| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Merkwürdiger Fiesling. Brauche Euch.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.04.2010, 10:44
| #1 |
 |  Merkwürdiger Fiesling. Brauche Euch. Vor einigen Tagen hat Trendmicro Officescan "bredolab.cj" auf meinem PC gemeldet und gelöscht. Trendmicro und Add-Aware melden nun keinen Befall mehr. Der PC hat jedoch ein merkwürdiges Verhalten. 1. Der Ausdruck "windowsupdate" darf jetzt nicht mehr in einer Url vorkommen. - Windowsupdate funktioniert nicht mehr - man kann nach dem Ausdruck "windowsupdate" nicht mehr suchen (z.B. Google, soblad des Ausduck vorkommt, kann die Website nicht mehr angezeigt werden) - das Verhalten ist auch bei Verwendung alternativer Browser (z,B, Firefox) gleich 2. Unter Software / Windows Xp Softwareupdates steht bei: - Windows Genuine Advantage Validation Tool und - Windows Genuine Advantage Notification "das Update wurde entfernt" (keine Ahnung ob korrekt oder Zusammenhang besteht) Anti-Malware hat einiges entfernt und ist jetzt "sauber" Wer kann mit helfen den Fiesling zu jagen? Vielen, vielen Dank. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.04.2010 10:12:02 mbam-log-2010-04-30 (10-12-02).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 239705 Laufzeit: 12 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 4 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\BILEVSE (Rogue.RegTidy) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\BILEVSE (Rogue.RegTidy) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\BILEVSE\RegistryConvoy2009 (Rogue.RegTidy) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\BILEVSE\RegistryConvoy2009\Backup (Rogue.RegTidy) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\BILEVSE\RegistryConvoy2009\Backup\Registry (Rogue.RegTidy) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\BILEVSE\RegistryConvoy2009\Backup\Registry\20100428160050.reg (Rogue.RegTidy) -> Quarantined and deleted successfully. C:\a.txt (Worm.Traces) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch.lnk (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\1.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Helper\bin\liveu.exe (Trojan.Agent) -> Quarantined and deleted successfully. info.txt logfile of random's system information tool 1.06 2010-04-30 10:23:10 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe" Acronis Backup Server-->MsiExec.exe /X{5B3D81A5-0200-4CEA-813D-E0EDD81A6421} Acronis True Image Enterprise Server-->MsiExec.exe /X{378F9A62-061E-4368-AA0A-1BA004772E98} Acronis*True*Image Management*Console-->MsiExec.exe /X{EFA95CB7-E4E5-41EF-BE0D-8BC341A71E9A} Acronis*True*Image*Agent-->MsiExec.exe /X{AF2004E4-4AB9-4C6F-97C7-14170658E591} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Advanced IP Scanner v1.5-->C:\Programme\Advanced IP Scanner\uninstal.exe AFPL Ghostscript 8.54-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.54\uninstal.txt" AFPL Ghostscript Fonts-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt" ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3} ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8} AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6} B-COMM WIN32-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EBA6DE49-6431-11D2-AA7D-00AA000D6517}\setup.exe" -uninst Beyond Compare Version 2.4.3-->"C:\Programme\Beyond Compare 2\unins000.exe" Bürkert Electronic Tools 2007-->C:\PROGRA~1\Buerkert\UNWISE.EXE C:\PROGRA~1\Buerkert\elKat.LOG Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799} CCleaner-->"C:\Programme\CCleaner\uninst.exe" CollabNet Subversion Server 1.5.5-->C:\Programme\Subversion\uninst.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} CorelDRAW 10-->C:\WINDOWS\Corel\uninst32.exe CorelDRAW 10-->MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD} DebugMode Wink-->"C:\Programme\AP-AG\APTools\Wink\uninst.exe" FileZilla Client 3.2.4.1-->C:\Programme\FileZilla FTP Client\uninstall.exe FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r gateProtect Administration Client 7.0-->C:\Programme\gateProtect\Administration Client\7.0\bin\Uninstall.exe GSview 4.9-->C:\Programme\Ghostgum\gsview\uninstgs.exe "C:\Programme\Ghostgum\gsview\uninstal.txt" HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall HiPath 3000 Manager C 68.50.259.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{292A9286-58C7-11D4-9882-005004EDBBBD}\Setup.exe" Hotfix 3282 for SQL Server Analysis Services 2005 ENU (KB953752)-->C:\WINDOWS\OLAP9_KB953752_ENU\Hotfix.exe /Uninstall Hotfix 3282 for SQL Server Database Services 2005 ENU (KB953752)-->C:\WINDOWS\SQL9_KB953752_ENU\Hotfix.exe /Uninstall Hotfix 3282 for SQL Server Integration Services 2005 ENU (KB953752)-->C:\WINDOWS\DTS9_KB953752_ENU\Hotfix.exe /Uninstall Hotfix 3282 for SQL Server Reporting Services 2005 ENU (KB953752)-->C:\WINDOWS\RS9_KB953752_ENU\Hotfix.exe /Uninstall Hotfix 3282 for SQL Server Tools and Workstation Components 2005 ENU (KB953752)-->C:\WINDOWS\SQLTools9_KB953752_ENU\Hotfix.exe /Uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" ImgBurn-->"C:\Programme\ImgBurn\uninstall.exe" iPF700 Printer Driver Extra Kit-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{65F75F96-C727-45F7-A657-135BE84ADE30}\setup.exe" -l0x7 IPView SE-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D1A7A01E-64FD-4A6E-B83B-0550043E3D23}\Setup.exe" -l0x9 Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003} Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852} Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java(TM) SE Development Kit 6 Update 2-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020} LV - Fest-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A16F0B20-0873-11D8-BCE6-0004757C401B}\setup.exe" -l0x7 -uninst -removeonly LV - Festigkeit-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C05478D2-CE74-4996-903C-438C471D92C4}\SETUP.EXE" -l0x7 -uninst -removeonly LV - Waerme_8.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0D88C160-1C2A-11D8-BCE6-0004757C401B}\setup.exe" -l0x7 -uninst -removeonly LV - Waerme_8.