|
Plagegeister aller Art und deren Bekämpfung: Erst TR/Crypt.ZPACK.Gen, dann 9 weitere, dann unklar (Teil 1)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.05.2010, 00:13 | #1 |
| Erst TR/Crypt.ZPACK.Gen, dann 9 weitere, dann unklar (Teil 1) Hallo ihr alle. Ich hab hier, wie so viele, ein Riesenproblem: Angefangen hat alles mit dem Trojaner TR/Cryp.ZPACK.Gen, der heut morgen erschien. Obwohl Antivir immer im Hintergrund läuft war der auf einmal da und konnte nicht gelöscht werden. Egal was ich Antivir tun lies (Quarantäne, Zugriff verweigern, löschen...) er kam immer wieder. Dann schaltete ich den Computer aus. Später dann am Abend beim erneuten Einschalten tauchten auf einmal zusätzlich jede Menge andere Trojaner auf. Dann ging ich in der angegebenen Reihenfolge die ersten, für Hilfe hier im Forum notwendigen Schritte durch mit folgendem Ergebnis: 1. CCleaner laufen lassen: alles konnte gelöscht werden bis auf den erwähnten Avira-Antivir-Eintrag 2. Malewarebytes Anti-Malware laufen lassen mit folgendem Ergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4149 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 27.05.2010 22:34:26 mbam-log-2010-05-27 (22-34-26).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 136881 Laufzeit: 20 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 5 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 20 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 8 Infizierte Dateien: 9 Infizierte Speicherprozesse: C:\WINDOWS\Temp\wpv791274970096.exe (Trojan.Dropper) -> Unloaded process successfully. C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully. C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully. C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully. C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\Temp\wpv791274970096.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv671274948816.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\ctfmon.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\Explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully. Code:
ATTFilter OTL logfile created on: 27.05.2010 22:50:56 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 655,00 Mb Available Physical Memory | 65,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): D:\pagefile.sys 2000 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,41 Gb Total Space | 5,70 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 9,84 Gb Free Space | 40,31% Space Free | Partition Type: NTFS Drive E: | 25,73 Gb Total Space | 0,71 Gb Free Space | 2,75% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GOOFY Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\lisa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - E:\programme\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\WINDOWS\ISW\alice\signup\alicecnn.exe (ProDyne) PRC - C:\Programme\Media Key\OSD.exe () PRC - C:\Programme\Media Key\MagicKey.exe () PRC - C:\Programme\Sizer\sizer.exe (Brian Apps Products) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\lisa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Sizer\sizer.dll (Brian Apps Products) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe () ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) DRV - (PDNMp50) -- C:\WINDOWS\system32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\WINDOWS\system32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI) DRV - (PDDSLADP) -- C:\WINDOWS\system32\drivers\PDDSLADP.SYS (ProDyne) DRV - (PDDSLHND) -- C:\WINDOWS\system32\drivers\PDDSLHND.SYS (ProDyne) DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI) DRV - (moufiltr) -- C:\WINDOWS\system32\drivers\moufiltr.sys (Windows (R) 2000 DDK provider) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (kbfilter) -- C:\WINDOWS\system32\drivers\kbfilter.sys (WayTech Development, Inc.) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.alice-dsl.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://w*w.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.alice-dsl.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://w*w.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://w*w.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://w*w.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://w*w.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "h**p://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "h**p://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "h**p://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.08 20:22:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.18 23:12:23 | 000,000,000 | ---D | M] [2009.11.26 00:18:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2006.10.06 15:27:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\axu8sbt5.default\extensions [2010.05.27 10:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\o74yrqo1.default\extensions [2009.09.03 22:37:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\o74yrqo1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2007.10.21 13:28:11 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\o74yrqo1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009.05.04 23:27:07 | 000,001,632 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\o74yrqo1.default\searchplugins\live-search.xml [2010.05.27 10:16:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.18 10:12:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.10.06 14:05:57 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\programme\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\programme\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [MagicKey] C:\Programme\Media Key\MagicKey.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [MessengerPlus3] C:\Programme\MessengerPlus! 3\MsgPlus.exe (Patchou) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sizer.lnk = C:\Programme\Sizer\sizer.exe (Brian Apps Products) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} h**p://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class) O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} h**p://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} h**p://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} h**p://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} h**p://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160137824625 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vgdoqo.exe) - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vgdoqo.exe () O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vgdoqo.exe) - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vgdoqo.exe () O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\xxx\ctfmon.exe) - C:\Dokumente und Einstellungen\xxx\ctfmon.exe File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.06 13:54:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{bd5d7d13-e80a-11de-87a2-00138fbaeef1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bd5d7d13-e80a-11de-87a2-00138fbaeef1}\Shell\AutoRun\command - "" = L:\DZEMO\\\\\FATA.exe -- File not found O33 - MountPoints2\{bd5d7d13-e80a-11de-87a2-00138fbaeef1}\Shell\explore\command - "" = L:\DZEMO\\\\\\FATA.exe -- File not found O33 - MountPoints2\{bd5d7d13-e80a-11de-87a2-00138fbaeef1}\Shell\open\command - "" = L:\DZEMO\\\\\\FATA.