| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner (evt. WIN32AGENT) auf Laptop, bitte um HilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.05.2010, 17:11
| #1 |
 |  Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Hallo liebes Trojaner-Board-Team, ich habe am Montag einen Anruf von meiner Bank bekommen. Ein Trjaner hatte mein Onlinebanking-Passwort abgefangen. Laut Sicherheitscenter der Bank soll es der Trojaner WIN32AGENT sein, allerdings konnte ich diesen bisher nicht finden. Obwohl ich direkt in der Registry nach der exe-Datei gesucht habe, die laut avira.de den Trojaner WIN32AGENT enthält - nichts! Am Sonntag hatte ich bereits Probleme mit dem PC. Firefox hat zwar noch gestartet, hat aber keine Seiten mehr geladen, ist also nicht mehr richtig ins Internet gegangen. Ich bin dann ab Sonntag Mittag auf Opera umgestiegen, mit dem ich nun auch im Internet bin. Antivir hatte ich bis Montag Abend die freie Version, diese hat mir folgenden Trojaner gemeldet: TR/Crypt.ZPACK.Gen Diesen habe ich in die Quarantäne verschoben und gelöscht. Seit Montag Abend habe ich Antivir Professional, welches mir am Dienstag noch folgenden Virus scannte: JOKE/Stressreducer Leider habe ich mit Antivir Professional auch noch ein Problem. Wenn ich den PC neustarte, sind der WebGuard und der MailGuard immer deaktiviert und lassen sich auch nicht aktivieren. Ich muss dann immer über Systemsteuerung - Software - ändern, dass Programm auffrischen. Dann läuft es ohne Probleme. Hier die Logfiles der Programme, die ich durchlaufen lies: Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4096 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13.05.2010 17:48:48 mbam-log-2010-05-13 (17-48-48).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 123660 Laufzeit: 10 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\iebho09.dll (Trojan.BHO.H) -> Delete on reboot. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\in1A.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Random: Logfile of random's system information tool 1.07 (written by random/random) Run by ***r at 2010-05-13 17:58:07 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 33 GB (46%) free of 73 GB Total RAM: 1014 MB (45% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:58:35, on 13.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\Programme\SAMSUNG\MagicKBD\PerformanceManager.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxext.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe C:\Programme\Avira\AntiVir Desktop\avmailc.exe c:\programme\avira\antivir desktop\avgnt.exe C:\Programme\Opera\opera.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\trend micro\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.2.1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [SUPBackGround] C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate1ca0a167d20750f) (gupdate1ca0a167d20750f) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6642 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1262874683.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Norton Security Scan for ***.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-29 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-29 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-29 137752] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480] "DMHotKey"=C:\Programme\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944] "BatteryManager"=C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe [2008-10-20 2768896] "MagicKeyboard"=C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552] "SUPBackGround"=C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-02-03 294912] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-12-09 606208] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2010-03-17 421888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-08-14 106904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe [2005-07-22 933888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe [2007-12-20 659456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailBlocker] C:\DOKUME~1\***~1\LOKALE~1\Temp\b.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe /systray /nologon [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] C:\Programme\SPAMfighter\SFAgent.exe update delay 60 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-21 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 1000 series.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-09 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Programme\Zattoo\Zattoo1.exe"="C:\Programme\Zattoo\Zattoo1.exe:*  isabled: ""C:\Programme\Klebezettel NG\klebez.exe"="C:\Programme\Klebezettel NG\klebez.exe:* isabled:Elektronische Haftnotizen für Windows""C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:* isabled:KTF MUSIC AoD Server""C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:* isabled:KTF MUSIC VoD Server""C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:* isabled:Microsoft DirectPlay Voice Test""C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:* isabled:Microsoft Office OneNote""C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:* isabled:Nokia Service Layer Host Process ""C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:* isabled:Nokia Software Updater""C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe"="C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:* isabled:TerraTec Home Cinema (Setup)""C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:* isabled:zattood"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5147721-26ff-11df-87ac-001377af7d05}] shell\AutoRun\command - E:\Startme.exe ======List of files/folders created in the last 1 months====== 2010-05-13 17:58:09 ----D---- C:\Programme\trend micro 2010-05-13 17:58:07 ----D---- C:\rsit 2010-05-13 17:34:35 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2010-05-13 