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{16E6F36B-3CDC-4BDF-8D46-4B2241A63DFF}\SETUP.EXE" -l0x7 -uninst -removeonly Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" MeinPlatz-->C:\Programme\MeinPlatz\MeinPlatz.exe -uninstall Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Device Emulator Version 1.0 - DEU-->MsiExec.exe /X{88F93A2E-A2F3-4C36-B3D3-EEB274AA2C1C} Microsoft Document Explorer 2005 Language Pack - DEU-->C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - DEU\install.exe Microsoft Document Explorer 2005 Language Pack - DEU-->MsiExec.exe /X{4B6E1EA9-4704-4750-868A-AEB398168DA6} Microsoft Document Explorer 2005-->C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1} Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40407-6000-11D3-8CFE-0150048383C9} Microsoft Office Outlook 2003-->MsiExec.exe /I{90E00407-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0407-0000-0000000FF1CE} Microsoft Office XP Professional-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server 2005 Analysis Services-->MsiExec.exe /I{1CED66E1-A5AE-48A6-A8C3-1656FA2494AE} Microsoft SQL Server 2005 Integration Services-->MsiExec.exe /I{FC29CDDE-D1AD-426F-81D8-38B23470DB3E} Microsoft SQL Server 2005 Mobile [DEU] Developer Tools-->MsiExec.exe /X{A6F6725C-12C3-42B5-9647-8668E1BEE2D2} Microsoft SQL Server 2005 Reporting Services-->MsiExec.exe /I{A6B17FC6-FEF1-4306-9D51-44AF7E82C5D9} Microsoft SQL Server 2005-->"c:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server 2005-->MsiExec.exe /I{1A651F74-9351-4A0B-B4B7-6ED7637E4F67} Microsoft SQL Server 2005-Abwärtskompatibilität-->MsiExec.exe /I{317587A3-A8A0-4EEE-8C02-62595A879E7B} Microsoft SQL Server Native Client-->MsiExec.exe /I{1D1D8ADC-BF08-4E61-9393-5FA305B16864} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{5C759B74-34F4-43C6-A5D9-039CB754C5E9} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual J# 2.0 Redistributable Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Language Pack - DEU\install.exe Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Microsoft Visual Studio 2005 Premier Partner Edition - DEU-->MsiExec.exe /I{8ACBD00C-9999-49E5-8E46-95EB392BC81B} Microsoft Visual Studio 2005 Professional Edition - DEU Service Pack 1 (KB926606)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0835A5D5-91C3-4ACD-8256-30C23DEBC6F7} /package {00610407-7C6C-486A-BB1D-80CEAC7E076B} Microsoft Visual Studio 2005 Professional Edition - DEU-->c:\Programme\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - DEU\setup.exe Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser und SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{B5E8B139-9A06-4D97-BA4E-1256F8D6968D} NETGEAR Print Server Software-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\NETGEAR Print Server\Uninst.isu" nLite 1.3-->"C:\Programme\nLite\unins000.exe" Notepad++-->C:\Programme\Notepad++\uninstall.exe OGClient-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\BorderWare Technologies\OGClient\Uninst.isu" PC Probe II-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x7 PrintServer-->MsiExec.exe /I{D8E4E0C4-4110-4655-8D24-2C06701A857E} RAIDar 3.01c1-p1-->C:\Programme\RAIDar\uninstall.exe REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x7 -removeonly RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update für Microsoft Visual Studio 2005 Professional Edition - DEU (KB947738)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {00610407-7C6C-486A-BB1D-80CEAC7E076B} Security Update für Microsoft Visual Studio 2005 Professional Edition - DEU (KB971023)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} /package {00610407-7C6C-486A-BB1D-80CEAC7E076B} Security Update für Microsoft Visual Studio 2005 Professional Edition - DEU (KB971090)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} /package {00610407-7C6C-486A-BB1D-80CEAC7E076B} Security Update für Microsoft Visual Studio 2005 Professional Edition - DEU (KB973673)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {964C8238-245C-4475-BB6E-D19D2C1220F2} /package {00610407-7C6C-486A-BB1D-80CEAC7E076B} Setup Wizard-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8C640CC5-A272-4314-8C4B-7CF82E691CFC}\Setup.exe" -l0x9 Setup9-->MsiExec.exe /X{62A6BE72-6050-4109-AF39-D975FA2A1F51} Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x7 -removeonly Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} TelFix Db-->MsiExec.exe /I{4EF2EFF8-02C8-4F18-BF59-321F8C1E02ED} Tobit InfoCenter -->\\*-fax-serve\David\Clients\WINDOWS\DVWIN32\SETUP\SETUP32.EXE UNINST.INF Tools für Microsoft SQL Server 2005-->MsiExec.exe /I{1E773188-07D9-45AE-84C5-23F77D60EA85} TortoiseSVN 1.5.6.14908 (32 bit)-->MsiExec.exe /X{0A399F13-2F24-4318-B632-D27B7FCCB43A} Trend Micro OfficeScan Client-->"C:\Programme\Trend Micro\OfficeScan Client\ntrmv.exe" Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Volo View Express-->C:\WINDOWS\unin0407.exe -f"C:\Programme\Volo View Express\DeIsL1.isu" WebEx Event Manager for Internet Explorer-->MsiExec.exe /I{9A755538-443E-4079-8903-8F92E9CA7E06} WebEx-->C:\PROGRA~1\WebEx\atcliun.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinMerge 2.8.0.0-->"C:\Programme\WinMerge\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" =====HijackThis Backups===== O4 - HKCU\..\Run: [Helper] C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Helper\bin\liveu.exe [2010-04-28] O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Adobe\Update\flacor.dat"" [2010-04-28] ======Security center information====== AV: Trend Micro OfficeScan Virenschutz ======System event log====== Computer Name: HASUS-EE626BA52 Event Code: 7036 Message: Dienst "Ati HotKey Poller" befindet sich jetzt im Status "Beendet". Record Number: 30017 Source Name: Service Control Manager Time Written: 20100111174329.000000+060 Event Type: Informationen User: Computer Name: HASUS-EE626BA52 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Trend Micro Filter" gesendet. Record Number: 30016 Source Name: Service Control Manager Time Written: 20100111174326.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: HASUS-EE626BA52 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Trend Micro VSAPI NT" gesendet. Record Number: 30015 Source Name: Service Control Manager Time Written: 20100111174325.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: HASUS-EE626BA52 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "tmcomm" gesendet. Record Number: 30014 Source Name: Service Control Manager Time Written: 20100111174325.