59:22 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.04.27 19:39:47 | 001,558,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.04.27 17:06:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.27 16:14:43 | 000,050,994 | ---- | M] () -- C:\WINDOWS\System32\mgvgyvzpjrwycmkyf.exe [2010.04.27 14:41:14 | 000,000,956 | ---- | M] () -- C:\WINDOWS\win.ini [2010.04.27 10:54:06 | 000,069,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.04.26 17:58:00 | 000,001,999 | ---- | M] () -- C:\WINDOWS\lsrslt.ini [2010.04.26 17:25:27 | 000,096,704 | ---- | M] () -- C:\WINDOWS\System32\f773bb69.exe [2010.04.26 15:23:55 | 000,005,136 | ---- | M] () -- C:\WINDOWS\System32\youja_.dll [2010.04.20 00:07:11 | 000,736,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.04.20 00:07:11 | 000,321,606 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.04.20 00:07:11 | 000,315,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.04.20 00:07:11 | 000,050,046 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.04.20 00:07:11 | 000,041,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.04.19 16:33:57 | 000,107,520 | RHS- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe [2010.04.16 00:38:31 | 001,227,776 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt [2010.04.16 00:37:29 | 003,196,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt [2010.04.16 00:36:28 | 000,804,377 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf [2010.04.16 00:36:14 | 001,224,593 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf [2010.04.11 22:56:35 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.04.01 19:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.01 08:36:56 | 000,951,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf [2010.04.01 08:36:32 | 000,049,099 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf [2010.04.01 08:36:19 | 000,029,955 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf [2010.04.01 08:36:15 | 000,043,571 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf [2010.04.01 02:01:25 | 000,002,120 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml [2010.04.01 01:48:31 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf [2010.04.01 01:33:30 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.27 17:06:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.27 06:55:14 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys [2010.04.26 17:58:00 | 000,001,999 | ---- | C] () -- C:\WINDOWS\lsrslt.ini [2010.04.26 17:25:27 | 000,096,704 | ---- | C] () -- C:\WINDOWS\System32\f773bb69.exe [2010.04.26 17:24:44 | 000,050,994 | ---- | C] () -- C:\WINDOWS\System32\mgvgyvzpjrwycmkyf.exe [2010.04.26 15:23:55 | 000,005,136 | ---- | C] () -- C:\WINDOWS\System32\youja_.dll [2010.04.25 23:37:56 | 000,107,520 | RHS- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe [2010.04.16 00:38:31 | 001,227,776 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt [2010.04.16 00:37:28 | 003,196,416 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt [2010.04.16 00:36:28 | 000,804,377 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf [2010.04.16 00:36:11 | 001,224,593 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf [2010.04.01 08:36:54 | 000,951,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf [2010.04.01 08:36:32 | 000,049,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf [2010.04.01 08:36:19 | 000,029,955 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf [2010.04.01 08:36:14 | 000,043,571 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf [2010.04.01 02:01:23 | 000,002,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml [2010.04.01 01:48:30 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf [2010.04.01 01:33:29 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf [2009.10.09 16:48:27 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Fabi_KBD.ini [2009.07.27 11:53:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll [2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll [2009.02.22 20:10:01 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll [2008.10.16 12:54:54 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL [2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll [2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll [2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll [2008.05.26 22:18:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2008.05.26 22:18:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008.01.03 02:59:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.10.12 22:56:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2007.10.12 20:16:21 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2007.09.27 21:45:34 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.09.27 21:45:33 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.09.15 10:06:12 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\worst case_KBD.ini [2007.04.13 11:30:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007.03.08 11:50:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007.02.04 12:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.02.04 12:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2007.02.04 12:08:44 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll [2007.02.04 12:08:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll [2007.02.04 12:06:49 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2007.02.04 12:06:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2007.02.04 12:05:05 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670G.ini [2007.02.04 01:36:31 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini [2007.02.03 21:06:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.11.23 08:33:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.11.10 10:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2006.11.10 10:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.05.23 03:58:19 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.05.23 03:58:19 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.05.23 03:58:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.05.23 03:58:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.05.23 03:58:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.05.22 19:07:49 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2006.05.22 19:07:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2006.05.22 19:07:46 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS [2006.05.22 19:07:43 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys [2006.05.22 19:06:48 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2006.05.22 19:06:46 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2006.05.22 19:06:46 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2006.05.22 19:06:46 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2006.05.22 19:06:46 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2006.05.22 19:06:46 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2006.05.22 19:06:46 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2006.05.22 19:06:46 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2006.05.22 19:06:46 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2006.05.22 19:06:46 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2006.05.22 19:06:46 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2006.05.22 19:06:46 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2006.05.22 19:06:46 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2006.05.22 19:06:03 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini [2006.05.22 19:04:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.04.05 22:32:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.04.05 14:16:23 | 000,004,300 | R--- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll [2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll [2005.12.02 15:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.11.28 12:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.11.28 12:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys [2005.11.28 12:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll < End of report > |