17:34:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-05-13 17:34:18 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-05-13 17:25:14 ----D---- C:\Programme\CCleaner 2010-05-12 17:30:52 ----A---- C:\WINDOWS\system32\lsdelete.exe 2010-05-12 17:08:43 ----D---- C:\Programme\Norton Security Scan 2010-05-12 16:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-05-12 16:41:03 ----HDC---- C:\WINDOWS\ie8 2010-05-12 16:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$ 2010-05-12 16:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-05-12 14:44:45 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-12 14:44:15 ----D---- C:\Programme\Lavasoft 2010-05-12 14:44:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2010-05-10 19:01:58 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira 2010-05-09 15:35:12 ----D---- C:\Dokumente und Einstellungen\***Anwendungsdaten\Apple Computer 2010-05-09 15:26:55 ----D---- C:\Programme\QuickTime 2010-05-09 15:26:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2010-05-09 11:53:57 ----D---- C:\Programme\Mozilla Firefox 2010-05-08 17:56:34 ----D---- C:\Dokumente und Einstellungen\***Anwendungsdaten\Talkback 2010-05-07 11:04:30 ----A---- C:\WINDOWS\system32\stu2.exe ======List of files/folders modified in the last 1 months====== 2010-05-13 17:58:09 ----RD---- C:\Programme 2010-05-13 17:55:48 ----D---- C:\WINDOWS\Temp 2010-05-13 17:55:37 ----SD---- C:\WINDOWS\Tasks 2010-05-13 17:53:32 ----D---- C:\WINDOWS\Prefetch 2010-05-13 17:53:13 ----D---- C:\WINDOWS 2010-05-13 17:52:59 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-13 17:50:53 ----D---- C:\WINDOWS\system32\drivers 2010-05-13 17:50:53 ----D---- C:\WINDOWS\system32 2010-05-13 17:50:27 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-13 17:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-05-13 17:30:08 ----D---- C:\WINDOWS\Debug 2010-05-13 17:05:15 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-13 17:04:08 ----HD---- C:\WINDOWS\inf 2010-05-13 17:03:59 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-13 17:03:57 ----D---- C:\WINDOWS\ie8updates 2010-05-13 16:57:07 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla 2010-05-12 17:18:09 ----D---- C:\WINDOWS\system32\de-de 2010-05-12 17:18:09 ----D---- C:\WINDOWS\Help 2010-05-12 17:18:09 ----D---- C:\Programme\Outlook Express 2010-05-12 17:18:09 ----D---- C:\Programme\Internet Explorer 2010-05-12 17:16:40 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2010-05-12 17:08:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton 2010-05-12 17:08:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller 2010-05-12 16:48:32 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-12 16:45:45 ----D---- C:\WINDOWS\WBEM 2010-05-12 16:45:13 ----D---- C:\WINDOWS\Media 2010-05-12 16:24:47 ----SHD---- C:\WINDOWS\Installer 2010-05-12 16:24:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-05-12 14:46:10 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-05-12 14:44:11 ----D---- C:\WINDOWS\WinSxS 2010-05-12 14:42:20 ----D---- C:\Programme\Bertelsmann Fotowelt 2010-05-12 14:38:38 ----D---- C:\Programme\PC Connectivity Solution 2010-05-12 14:35:56 ----D---- C:\Programme\Softick 2010-05-12 14:34:29 ----D---- C:\Programme\Gemeinsame Dateien 2010-05-12 14:33:49 ----HD---- C:\Programme\InstallShield Installation Information 2010-05-12 14:33:02 ----D---- C:\Programme\Oberon Media 2010-05-12 14:32:46 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2010-05-12 14:05:54 ----D---- C:\Programme\Zattoo 2010-05-11 17:11:58 ----D---- C:\WINDOWS\Registration 2010-05-10 22:28:43 ----D---- C:\Programme\Java 2010-05-10 20:21:40 ----D---- C:\WINDOWS\system32\NtmsData 2010-05-10 20:21:38 ----D---- C:\WINDOWS\repair 2010-05-10 20:08:14 ----D---- C:\WINDOWS\system32\Macromed 2010-05-10 20:06:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2010-05-10 19:55:59 ----D---- C:\WINDOWS\system32\Restore 2010-05-10 18:59:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-05-08 13:55:18 ----D---- C:\Programme\Opera 2010-05-07 11:04:29 ----A---- C:\WINDOWS\system32\userinit.exe 2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2010-02-18 102856] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS [] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-10-08 1334432] R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2010-02-15 79432] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2008-01-14 30208] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4753920] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 VMC326;Vimicro Camera Service VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [2008-09-23 238464] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-04-21 297344] S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [] S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [] S3 ADDMEM;ADDMEM; \??\C:\DOKUME~1\***~1\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS [] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [] S3 PEEK5;PEEK5 Protocol Driver; \??\E:\WLan\AIRCRA~1.41\win32\PEEK5.SYS [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-09-11 37664] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirFirewallService;Avira FireWall; C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232] R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672] R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2004-06-13 57344] R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-08-14 237984] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-05-12 1291544] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 gupdate1ca0a167d20750f;Google Update Service (gupdate1ca0a167d20750f); C:\Programme\Google\Update\GoogleUpdate.exe [2009-07-21 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 190448] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Ich hoffe, das war alles richtig so. Mache so etwas zum ersten Mal! Was mich etwas verunsicher ist, dass Malwarebytes nicht alle infizierten Dateien löschen konnte und meldete, dass sie nach dem Neustart gelöscht würden. Leider ist da nichts passiert. Soll ich sie aus der Quarantäne löschen? Antivir findet momentan keine infizierten Dateien mehr. Vielen lieben Dank im Vorraus!!! Jadee Geändert von Jadee (13.05.2010 um 17:16 Uhr) Grund: Habe etwas vergessen! |