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: HASUS-EE626BA52 Event Code: 40961 Message: Das Sicherheitssystem konnte keine sichere Verbindung mit dem Server cifs/x3650.*.local herstellen. Es war kein Authentifizierungsprotokoll verfügbar. Record Number: 30013 Source Name: LSASRV Time Written: 20101211151737.000000+060 Event Type: Warnung User: =====Application event log===== Computer Name: HASUS-EE626BA52 Event Code: 17147 Message: SQL Server wird beendet, weil das System heruntergefahren wird. Diese Meldung dient nur zu Informationszwecken. Es ist keine Benutzeraktion erforderlich. Record Number: 36401 Source Name: MSSQLSERVER Time Written: 20100323165220.000000+060 Event Type: Informationen User: Computer Name: HASUS-EE626BA52 Event Code: 1517 Message: Die Registrierung des Benutzers "*\*" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden. Record Number: 36400 Source Name: Userenv Time Written: 20100323165219.000000+060 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: HASUS-EE626BA52 Event Code: 1517 Message: Die Registrierung des Benutzers "*\apsupport" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden. Record Number: 36399 Source Name: Userenv Time Written: 20100323130126.000000+060 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: HASUS-EE626BA52 Event Code: 1310 Message: Ereigniscode: 3007 Ereignismeldung: Es ist ein Kompilierungsfehler aufgetreten. Ereigniszeit: 23.03.2010 11:39:08 Ereigniszeit (UTC): 23.03.2010 10:39:08 Ereignis-ID: a61b991d89f145cf9936072fff9c57bf Ereignissequenz: 380 Vorkommen: 1 Ereignisdetailcode: 0 Anwendungsinformationen: Anwendungsdomäne: /LM/W3SVC/1/Root/APplusDeploy-45-129138101651919578 Vertrauensebene: Full Virtueller Anwendungspfad: /APplusDeploy Anwendungspfad: C:\Programme\AP-AG\APplusDeploy\WebServer\ Computername: HASUS-EE626BA52 Prozessinformationen: Prozess-ID: 4072 Prozessname: aspnet_wp.exe Kontoname: HASUS-EE626BA52\ASPNET Ausnahmeinformationen: Ausnahmetyp: HttpCompileException Ausnahmemeldung: c:\Programme\AP-AG\APplusDeploy\WebServer\Wp\S_KommScheinOut.aspx(58): error CS0021: Die Indizierung mit [] kann nicht auf einen Ausdruck des Typs Methodengruppe angewendet werden. Anforderungsinformationen: Anforderungs-URL: hxxp://hasus-ee626ba52/APplusDeploy/wp/S_KommScheinOut.aspx?id=151&pos=1&posList=1,2&docLang=de&docPages=0 Anforderungspfad: /APplusDeploy/wp/S_KommScheinOut.aspx Benutzerhostadresse: 192.168.2.44 Benutzer: *\apsupport Ist authentifiziert: True Authentifizierungstyp: Negotiate Threadkontoname: HASUS-EE626BA52\ASPNET Threadinformationen: Thread-ID: 5 Threadkontoname: HASUS-EE626BA52\ASPNET Identitätswechsel für: True Stapelüberwachung: bei System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath virtualPath) bei System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) bei System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) bei System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean noAssert) bei System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp, Boolean noAssert) bei System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) bei System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) bei System.Web.HttpApplication.MapHttpHandler(HttpContext context, String requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig) bei System.Web.HttpApplication.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() bei System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Details des benutzerdefinierten Ereignisses: Record Number: 36398 Source Name: ASP.NET 2.0.50727.0 Time Written: 20100323113908.000000+060 Event Type: Warnung User: Computer Name: HASUS-EE626BA52 Event Code: 1309 Message: Ereigniscode: 3005 Ereignismeldung: Es ist eine unbehandelte Ausnahme aufgetreten. Ereigniszeit: 23.03.2010 11:11:44 Ereigniszeit (UTC): 23.03.2010 10:11:44 Ereignis-ID: 8685af5e8de548508e939a859bc77205 Ereignissequenz: 174 Vorkommen: 1 Ereignisdetailcode: 0 Anwendungsinformationen: Anwendungsdomäne: /LM/W3SVC/1/Root/APplusDeploy-45-129138101651919578 Vertrauensebene: Full Virtueller Anwendungspfad: /APplusDeploy Anwendungspfad: C:\Programme\AP-AG\APplusDeploy\WebServer\ Computername: HASUS-EE626BA52 Prozessinformationen: Prozess-ID: 4072 Prozessname: aspnet_wp.exe Kontoname: HASUS-EE626BA52\ASPNET Ausnahmeinformationen: Ausnahmetyp: SoapException Ausnahmemeldung: com.apag.p2plus.p2core.p2exceptions.P2DBException: C_SQLPARSEERROREXPECTED|ON|268|= at com.apag.p2plus.p2core.SQLParser.errorTokenExpected(SQLParser.java:610) at com.apag.p2plus.p2core.SQLParser.match(SQLParser.java:820) at com.apag.p2plus.p2core.SQLParser.parseJoin(SQLParser.java:1840) at com.apag.p2plus.p2core.SQLParser.parseTableSource(SQLParser.java:2675) at com.apag.p2plus.p2core.SQLParser.parseTableList(SQLParser.java:2438) at com.apag.p2plus.p2core.SQLParser.parseFrom(SQLParser.java:1565) at com.apag.p2plus.p2core.SQLParser.parseSingleSelect(SQLParser.java:2183) at com.apag.p2plus.p2core.SQLParser.parseSelect(SQLParser.java:1953) at com.apag.p2plus.p2core.SQLParser.parseStatement(SQLParser.java:2360) at com.apag.p2plus.p2core.SQLParser.parseSQL(SQLParser.java:2302) at com.apag.p2plus.p2core.Table.completeSQL(Table.java:2193) at com.apag.p2plus.p2core.Table.getCompleteSQL3(Table.java:2099) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.apag.p2plus.p2tools.P2plusServer$AxisDispatcher.invokeMethod(P2plusServer.java:3347) at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186) at com.apag.p2plus.p2tools.P2plusServer$AxisDispatcher.processMessage(P2plusServer.java:3230) at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453) at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281) at com.apag.p2plus.p2tools.P2plusServer$Connection.handleAxisCall(P2plusServer.java:2049) at com.apag.p2plus.p2tools.P2plusServer$Connection.handleRequest(P2plusServer.java:1504) at com.apag.p2plus.p2tools.P2plusServer$Connection.run(P2plusServer.java:1356) Anforderungsinformationen: Anforderungs-URL: hxxp://hasus-ee626ba52/APplusDeploy/wp/*AufstueliPosSelDlg.aspx?id=160 Anforderungspfad: /APplusDeploy/wp/*AufstueliPosSelDlg.aspx Benutzerhostadresse: 192.168.2.44 Benutzer: *\apsupport Ist authentifiziert: True Authentifizierungstyp: Negotiate Threadkontoname: HASUS-EE626BA52\ASPNET