|
29.04.2010, 22:11
| #4 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** ... hier der zweite, war zu viel für eine Antwort ... OTL Extras logfile created on: 29.04.2010 22:57:03 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 510,00 Mb Available Physical Memory | 50,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,62 Gb Total Space | 30,28 Gb Free Space | 36,64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) .js [@ = JSFile] -- C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) jsfile [open] -- "C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:* isabled:SPSS Basic Script Editor -- (SPSS Inc.)"C:\Programme\SPSSInc\Statistics17\statistics.com" = C:\Programme\SPSSInc\Statistics17\statistics.com:* isabled:Statistics17:com -- (SPSS Inc.)"C:\Programme\SPSSInc\Statistics17\statistics.exe" = C:\Programme\SPSSInc\Statistics17\statistics.exe:* isabled:Statistics17:exe -- (SPSS Inc.)"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\WINDOWS\TEMP\lroy.tmp\svchost.exe" = C:\WINDOWS\TEMP\lroy.tmp\svchost.exe:*:Enabled:svchost -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2 "{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus "{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate "{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager "{176130BC-99A1-41FE-A78B-56045E33AD70}" = Cisco Systems VPN Client 4.8.02.0010 "{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}" = Management Center "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension "{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0 "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B567E98-126E-4CD0-BF9B-163345BF7852}" = MindManager X5 Pro "{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A48A8684-A104-44DA-B3DF-0178A125D8D9}" = WOW XT and TSXT Filter Driver "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox "{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch "{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1 "{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75 "{BD3443D9-2294-4D47-9A51-4170FE357C6F}" = WinSTAT "{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard "{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 1.0 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D379964B-685C-44D5-AE46-C953A9FEEA14}" = EPSON Photo Print "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord "{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "{EB145CEA-998F-4C9D-AEF7-B4DBBD217DAF}" = F5U216 "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = SENS LT56ADW Modem "Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung "Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000 "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "CUEcards 2000" = CUEcards 2000 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "f4" = f4 3.0.3 "f773bb69" = Contextual Tool Profitmuse "FileZilla" = FileZilla (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "FTDICOMM" = FTDI USB Serial Converter Drivers "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Indeo® Software" = Indeo® Software "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75 "InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6 Gold "InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "InstallShield_{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "Kalenderchen_is1" = Kalenderchen 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MAXQDA2007" = MAXQDA2007 (R290908) "mgvgyvzpjrwycmkyf" = Performance Maximizer Profitizeme "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "MP Navigator EX 1.1" = Canon MP Navigator EX 1.1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "ProInst" = Intel(R) PROSet/Wireless Software "PROPLUS" = Microsoft Office Professional Plus 2007 "RealPlayer 6.0" = RealPlayer "RestoreIT!" = Recover Pro "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.04.2010 18:50:32 | Computer Name = *** | Source = MsiInstaller | ID = 11606 Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606. Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich. Error - 15.04.2010 18:50:32 | Computer Name = *** | Source = MsiInstaller | ID = 11606 Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606. Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich. Error - 15.04.2010 18:50:32 | Computer Name = *** | Source = MsiInstaller | ID = 1024 Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security Update for Publisher 2003 (KB980469): MSPUB" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error - 15.04.2010 18:50:42 | Computer Name = *** | Source = MsiInstaller | ID = 11606 Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606. Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich. Error - 15.04.2010 18:50:42 | Computer Name = *** | Source = MsiInstaller | ID = 11606 Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606. Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich. Error - 15.04.2010 18:50:42 | Computer Name = *** | Source = MsiInstaller | ID = 1024 Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security Update for PowerPoint 2003 (KB976881): POWERPNT" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error - 25.04.2010 12:47:14 | Computer Name = *** | Source = Sophos Anti-Virus | ID = 131073 Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert. MessageResDSFactory kann nicht ausgegeben werden. Error - 25.04.2010 12:47:14 | Computer Name = *** | Source = Sophos Anti-Virus | ID = 131073 Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert. MessageResDSFactory kann nicht ausgegeben werden. Error - 27.04.2010 05:45:12 | Computer Name = *** | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6, faulting module mso.dll, version 12.0.6425.1000, stamp 49d65443, debug? 