|
14.05.2010, 13:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
14.05.2010, 17:13
| #3 |
| | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Hallo und lieben Dank für deine Antwort!
__________________Ich hatte gestern, nachdem ich im Forum rumgelesen hatte, schon mal einen Vollscan gemacht. Hier die Log Datei von Malware: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4096 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13.05.2010 21:17:51 mbam-log-2010-05-13 (21-17-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 171560 Laufzeit: 1 Stunde(n), 19 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hier die Logfiles von OTL: OTL.txt OTL logfile created on: 14.05.2010 18:10:16 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 576,00 Mb Available Physical Memory | 57,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 71,04 Gb Total Space | 32,60 Gb Free Space | 45,88% Space Free | Partition Type: NTFS Drive D: | 72,00 Gb Total Space | 57,13 Gb Free Space | 79,35% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NETBOOK-*** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.2.1/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SUPBackGround] C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.03 15:41:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{b5147721-26ff-11df-87ac-001377af7d05}\Shell - "" = AutoRun O33 - MountPoints2\{b5147721-26ff-11df-87ac-001377af7d05}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b5147721-26ff-11df-87ac-001377af7d05}\Shell\AutoRun\command - "" = E:\Startme.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.14 18:07:17 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.13 18:18:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Trojanerscheiß [2010.05.13 17:58:09 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.13 17:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.05.13 17:34:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.13 17:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.13 17:34:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.13 17:34:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.13 17:32:45 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.05.13 17:25:14 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.13 17:19:44 | 005,296,296 | ---- | C] (SPAMfighter ApS) -- C:\Dokumente und Einstellungen\***\Desktop\spywarefighter.exe [2010.05.12 17:08:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS [2010.05.12 17:08:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022 [2010.05.12 17:08:43 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2010.05.12 16:41:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.05.12 16:26:29 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.12 14:46:10 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010.05.12 14:44:45 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.05.12 14:44:15 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.05.12 14:44:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2010.05.10 19:01:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.05.10 18:59:26 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys [2010.05.10 18:59:26 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys [2010.05.09 22:42:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\° [2010.05.09 15:35:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer [2010.05.09 15:26:55 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.05.09 15:26:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2010.05.09 15:26:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Apple [2010.05.09 11:53:57 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2010.05.08 17:56:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Talkback [2010.05.07 11:04:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010.05.06 19:21:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\SF-Software [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.14 18:07:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.14 17:47:05 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.14 17:47:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.14 17:34:17 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.05.14 17:32:52 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.05.14 17:32:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.14 17:31:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.14 17:31:14 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys [2010.05.14 17:31:12 | 000,000,210 | ---- | M] () -- C:\WINDOWS\VMSTI000.bmp [2010.05.14 09:30:06 | 005,242,880 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.14 09:30:06 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.05.14 09:30:00 | 004,291,240 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.05.13 23:38:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010.05.13 23:38:34 | 000,000,532 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.13 23:38:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.13 23:03:40 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.13 22:05:08 | 000,056,832 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Handout GLU Unterrichtsstörungenneu.doc [2010.05.13 21:54:49 | 003,205,120 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\PPP blauneu.ppt [2010.05.13 21:51:13 | 000,015,430 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Essay.docx [2010.05.13 17:20:23 | 005,296,296 | ---- | M] (SPAMfighter ApS) -- C:\Dokumente und Einstellungen\***\Desktop\spywarefighter.exe [2010.05.12 17:08:58 | 000,000,556 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for ***.job [2010.05.12 17:08:48 | 000,001,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton Security Scan.lnk [2010.05.12 17:08:44 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.12 16:26:04 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.12 16:25:54 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010.05.09 20:04:50 | 000,000,520 | ---- | M] () -- C:\hpfr3420.xml [2010.05.08 13:55:23 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.05.07 11:04:29 | 000,075,264 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010.05.06 17:21:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.03 21:35:43 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.16 15:36:12 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1262874683.job [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.13 21:54:48 | 000,056,832 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Handout GLU Unterrichtsstörungenneu.doc [2010.05.13 21:09:45 | 000,015,430 | ---- | C] () -- C:\Dokumente und Einstellungen\**\Desktop\Essay.docx [2010.05.12 17:30:52 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010.05.12 17:08:48 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton Security Scan.lnk [2010.05.12 17:08:44 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.12 16:16:55 | 003,205,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\PPP blauneu.ppt [2010.05.12 14:53:00 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.05.11 17:00:58 | 000,002,560 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\hbedv.key [2010.05.06 21:28:06 | 000,090,456 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.01.07 16:00:34 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll [2010.01.04 13:14:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\BO9420CN.INI [2010.01.04 13:08:50 | 000,000,473 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010.01.04 13:08:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2010.01.04 13:08:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2010.01.04 13:07:40 | 000,000,750 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2010.01.04 13:07:40 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2010.01.04 13:07:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2010.01.03 22:36:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2010.01.03 22:36:34 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2009.11.17 16:17:04 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009.11.09 13:12:22 | 000,000,307 | ---- | C] () -- C:\WINDOWS\Romme.INI [2009.09.16 17:48:45 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009.09.16 17:48:45 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2008.12.10 18:49:25 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini [2008.11.12 00:48:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.11.03 23:21:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.11.03 15:54:04 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2008.11.03 15:54:04 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini [2008.11.03 15:54:02 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI [2008.11.03 15:54:02 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2008.11.03 15:54:02 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2008.11.03 15:54:01 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2008.11.03 15:54:01 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2008.11.03 15:54:01 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2008.11.03 15:54:01 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2008.11.03 15:54:01 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2008.11.03 15:54:01 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2008.11.03 15:54:01 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2008.11.03 15:54:01 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2008.11.03 15:54:01 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2008.11.03 15:54:01 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2008.11.03 15:54:01 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2008.11.03 15:54:01 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2008.11.03 15:54:01 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2008.11.03 15:54:01 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2008.11.03 15:51:47 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2008.11.03 15:51:47 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2008.11.03 15:48:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008.11.03 15:45:46 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2008.05.04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4F636E25 < End of report > Extras.txt folgt gleich (war zu groß für einen Beitrag!). Geändert von Jadee (14.05.2010 um 17:26 Uhr) Grund: Logfile hinzugefügt |
|
14.05.2010, 17:29
| #4 |
| | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Extras.txt OTL Extras logfile created on: 14.05.2010 18:10:16 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 576,00 Mb Available Physical Memory | 57,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 71,04 Gb Total Space | 32,60 Gb Free Space | 45,88% Space Free | Partition Type: NTFS Drive D: | 72,00 Gb Total Space | 57,13 Gb Free Space | 79,35% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NETBOOK-*** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:* isabled: -- File not found"C:\Programme\Klebezettel NG\klebez.exe" = C:\Programme\Klebezettel NG\klebez.exe:* isabled:Elektronische Haftnotizen für Windows -- File not found"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:* isabled:KTF MUSIC AoD Server -- (PeeringPortal)"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:* isabled:KTF MUSIC VoD Server -- (PeeringPortal)"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:* isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:* isabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:* isabled:Nokia Service Layer Host Process -- (Nokia Corporation)"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:* isabled:Nokia Software Updater -- (Nokia Corporation)"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:* isabled:TerraTec Home Cinema (Setup) -- File not found"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:* isabled:zattood -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0E5C4DE6-101B-11D6-986D-00500443CF9F}" = Sven Bømwøllen DL "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29BC12B1-282F-4CC9-A270-2CED7A72503F}" = Sven Demo "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{51E89658-5D6B-4F0D-B72B-57863C3AD06C}" = Brother MFL Pro "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver "{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9608729D-3C33-4EB6-B2AE-4468F8172560}" = Luecky 2 "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client "{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater "Ad-Aware" = Ad-Aware "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Professional "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "Foxit Reader" = Foxit Reader "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Google Updater" = Google Updater "GSview 4.9" = GSview 4.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "hotpot_is1" = HotPotatoes v 6.3.0.3 "HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series "ie8" = Windows Internet Explorer 8 "InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Nokia PC Suite" = Nokia PC Suite "NSS" = Norton Security Scan "Romme XXL " = Romme XXL "Samsung CLP-310 Series" = Samsung CLP-310 Series "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "The KMPlayer" = The KMPlayer (remove only) "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.05.2010 08:54:23 | Computer Name = NETBOOK-*** | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12.05.2010 08:55:56 | Computer Name = NETBOOK-*** | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12.05.2010 09:47:10 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = Error - 13.05.2010 10:47:10 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = Error - 13.05.2010 11:04:22 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung opera.exe, Version 10.53.3374.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 11:05:34 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung opera.exe, Version 10.53.3374.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:24:58 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:25:00 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:26:30 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 14.05.2010 11:47:05 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = [ OSession Events ] Error - 19.12.2008 15:24:31 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 569 seconds with 540 seconds of active time. This session ended with a crash. Error - 17.05.2009 08:49:12 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2124 seconds with 1860 seconds of active time. This session ended with a crash. Error - 24.08.2009 17:06:04 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4637 seconds with 2520 seconds of active time. This session ended with a crash. Error - 17.11.2009 16:54:32 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1305 seconds with 780 seconds of active time. This session ended with a crash. Error - 14.01.2010 17:22:04 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2273 seconds with 720 seconds of active time. This session ended with a crash. Error - 23.01.2010 05:21:02 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 178 seconds with 0 seconds of active time. This session ended with a crash. Error - 03.02.2010 07:53:57 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 131 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 13.05.2010 11:53:11 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.05.2010 11:56:25 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 11:56:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 12:26:41 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 17:05:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.05.2010 17:05:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 03:17:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 03:17:49 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 11:32:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 11:32:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:* isabled: -- File not found"C:\Programme\Klebezettel NG\klebez.exe" = C:\Programme\Klebezettel NG\klebez.exe:* isabled:Elektronische Haftnotizen für Windows -- File not found"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:* isabled:KTF MUSIC AoD Server -- (PeeringPortal)"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:* isabled:KTF MUSIC VoD Server -- (PeeringPortal)"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:* isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:* isabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:* isabled:Nokia Service Layer Host Process -- (Nokia Corporation)"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:* isabled:Nokia Software Updater -- (Nokia Corporation)"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:* isabled:TerraTec Home Cinema (Setup) -- File not found"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:* isabled:zattood -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0E5C4DE6-101B-11D6-986D-00500443CF9F}" = Sven Bømwøllen DL "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29BC12B1-282F-4CC9-A270-2CED7A72503F}" = Sven Demo "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{51E89658-5D6B-4F0D-B72B-57863C3AD06C}" = Brother MFL Pro "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver "{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9608729D-3C33-4EB6-B2AE-4468F8172560}" = Luecky 2 "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client "{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater "Ad-Aware" = Ad-Aware "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Professional "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "Foxit Reader" = Foxit Reader "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Google Updater" = Google Updater "GSview 4.9" = GSview 4.