Threadinformationen: Thread-ID: 5 Threadkontoname: HASUS-EE626BA52\ASPNET Identitätswechsel für: False Stapelüberwachung: bei System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) bei System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) bei p2plus.AppServer.p2core.Table.getCompleteSQL3(String sql, Boolean ignoreClients, Boolean gui) bei p2plus.p2core.Table.getCompleteSQLGui(String sql) bei p2plus.WebObjects.WebUtils.getDataTable(String table, String sql) bei ASP.wp_*aufstueliposseldlg_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) bei System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) bei System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) bei System.Web.UI.Page.Render(HtmlTextWriter writer) bei System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) bei System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) bei System.Web.UI.Control.RenderControl(HtmlTextWriter writer) bei System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Details des benutzerdefinierten Ereignisses: Record Number: 36397 Source Name: ASP.NET 2.0.50727.0 Time Written: 20100323111144.000000+060 Event Type: Warnung User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "devmgr_show_nonpresent_devices"=1 "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=C:\Programme\Subversion;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Microsoft SQL Server\80\Tools\Binn\;C:\Programme\Microsoft SQL Server\90\DTS\Binn\;C:\Programme\Microsoft SQL Server\90\Tools\binn\;C:\Programme\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Programme\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Programme\AP-AG\APplusRef\AppServer\Native;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\TortoiseSVN\bin;C:\WINDOWS\system32\WindowsPowerShell\v1.0 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1 "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0f02 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "VS80COMNTOOLS"=C:\Programme\Microsoft Visual Studio 8\Common7\Tools\ "windir"=%SystemRoot% -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by * at 2010-04-30 10:23:04 Microsoft Windows XP Professional Service Pack 3 System drive C: has 342 GB (90%) free of 382 GB Total RAM: 2047 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:23:09, on 30.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Acronis\BackupServer\backupserver.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\ServTime.exe C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\TEMP\LPCF7C.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programme\TortoiseSVN\bin\TSVNCache.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Tobit InfoCenter\DVREMIND.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\RSIT.exe C:\Programme\Trend Micro\HijackThis\*.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.254:10080 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programme\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1489866735-1880308021-357732438-1191\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'apservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InfoCenter Notifier.LNK = C:\Programme\Tobit InfoCenter\DVREMIND.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: AP-Menu - file:///C:/AP/DVD/APplus4.3_DVD/UnsupportedTools/APmenu.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.2.10:4343/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://192.168.2.10:4343/officescan/console/ClientInstall/setup.cab O16 - DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} (DemoShield DemoX Class) - hxxp://www.adc-elektronik.de/demos/finetime_tour/demox.cab O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class) - hxxp://ap/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ky01ot2mfv5351qi1t5ybxuz&ControlID=86ed9883fadc4f9fb2f52a9cb5301ac2&Culture=1031&UICulture=7&ReportSta ck=1&OpType=PrintCab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://192.168.2.10:4343/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - hxxp://192.168.2.22/Remote/msrdp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - hxxp://x3650/applusref/Download/OWCHelper.cab O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - hxxp://ap/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ta3pumme4apcr345zhu2zn45&ControlID=c829192f08844838b219587a084f99d8&Culture=127&UICulture=7&ReportStac k=1&OpType=PrintCab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = *.local O17 - HKLM\Software\..\Telephony: DomainName = *.local O17 - HKLM\System\CCS\Services\Tcpip\..\{892308D3-A06E-4F3C-8B9D-83D0DD85D9D0}: NameServer = 192.168.2.23 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = *.local O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe O23 - Service: Acronis Backup Server Service (AcronisBackupServerService) - Acronis - C:\Programme\Acronis\BackupServer\backupserver.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: P2plus AppServer (AppService) - AP AG - C:\Programme\AP-AG\APplusRef\AppServer\Services\AppService\AppService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: ServTime - Tobit - C:\WINDOWS\system32\ServTime.exe O23 - Service: Time:LAN! (timelan) - Unknown owner - C:\timelan.exe (file missing) O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy-Dienst (TmProxy) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe -- End of file - 9712 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\RegistryConvoy.