0, fault address 0x000fb8e0. Error - 27.04.2010 08:25:26 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17023, fehlgeschlagenes Modul flash9.ocx, Version 9.0.16.0, Fehleradresse 0x0017995d. [ OSession Events ] Error - 13.12.2007 11:16:29 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13634 seconds with 5400 seconds of active time. This session ended with a crash. Error - 18.12.2007 16:38:41 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81618 seconds with 2820 seconds of active time. This session ended with a crash. Error - 21.12.2007 05:47:43 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 217901 seconds with 7680 seconds of active time. This session ended with a crash. Error - 23.12.2007 16:04:25 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 209761 seconds with 2880 seconds of active time. This session ended with a crash. Error - 18.01.2008 19:08:33 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 839439 seconds with 32820 seconds of active time. This session ended with a crash. Error - 07.06.2008 13:37:39 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 475771 seconds with 12240 seconds of active time. This session ended with a crash. Error - 25.01.2009 20:56:37 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 317323 seconds with 27060 seconds of active time. This session ended with a crash. Error - 18.03.2009 05:05:26 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 178 seconds with 120 seconds of active time. This session ended with a crash. Error - 13.05.2009 14:23:29 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114392 seconds with 11400 seconds of active time. This session ended with a crash. Error - 27.04.2010 05:44:25 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3035 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 28.04.2010 09:53:24 | Computer Name = *** | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 28.04.2010 09:53:24 | Computer Name = *** | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 28.04.2010 09:53:24 | Computer Name = *** | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 28.04.2010 11:19:34 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.04.2010 11:19:50 | Computer Name = *** | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 28.04.2010 11:19:50 | Computer Name = *** | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 29.04.2010 15:55:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.04.2010 15:56:07 | Computer Name = *** | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 29.04.2010 15:56:07 | Computer Name = *** | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 29.04.2010 16:01:24 | Computer Name = *** | Source = Windows Update Agent | ID = 16 Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht, eine Verbindung herzustellen. < End of report > |
|
30.04.2010, 12:12
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O4 - HKLM..\Run: [farstone] File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [PowerBar] File not found
O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe) - C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe ()
O20 - Winlogon\Notify\youja_: DllName - youja_.dll - C:\WINDOWS\System32\youja_.dll ()
[2010.04.27 16:14:43 | 000,050,994 | ---- | M] () -- C:\WINDOWS\System32\mgvgyvzpjrwycmkyf.exe
[2010.04.26 17:58:00 | 000,001,999 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010.04.26 17:25:27 | 000,096,704 | ---- | M] () -- C:\WINDOWS\System32\f773bb69.exe
[2010.04.26 15:23:55 | 000,005,136 | ---- | M] () -- C:\WINDOWS\System32\youja_.dll
[2010.04.19 16:33:57 | 000,107,520 | RHS- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.04.2010, 23:54
| #6 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** hallo, hier ist das log-file (wieder anonymisiert ;-) ) (ich muss allerdings gestehen, dass ich vergessen habe, den editor, in den ich deine anleitung kopiert habe, zu schließen. soll ich alles nochmal wiederholen?) viele grüße und danke, danke, danke!!! anke All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\farstone deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PowerBar deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\youja_\ deleted successfully. C:\WINDOWS\system32\youja_.dll moved successfully. C:\WINDOWS\system32\mgvgyvzpjrwycmkyf.exe moved successfully. C:\WINDOWS\lsrslt.ini moved successfully. C:\WINDOWS\system32\f773bb69.exe moved successfully. File C:\WINDOWS\System32\youja_.dll not found. File C:\Dokumente und Einstellungen\a1\Anwendungsdaten\nljf.exe not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: *** ->Temp folder emptied: 299031324 bytes ->Temporary Internet Files folder emptied: 772926313 bytes ->Java cache emptied: 33883662 bytes ->FireFox cache emptied: 68789228 bytes ->Apple Safari cache emptied: 18232084 bytes ->Flash cache emptied: 78977 bytes User: All Users User: *** ->Temp folder emptied: 1116 bytes ->Temporary Internet Files folder emptied: 3551141 bytes ->Flash cache emptied: 348 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: *** ->Temp folder emptied: 5454148 bytes ->Temporary Internet Files folder emptied: 153916 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 73783144 bytes ->Flash cache emptied: 2364 bytes User: *** ->Temp folder emptied: 126166 bytes ->Temporary Internet Files folder emptied: 163207 bytes ->FireFox cache emptied: 2895407 bytes User: LocalService ->Temp folder emptied: 66268 bytes ->Temporary Internet Files folder emptied: 50513 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 479702271 bytes User: *** ->Temp folder emptied: 223 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1677765 bytes %systemroot%\System32 .tmp files removed: 4148615 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 74713200 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.754,00 mb OTL by OldTimer - Version 3.2.3.0 log created on 05012010_003745 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
01.05.2010, 00:03
| #7 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** ich habe immer noch ein problem mit einem sich im browser automatisch öffnenden fester (bootcamp), obwohl popups im browser ausgeschaltet sind ... hat das was mit der antimalware-doctor-attacke zu tun oder ist das ein isoliertes problem? ich nutze firefox als browser (allerdings bin ich nicht der ständige nutzer des rechners, da ich nun auf mac umgestiegen bin und den alten micro-rechner meinem sohn überlassen habe. weiß daher auch nicht so genau, was er alles umgestellt hat ...  |
|
01.05.2010, 14:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware-Doctor-Attacke und troj/FakeAV-*** ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2010, 15:47
| #9 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Hallo Arne, habe alles gemache, kann nur nicht antworten, die Verbindung zum Server wird immer zurückgesetzt. Ich versuche es jetzt mal ohne den scan ... VG Anke |
|
01.05.2010, 15:50
| #10 | |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-***Zitat:
pfff, geht wieder nicht, was mache ich falsch? Welche Möglichkeit habe ich noch, den scan zu schicken? vg anke |
|
01.05.2010, 18:04
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Lad das Log zB hier hoch => File-Upload.net
__________________ Logfiles bitte immer in CODE-Tags posten |
wurde wiederhergestellt 
Linear-Darstellung