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "hotpot_is1" = HotPotatoes v 6.3.0.3 "HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series "ie8" = Windows Internet Explorer 8 "InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Nokia PC Suite" = Nokia PC Suite "NSS" = Norton Security Scan "Romme XXL " = Romme XXL "Samsung CLP-310 Series" = Samsung CLP-310 Series "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "The KMPlayer" = The KMPlayer (remove only) "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.05.2010 08:54:23 | Computer Name = NETBOOK-*** | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12.05.2010 08:55:56 | Computer Name = NETBOOK-*** | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12.05.2010 09:47:10 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = Error - 13.05.2010 10:47:10 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = Error - 13.05.2010 11:04:22 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung opera.exe, Version 10.53.3374.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. geht gleich weiter...  |
|
14.05.2010, 17:30
| #5 |
| | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Error - 13.05.2010 11:05:34 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung opera.exe, Version 10.53.3374.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:24:58 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:25:00 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:26:30 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 14.05.2010 11:47:05 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = [ OSession Events ] Error - 19.12.2008 15:24:31 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 569 seconds with 540 seconds of active time. This session ended with a crash. Error - 17.05.2009 08:49:12 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2124 seconds with 1860 seconds of active time. This session ended with a crash. Error - 24.08.2009 17:06:04 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4637 seconds with 2520 seconds of active time. This session ended with a crash. Error - 17.11.2009 16:54:32 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1305 seconds with 780 seconds of active time. This session ended with a crash. Error - 14.01.2010 17:22:04 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2273 seconds with 720 seconds of active time. This session ended with a crash. Error - 23.01.2010 05:21:02 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 178 seconds with 0 seconds of active time. This session ended with a crash. Error - 03.02.2010 07:53:57 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 131 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 13.05.2010 11:53:11 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.05.2010 11:56:25 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 11:56:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 12:26:41 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 17:05:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.05.2010 17:05:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 03:17:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 03:17:49 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 11:32:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 11:32:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:* isabled: -- File not found"C:\Programme\Klebezettel NG\klebez.exe" = C:\Programme\Klebezettel NG\klebez.exe:* isabled:Elektronische Haftnotizen für Windows -- File not found"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:* isabled:KTF MUSIC AoD Server -- (PeeringPortal)"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:* isabled:KTF MUSIC VoD Server -- (PeeringPortal)"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:* isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:* isabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:* isabled:Nokia Service Layer Host Process -- (Nokia Corporation)"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:* isabled:Nokia Software Updater -- (Nokia Corporation)"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\{33B745C9-1299-469C-B1A9-F0BD2550170A}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:* isabled:TerraTec Home Cinema (Setup) -- File not found"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:* isabled:zattood -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0E5C4DE6-101B-11D6-986D-00500443CF9F}" = Sven Bømwøllen DL "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29BC12B1-282F-4CC9-A270-2CED7A72503F}" = Sven Demo "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{51E89658-5D6B-4F0D-B72B-57863C3AD06C}" = Brother MFL Pro "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver "{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9608729D-3C33-4EB6-B2AE-4468F8172560}" = Luecky 2 "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client "{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater "Ad-Aware" = Ad-Aware "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Professional "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "Foxit Reader" = Foxit Reader "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Google Updater" = Google Updater "GSview 4.9" = GSview 4.