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952] "SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-18 925696] "SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800] "OfficeScanNT Monitor"=C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe [2008-09-29 714024] "Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2006-07-21 126976] "TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe [2006-07-21 1106531] "AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe [2006-07-21 1848218] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2007-04-25 311296] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-07-31 286720] "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 144384] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "AsusStartupHelp"=C:\Programme\ASUS\AASP\1.00.17\AsRunHelp.exe [2006-11-13 363008] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440] "SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-02-18 248040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart InfoCenter Notifier.LNK - C:\Programme\Tobit InfoCenter\DVREMIND.EXE Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoWelcomeScreen"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:* isabled:@xpsp3res.dll,-20000""C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:* isabled:@xpsp2res.dll,-22019""C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe"="C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe:* isabled:TrueImage""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe"="C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe:* isabled:TrueImage""C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe"="C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe:* isabled:Acronis Remote Agent""C:\Programme\Acronis\TrueImageConsole\TrueImageRemoteConsole.exe"="C:\Programme\Acronis\TrueImageConsole\TrueImageRemoteConsole.exe:* isabled:Tr ue Image Remote Console""C:\Programme\Java\jre1.6.0_02\bin\javaw.exe"="C:\Programme\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI" "C:\Programme\RAIDar\RAIDar.exe"="C:\Programme\RAIDar\RAIDar.exe:*:Enabled:Monitor ReadyNAS device" "C:\WINDOWS\system32\rsmsink.exe"="C:\WINDOWS\system32\rsmsink.exe:* isabled:Wechselmedien-Datensenkenebene""C:\WINDOWS\system32\dmremote.exe"="C:\WINDOWS\system32\dmremote.exe:* isabled:Logical Disk Manager component""C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE:*:Enabled:Web Dev.WebServer.exe" "C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:* isabled:SiSoftware Sandra Agent Service""C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe"="C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:* isabled:NAVBrowser""C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\ESTOS\ProCall One\ECtiClientOne.exe"="C:\Programme\ESTOS\ProCall One\ECtiClientOne.exe:* isabled:CtiClient"======List of files/folders created in the last 1 months====== 2010-04-30 10:23:04 ----D---- C:\rsit 2010-04-30 10:14:59 ----A---- C:\mbam.txt 2010-04-30 10:08:48 ----A---- C:\RSIT.exe 2010-04-30 10:08:47 ----A---- C:\HJTInstall.exe 2010-04-30 09:56:29 ----D---- C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Malwarebytes 2010-04-30 09:56:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-04-30 09:56:07 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-30 09:54:44 ----A---- C:\mbam-setup.exe 2010-04-28 17:12:18 ----A---- C:\WINDOWS\ntbtlog.txt 2010-04-28 16:42:59 ----D---- C:\Programme\Mozilla Firefox 2010-04-28 16:41:20 ----A---- C:\Firefox Setup 3.6.3.exe 2010-04-28 15:31:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office Genuine Advantage 2010-04-28 12:42:22 ----D---- C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\ElevatedDiagnostics 2010-04-28 12:41:27 ----D---- C:\WINDOWS\system32\windowspowershell 2010-04-28 09:36:05 ----HDC---- C:\WINDOWS\ie8 2010-04-28 08:44:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun 2010-04-28 08:43:56 ----A---- C:\WINDOWS\system32\javaws.exe 2010-04-28 08:43:56 ----A---- C:\WINDOWS\system32\javaw.exe 2010-04-28 08:43:56 ----A---- C:\WINDOWS\system32\java.exe 2010-04-28 08:43:56 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-04-27 15:59:26 ----RA---- C:\WINDOWS\system32\OLD48.tmp 2010-04-27 09:50:55 ----D---- C:\Programme\Windows Live Safety Center 2010-04-27 08:32:34 ----D---- C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Helper 2010-04-23 09:28:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-04-14 10:16:18 ----A---- C:\office2007sp2-kb953195-fullfile-de-de.exe 2010-04-09 09:52:22 ----A---- C:\dell-onlinediags-win32-2.12.0.71.exe ======List of files/folders modified in the last 1 months====== 2010-04-30 10:21:52 ----A---- C:\WINDOWS\Tobit.ini 2010-04-30 10:21:38 ----D---- C:\WINDOWS\Temp 2010-04-30 10:21:35 ----D---- C:\WINDOWS\system32\inetsrv 2010-04-30 10:17:03 ----D---- C:\WINDOWS\system32\drivers 2010-04-30 10:16:24 ----D---- C:\WINDOWS\security 2010-04-30 10:15:57 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-30 09:56:07 ----D---- C:\Programme 2010-04-30 09:53:17 ----D---- C:\WINDOWS\Registration 2010-04-30 09:44:19 ----A---- C:\WINDOWS\hpbafd.ini 2010-04-30 09:03:23 ----D---- C:\WINDOWS\system32 2010-04-30 09:03:22 ----A---- C:\WINDOWS\cfgall.ini 2010-04-28 17:51:26 ----SHD---- C:\WINDOWS\Installer 2010-04-28 17:45:19 ----D---- C:\Programme\Trend Micro 2010-04-28 17:43:23 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-28 17:25:06 ----D---- C:\WINDOWS 2010-04-28 16:43:18 ----D---- C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Mozilla 2010-04-28 16:11:24 ----D---- C:\WINDOWS\network diagnostic 2010-04-28 16:07:26 ----D---- C:\WINDOWS\Debug 2010-04-28 16:05:55 ----D---- C:\Programme\CCleaner 2010-04-28 16:00:50 ----SD---- C:\WINDOWS\Tasks 2010-04-28 15:43:27 ----D---- C:\software 2010-04-28 15:34:57 ----SHD---- C:\RECYCLER 2010-04-28 15:32:32 ----D---- C:\WINDOWS\system32\CatRoot 2010-04-28 14:32:19 ----D---- C:\WINDOWS\SoftwareDistribution 2010-04-28 14:25:29 ----D---- C:\WINDOWS\Prefetch 2010-04-28 13:02:13 ----RSD---- C:\WINDOWS\assembly 2010-04-28 13:02:13 ----D---- C:\WINDOWS\Microsoft.NET 2010-04-28 12:42:40 ----D---- C:\WINDOWS\AppPatch 2010-04-28 12:42:00 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-04-28 12:41:48 ----HD---- C:\WINDOWS\inf 2010-04-28 12:41:31 ----D---- C:\WINDOWS\system32\config 2010-04-28 10:56:05 ----D---- C:\WINDOWS\SxsCaPendDel 2010-04-28 10:53:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2010-04-28 09:40:15 ----D---- C:\WINDOWS\system32\de-de 2010-04-28 09:40:14 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-28 09:40:14 ----D---- C:\WINDOWS\Media 2010-04-28 09:40:14 ----D---- C:\WINDOWS\Help 2010-04-28 09:40:14 ----D---- C:\Programme\Internet Explorer 2010-04-28 08:44:12 ----D---- C:\Programme\Gemeinsame Dateien\Java 2010-04-28 08:43:54 ----D---- C:\Programme\Java 2010-04-27 15:47:45 ----D---- C:\Projektarbeit-AP 2010-04-27 12:40:49 ----SHD---- C:\System Volume Information 2010-04-27 12:40:49 ----D---- C:\WINDOWS\system32\Restore 2010-04-27 09:21:00 ----HD---- C:\WINDOWS\$hf_mig$ 2010-04-27 08:57:01 ----D---- C:\WINDOWS\system32\wbem 2010-04-23 10:13:58 ----D---- C:\Programme\Tobit InfoCenter 2010-04-23 09:11:28 ----D---- C:\WINDOWS\WinSxS 2010-04-22 16:05:22 ----D---- C:\Dokumente und Einstellungen\*.*\Anwendungsdaten\Adobe 2010-04-14 10:30:19 ----D---- C:\kk 2010-04-12 17:14:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-09 11:08:59 ----D---- C:\HZE 2010-04-09 10:15:15 ----D---- C:\Dokumente und Einstellungen 2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-09-29 72072] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-05-25 32288] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 TmFilter;Trend Micro Filter; \??\C:\Programme\Trend Micro\OfficeScan Client\TmXPFlt.sys [] R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Programme\Trend Micro\OfficeScan Client\TmPreFlt.sys [] R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Programme\Trend Micro\OfficeScan Client\VSApiNt.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-04 151552] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-12-19 92800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-06-07 393088] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920] S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys [] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-02-04 9600] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcronisAgent;Acronis Remote Agent; C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe [2006-04-28 315392] R2 AcronisBackupServerService;Acronis Backup Server Service; C:\Programme\Acronis\BackupServer\backupserver.exe [2006-04-28 8953356] R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2006-07-21 204800] R2 AppService;P2plus AppServer; C:\Programme\AP-AG\APplusRef\AppServer\Services\AppService\AppService.exe [2008-12-17 348244] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440] R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-04-12 153376] R2 MsDtsServer;SQL Server Integration Services; C:\Programme\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-08-05 205848] R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-08-05 29230616] R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Programme\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2008-08-05 14944280] R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-09-29 910632] R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); C:\Programme\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-08-05 16920] R2 ServTime;ServTime; C:\WINDOWS\system32\ServTime.exe [1998-09-16 40960] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 SQLBrowser;SQL Server-Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-08-05 242712] R2 SQLSERVERAGENT;SQL Server-Agent (MSSQLSERVER); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-08-05 349208] R2 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 tmlisten;OfficeScan NT Listener; C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe [2008-09-29 984360] R2 W3SVC;WWW-Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920] S2 timelan;Time:LAN!; C:\timelan.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TmProxy;OfficeScan NT Proxy-Dienst; C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe [2008-09-29 652552] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-08-05 47640] S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
30.04.2010, 15:01
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Merkwürdiger Fiesling. Brauche Euch. Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
30.04.2010, 16:07
| #3 |
| | Merkwürdiger Fiesling. Brauche Euch. Hallo und nochmals danke.
__________________OTL.TXT zu groß für das Forum (179 kb) was tun? Hier die beiden anderen Logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.04.2010 14:41:20 mbam-log-2010-04-30 (14-41-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 427142 Laufzeit: 1 Stunde(n), 55 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL Extras logfile created on: 30.04.2010 16:05:30 - Run 1 OTL by OldTimer - Version 3.2.3.1 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 372,60 Gb Total Space | 333,58 Gb Free Space | 89,53% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 175,38 Gb Total Space | 40,02 Gb Free Space | 22,82% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive R: | 175,38 Gb Total Space | 40,02 Gb Free Space | 22,82% Space Free | Partition Type: NTFS Drive Z: | 37,24 Gb Total Space | 26,55 Gb Free Space | 71,29% Space Free | Partition Type: NTFS Computer Name: HASUS-EE626BA52 Current User Name: * Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "80:TCP" = 80:TCP:*:Enabled:Webserver "81:TCP" = 81:TCP:*:Enabled:Sharepoint "1433:TCP" = 1433:TCP:*:Enabled:SQL Server "48491:TCP" = 48491:TCP:*:Enabled:Trend Micro OfficeScan Listener [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe" = C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe:* isabled:TrueImage -- (Acronis)"C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe" = C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe:* isabled:Acronis Remote Agent -- (Acronis)"C:\Programme\Acronis\TrueImageConsole\TrueImageRemoteConsole.exe" = C:\Programme\Acronis\TrueImageConsole\TrueImageRemoteConsole.exe:* isabled:True Image Remote Console -- (Acronis)"C:\Programme\Java\jre1.6.0_02\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\RAIDar\RAIDar.exe" = C:\Programme\RAIDar\RAIDar.exe:*:Enabled:Monitor ReadyNAS device -- (Infrant Technologies Inc.) "C:\WINDOWS\system32\rsmsink.exe" = C:\WINDOWS\system32\rsmsink.exe:* isabled:Wechselmedien-Datensenkenebene -- (Microsoft Corporation)"C:\WINDOWS\system32\dmremote.exe" = C:\WINDOWS\system32\dmremote.exe:* isabled:Logical Disk Manager component -- (Microsoft Corp.)"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE:*:Enabled:WebDev.WebServer.exe -- (Microsoft Corporation) "C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:* isabled:SiSoftware Sandra Agent Service -- File not found"C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:* isabled:NAVBrowser -- (Naviant, Inc.)"