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "hotpot_is1" = HotPotatoes v 6.3.0.3 "HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series "ie8" = Windows Internet Explorer 8 "InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Nokia PC Suite" = Nokia PC Suite "NSS" = Norton Security Scan "Romme XXL " = Romme XXL "Samsung CLP-310 Series" = Samsung CLP-310 Series "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "The KMPlayer" = The KMPlayer (remove only) "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.05.2010 08:54:23 | Computer Name = NETBOOK-*** | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12.05.2010 08:55:56 | Computer Name = NETBOOK-*** | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12.05.2010 09:47:10 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = Error - 13.05.2010 10:47:10 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = Error - 13.05.2010 11:04:22 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung opera.exe, Version 10.53.3374.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 11:05:34 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung opera.exe, Version 10.53.3374.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:24:58 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:25:00 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 13.05.2010 16:26:30 | Computer Name = NETBOOK-*** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 14.05.2010 11:47:05 | Computer Name = NETBOOK-*** | Source = Google Update | ID = 20 Description = [ OSession Events ] Error - 19.12.2008 15:24:31 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 569 seconds with 540 seconds of active time. This session ended with a crash. Error - 17.05.2009 08:49:12 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2124 seconds with 1860 seconds of active time. This session ended with a crash. Error - 24.08.2009 17:06:04 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4637 seconds with 2520 seconds of active time. This session ended with a crash. Error - 17.11.2009 16:54:32 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1305 seconds with 780 seconds of active time. This session ended with a crash. Error - 14.01.2010 17:22:04 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2273 seconds with 720 seconds of active time. This session ended with a crash. Error - 23.01.2010 05:21:02 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 178 seconds with 0 seconds of active time. This session ended with a crash. Error - 03.02.2010 07:53:57 | Computer Name = NETBOOK-*** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 131 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 13.05.2010 11:53:11 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.05.2010 11:56:25 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 11:56:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 12:26:41 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 13.05.2010 17:05:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.05.2010 17:05:27 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 03:17:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 03:17:49 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 11:32:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 14.05.2010 11:32:48 | Computer Name = NETBOOK-*** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > Mir ist aufgefallen, dass mein Laptop deutlich langsamer bootet im Vergleich zu vorher. Könnte aber evt. auch am Antivir Professional liegen, oder? Schonmal vielen Dank und ein schönes Wochenende  Jadee Geändert von Jadee (14.05.2010 um 17:33 Uhr) Grund: Ergänzung |
|
14.05.2010, 17:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Die Logs sind rel. unauffällig, bitte mal CF anwenden: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe |
|
14.05.2010, 18:16
| #7 |
| | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Habe leider ein Problem. Bekomme das Antivir Professional nicht richtig deaktiviert. Habe es auch über den Taskmanager versucht, klappt leider nicht, da das Beenden von Antivir gesperrt wird. Wie kann ich es komplett deaktivieren, dass ich Combofix durchlaufen lassen kann? Danke!!! |
|
14.05.2010, 18:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Regenschirm schließen sollte reichen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2010, 18:42
| #9 | |
| | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um HilfeZitat:
Lieben Dank! |
|
14.05.2010, 18:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Ja, das ist ein Bug von AntirVir, einfach weitermachen. Sollte AntiVir trotzdem rummeckern, bitte alle Zugriffe erlauben bzw. ignorieren, sodass AntiVir da nicht eingreift.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2010, 19:23
| #11 |
| | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Klappt leider nicht...  Windows hat plötzlich einen Absturz gemacht und es kam eine Fehlermeldung, dass das System nach einem schwerwiegenden Fehler wieder ausgeführt wird. Soll ich es noch einmal probieren? Danke und Grüße |
|
14.05.2010, 19:24
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Jo, bitte nochmal probieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2010, 20:12
| #15 |
| | Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe Ich verzweifel gleich... Gleiches Problem mit GMER. Habe es zweimal probiert. Schmiert direkt nach dem Start ab. Windows meldet nach Neustart wieder "nach einem schwerwiegenden Fehler". Ich lasse dass OSAM jetzt mal durchlaufen! |
|
| Themen zu Trojaner (evt. WIN32AGENT) auf Laptop, bitte um Hilfe |
| ad-aware, adware.gamesbar, antivir guard, avgntflt.sys, avira, bitte um hilfe, browser, browseui preloader, desktop, device driver, diagnostics, exe-datei, firefox, fontcache, google, gupdate, helper, hijack, hijackthis, hkus\s-1-5-18, home, iexplore.exe, internet browser, jusched.exe, plug-in, realtek, registry, scan, security, security scan, senden, server, software, studio, symantec, system, trojan.downloader, trojaner, usbvideo.sys, virus, windows xp, ändern |
Linear-Darstellung