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\ESTOS\ProCall One\ECtiClientOne.exe" = C:\Programme\ESTOS\ProCall One\ECtiClientOne.exe:* isabled:CtiClient -- File not found[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe" = C:\Programme\Acronis\TrueImageEnterpriseServer\TrueImage.exe:* isabled:TrueImage -- (Acronis)========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00610407-7C6C-486A-BB1D-80CEAC7E076B}" = Microsoft Visual Studio 2005 Professional Edition - DEU "{0431CA57-DFAA-834C-17AB-CB85590E2784}" = Catalyst Control Center Localization Turkish "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION "{0A399F13-2F24-4318-B632-D27B7FCCB43A}" = TortoiseSVN 1.5.6.14908 (32 bit) "{0A96F7F9-ED03-53CF-ABE7-89E328AE8597}" = CCC Help Czech "{0BF60DBF-0F3F-E86D-AD0E-A3471CF8980C}" = ccc-core-preinstall "{0D88C160-1C2A-11D8-BCE6-0004757C401B}" = LV - Waerme_8.5 "{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0 "{1082AAF4-AECE-9430-0036-561A90381921}" = CCC Help Korean "{12069749-326A-08B6-6BB7-CD2FFD2A9F23}" = Catalyst Control Center Localization German "{12940497-E3CD-29E4-A661-99EE42FBBD16}" = Catalyst Control Center Localization Dutch "{16E6F36B-3CDC-4BDF-8D46-4B2241A63DFF}" = LV - Waerme_8.5 "{18D5A225-66FD-596C-5665-0CB8E1397FE6}" = Catalyst Control Center Localization Czech "{1A651F74-9351-4A0B-B4B7-6ED7637E4F67}" = Microsoft SQL Server 2005 "{1CED66E1-A5AE-48A6-A8C3-1656FA2494AE}" = Microsoft SQL Server 2005 Analysis Services "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1E26DBA8-710A-2D11-0502-4D3EA817D60E}" = CCC Help Norwegian "{1E773188-07D9-45AE-84C5-23F77D60EA85}" = Tools für Microsoft SQL Server 2005 "{234EB62B-88C8-E7D5-B229-5C85D719EB68}" = Catalyst Control Center Graphics Full Existing "{243F6730-1639-ADDA-3E4F-A561E02D1D67}" = CCC Help Russian "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20 "{28C07A4E-395D-9756-4EAC-98FD1BC5F0A6}" = CCC Help Chinese Standard "{292A9286-58C7-11D4-9882-005004EDBBBD}" = HiPath 3000 Manager C 68.50.259.0 "{2A111DAD-EA1A-DBC3-BBCA-159E16AAA6DF}" = Catalyst Control Center Localization Greek "{317587A3-A8A0-4EEE-8C02-62595A879E7B}" = Microsoft SQL Server 2005-Abwärtskompatibilität "{323A108A-92E6-AF98-8925-66D95565063C}" = Catalyst Control Center Localization Korean "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java(TM) SE Development Kit 6 Update 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{378F9A62-061E-4368-AA0A-1BA004772E98}" = Acronis True Image Enterprise Server "{3DBE6477-1E46-B325-774C-9F6139A6AB03}" = CCC Help Thai "{3E0D14AE-4B33-CBBD-C2C3-0742CF2F31FD}" = Catalyst Control Center Localization Japanese "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005 "{46B9CFAB-262A-4282-8EA0-09D3DC9825E0}" = Skins "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU "{4E052E9D-913E-BB4D-E169-AC926EF904C2}" = Catalyst Control Center Graphics Full New "{4EF2EFF8-02C8-4F18-BF59-321F8C1E02ED}" = TelFix Db "{5552E291-E783-8714-3629-90819303AE21}" = CCC Help Spanish "{56D0DEAC-2394-5DE7-6335-322C9775E502}" = Catalyst Control Center Localization Norwegian "{56F7BFBC-6298-16F4-AB21-C56B33321467}" = CCC Help Chinese Traditional "{5B3D81A5-0200-4CEA-813D-E0EDD81A6421}" = Acronis Backup Server "{5C178A50-69BA-68FA-B88F-87651273F8C8}" = Catalyst Control Center Graphics Light "{5C6CAB4B-24D9-15B7-67D9-D06AA014EAFD}" = Catalyst Control Center Localization Polish "{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 "{627E97D6-AFC4-C34B-1C6E-434783005040}" = Catalyst Control Center Localization Chinese Traditional "{62A6BE72-6050-4109-AF39-D975FA2A1F51}" = Setup9 "{65F75F96-C727-45F7-A657-135BE84ADE30}" = iPF700 Printer Driver Extra Kit "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6C1DC9E3-0948-73E2-F12F-DB6D6B2CB8F2}" = Catalyst Control Center Localization Thai "{6C2441F4-7852-456D-78DC-F9482CC452E8}" = CCC Help Polish "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer "{6D368867-A5F0-CD62-3AA3-E854B603545B}" = CCC Help Japanese "{6EE2CC94-474B-925D-594B-EA9432411BC9}" = Catalyst Control Center Core Implementation "{714EC9F3-F892-6716-9BC2-9586E063903F}" = CCC Help Finnish "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7ADFC7EB-A28A-1545-3891-5081F6714DD4}" = Catalyst Control Center Localization French "{7C3F6F08-1DCB-E820-3179-04FA485D26B9}" = Catalyst Control Center Localization Russian "{7D7A2021-FE7A-FA5F-135B-24A734EB0651}" = Catalyst Control Center Localization Portuguese "{7EFA49BD-ED25-F368-0EB6-5C1F76A0F8ED}" = Catalyst Control Center Localization Italian "{8366F556-852F-EF98-9A79-24CA28CAD74D}" = CCC Help Dutch "{857DAB24-4891-2220-FD6A-803D208E0CD2}" = Catalyst Control Center Localization Spanish "{88F93A2E-A2F3-4C36-B3D3-EEB274AA2C1C}" = Microsoft Device Emulator Version 1.0 - DEU "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{8ACBD00C-9999-49E5-8E46-95EB392BC81B}" = Microsoft Visual Studio 2005 Premier Partner Edition - DEU "{8C640CC5-A272-4314-8C4B-7CF82E691CFC}" = Setup Wizard "{8C8666BD-23F8-4058-DD84-DEA05673101F}" = CCC Help German "{8F0FBE5E-292E-FE23-4031-EEEF3BD7099A}" = CCC Help English "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003 "{90EA585B-18F3-6AF0-EB6D-DDF4E37BF18F}" = CCC Help Greek "{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{9417C25F-C3D7-8F55-0743-524311423A21}" = Catalyst Control Center Localization Swedish "{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007 "{95223722-B1C0-19C8-7935-AEDAF1FDA7B0}" = Catalyst Control Center Localization Finnish "{9743DB5A-6A37-9717-974F-12E0BC84BC1C}" = Catalyst Control Center Localization Chinese Standard "{9A755538-443E-4079-8903-8F92E9CA7E06}" = WebEx Event Manager for Internet Explorer "{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10 "{A1667F47-A1C8-BBA0-FEFE-2C8512294ED7}" = CCC Help Swedish "{A16F0B20-0873-11D8-BCE6-0004757C401B}" = LV - Fest "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A652BEDA-E716-5AD6-6A3B-198892ADAAA9}" = Catalyst Control Center Localization Hungarian "{A6B17FC6-FEF1-4306-9D51-44AF7E82C5D9}" = Microsoft SQL Server 2005 Reporting Services "{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools "{ABF33133-9458-0371-23B5-14C2FEC45D0B}" = Catalyst Control Center Graphics Previews Common "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{ACA4BAD6-6BDD-756D-7ECD-CA83ABCD3F08}" = CCC Help Portuguese "{AF2004E4-4AB9-4C6F-97C7-14170658E591}" = Acronis*True*Image*Agent "{B27390F8-8ECB-DEB6-3AE2-CF1B7CF57A9A}" = Catalyst Control Center Localization Danish "{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU "{BC68A6F0-20F6-5BED-856E-4EBEC2461F3F}" = ccc-core-static "{C05478D2-CE74-4996-903C-438C471D92C4}" = LV - Festigkeit "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CE2382CF-3E5A-91AA-F7DE-7A59922D2328}" = CCC Help French "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A7A01E-64FD-4A6E-B83B-0550043E3D23}" = IPView SE "{D854E81B-7943-835F-C4AD-48E438552022}" = CCC Help Hungarian "{D8E4E0C4-4110-4655-8D24-2C06701A857E}" = PrintServer "{D9496BE3-9D62-D542-D176-8578599BD43B}" = CCC Help Turkish "{DE2A6154-6011-1DA2-FD40-115EC40A0497}" = ccc-utility "{EBA6DE49-6431-11D2-AA7D-00AA000D6517}" = B-COMM WIN32 "{EFA95CB7-E4E5-41EF-BE0D-8BC341A71E9A}" = Acronis*True*Image Management*Console "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{F9F1771A-8CBC-03AE-4CBB-9AD796B12F89}" = CCC Help Danish "{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding "{FB839809-55C4-D4C4-2B96-EEA1DC822EAF}" = CCC Help Italian "{FC29CDDE-D1AD-426F-81D8-38B23470DB3E}" = Microsoft SQL Server 2005 Integration Services "7-Zip" = 7-Zip 4.57 "ActiveTouchMeetingClient" = WebEx "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5 "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "BC2_is1" = Beyond Compare Version 2.4.3 "Bürkert Electronic Tools 2007" = Bürkert Electronic Tools 2007 "CCleaner" = CCleaner "CollabNet Subversion Server" = CollabNet Subversion Server 1.5.5 "CorelDRAW 10" = CorelDRAW 10 "DebugMode Wink" = DebugMode Wink "FileZilla Client" = FileZilla Client 3.2.4.1 "FreePDF_XP" = FreePDF XP (Remove only) "gateProtect Administration Client 7.0" = gateProtect Administration Client 7.0 "GSview 4.9" = GSview 4.9 "HijackThis" = HijackThis 2.0.2 "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MeinPlatz" = MeinPlatz "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005 "Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Microsoft Visual Studio 2005 Professional Edition - DEU" = Microsoft Visual Studio 2005 Professional Edition - DEU "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NETGEAR Print Server Software" = NETGEAR Print Server Software "nLite_is1" = nLite 1.3 "Notepad++" = Notepad++ "OfficeScanNT" = Trend Micro OfficeScan Client "OGClient" = OGClient "RAIDar 3.01c1-p1" = RAIDar 3.01c1-p1 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Tobit InfoCenter" = Tobit InfoCenter "Volo View Express" = Volo View Express "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinMerge_is1" = WinMerge 2.8.0.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.04.2010 11:17:58 | Computer Name = HASUS-EE626BA52 | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107 Description = Report Server Windows Service (MSSQLSERVER) kann nicht mit der Berichtsserver-Datenbank verbunden werden. Error - 28.04.2010 11:30:23 | Computer Name = HASUS-EE626BA52 | Source = P2plus | ID = 101 Description = Error - 28.04.2010 11:30:26 | Computer Name = HASUS-EE626BA52 | Source = P2plus | ID = 101 Description = Error - 28.04.2010 11:30:34 | Computer Name = HASUS-EE626BA52 | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107 Description = Report Server Windows Service (MSSQLSERVER) kann nicht mit der Berichtsserver-Datenbank verbunden werden. Error - 30.04.2010 02:54:36 | Computer Name = HASUS-EE626BA52 | Source = P2plus | ID = 101 Description = Error - 30.04.2010 02:54:39 | Computer Name = HASUS-EE626BA52 | Source = P2plus | ID = 101 Description = Error - 30.04.2010 02:54:43 | Computer Name = HASUS-EE626BA52 | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107 Description = Report Server Windows Service (MSSQLSERVER) kann nicht mit der Berichtsserver-Datenbank verbunden werden. Error - 30.04.2010 04:17:32 | Computer Name = HASUS-EE626BA52 | Source = P2plus | ID = 101 Description = Error - 30.04.2010 04:17:35 | Computer Name = HASUS-EE626BA52 | Source = P2plus | ID = 101 Description = Error - 30.04.2010 04:17:51 | Computer Name = HASUS-EE626BA52 | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107 Description = Report Server Windows Service (MSSQLSERVER) kann nicht mit der Berichtsserver-Datenbank verbunden werden. [ System Events ] Error - 12.03.2010 03:30:16 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.03.2010 06:36:17 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 15.03.2010 03:30:24 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 16.03.2010 03:29:29 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 16.03.2010 16:11:31 | Computer Name = HASUS-EE626BA52 | Source = TermDD | ID = 655410 Description = Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt. Error - 18.03.2010 03:30:45 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.03.2010 03:19:21 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.03.2010 10:49:56 | Computer Name = HASUS-EE626BA52 | Source = TermServDevices | ID = 1111 Description = Der für den Drucker Fax erforderliche Treiber Microsoft Shared Fax Driver ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden. Error - 22.03.2010 03:14:08 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 23.03.2010 03:03:33 | Computer Name = HASUS-EE626BA52 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Time:LAN!" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
|
30.04.2010, 16:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiger Fiesling. Brauche Euch. Du kannst das andere OTL Log zippen und hier anhängen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.04.2010, 17:59
| #5 |
| | Merkwürdiger Fiesling. Brauche Euch. Freu mich auf Deine Antwort. Gruß Marcel |
|
30.04.2010, 18:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiger Fiesling. Brauche Euch. Das Log sieht für meine Begroffe ok aus. Mach bitte noch mal nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Merkwürdiger Fiesling. Brauche Euch. |
|
30.04.2010, 20:49
| #7 |
| | Merkwürdiger Fiesling. Brauche Euch. Hallo Arne, danke für die Antwort. Ich bin erst am kommenden Dienstag wieder im Büro. Dann werde ich das CF-Log posten. Hattest Du schon mal einen Fall, bei dem der Ausdruck "windowsuptate" in einer beliebigen URL zu Fehlern führt? Egal welcher Browser; egal ob Internet oder Intranet. Echt strange. Schönes Wochenende Gruß Marcel |
wurde wiederhergestellt 
Linear-Darstellung