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.27 22:42:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.27 22:04:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2010.05.27 22:04:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.27 22:04:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.27 22:04:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.27 22:04:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.27 21:51:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2010.05.27 10:04:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.05.18 10:13:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.05.18 10:12:53 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.05.18 10:12:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.18 10:12:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.18 10:12:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.27 22:42:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.27 22:37:01 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010.05.27 22:36:55 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.05.27 22:36:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.05.27 22:36:38 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.27 22:36:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.27 22:36:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.27 22:35:15 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT [2010.05.27 22:35:15 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini [2010.05.27 21:56:05 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.27 10:01:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.26 12:35:05 | 000,047,497 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\20100526_PM_Lehrerkooperative_Streik.pdf [2010.05.25 22:55:32 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe [2010.05.25 22:55:32 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2010.05.25 22:54:20 | 000,133,120 | RHS- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vgdoqo.exe [2010.05.24 13:29:35 | 000,144,122 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\bloody.jpg [2010.05.19 14:04:54 | 000,088,527 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\voltaire_06_10.pdf [2010.05.15 16:05:44 | 000,001,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Desktop\Google Earth.lnk [2010.05.10 10:51:56 | 000,036,766 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\SP_A0807.jpg [2010.05.10 10:51:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.05.06 13:02:43 | 000,048,050 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\20100506_PM_Stein_gegen_Arbeitslose.pdf [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.26 12:35:04 | 000,047,497 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\20100526_PM_Lehrerkooperative_Streik.pdf [2010.05.25 22:54:23 | 000,133,120 | RHS- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vgdoqo.exe [2010.05.24 13:29:44 | 000,144,122 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\bloody.jpg [2010.05.19 14:04:51 | 000,088,527 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\voltaire_06_10.pdf [2010.05.15 16:05:44 | 000,001,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Desktop\Google Earth.lnk [2010.05.10 10:51:56 | 000,036,766 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\SP_A0807.jpg [2010.05.06 13:02:41 | 000,048,050 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\20100506_PM_Stein_gegen_Arbeitslose.pdf [2009.04.22 21:59:20 | 000,042,982 | ---- | C] () -- C:\WINDOWS\System32\PDDSLADP.DLL [2009.04.22 21:07:28 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini [2008.03.31 23:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll [2008.03.21 22:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.03.21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.03.21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008.03.21 22:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.10.17 11:15:30 | 000,003,557 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.09.12 22:00:49 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys [2007.09.12 22:00:49 | 000,005,993 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007.09.12 22:00:48 | 000,469,696 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys [2007.08.27 23:51:56 | 000,000,083 | ---- | C] () -- C:\WINDOWS\buhl.ini [2007.08.27 23:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wiso.ini [2007.01.04 12:02:31 | 000,003,376 | ---- | C] () -- C:\WINDOWS\tm.ini [2006.12.18 17:18:01 | 000,000,020 | ---- | C] () -- C:\WINDOWS\hppsapp.INI [2006.12.09 01:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI [2006.11.21 14:21:25 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006.10.18 15:06:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\HKLock.dll [2006.10.18 15:06:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\HKLock.dll [2006.10.16 20:37:05 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2006.10.16 20:37:05 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2006.10.10 17:53:17 | 000,001,178 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2006.10.09 15:17:53 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll [2006.10.07 17:54:05 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL [2006.10.07 17:53:25 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll [2006.10.06 18:18:40 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini [2006.10.06 15:11:01 | 000,001,738 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2006.10.06 15:05:43 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.10.06 14:13:55 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2006.10.06 14:05:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2006.10.06 14:05:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006.10.06 14:05:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2006.10.06 14:04:50 | 000,003,791 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006.10.06 14:04:48 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.05.2010 22:50:56 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 655,00 Mb Available Physical Memory | 65,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): D:\pagefile.sys 2000 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,41 Gb Total Space | 5,70 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 9,84 Gb Free Space | 40,31% Space Free | Partition Type: NTFS Drive E: | 25,73 Gb Total Space | 0,71 Gb Free Space | 2,75% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GOOFY Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .js [@ = JSFile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) jsfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\totalcmd\TOTALCMD.EXE" = C:\Programme\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) "C:\Programme\Java\jre1.5.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.) "C:\Programme\Java\jre1.5.0_09\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.) "C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc) "G:\VALVE\hl.exe" = G:\VALVE\hl.exe:*:Enabled:Half-Life Launcher -- File not found "C:\Programme\Gaim\gaim.exe" = C:\Programme\Gaim\gaim.exe:*:Enabled:gaim -- File not found "G:\hamachi.exe" = G:\hamachi.exe:*:Enabled:Hamachi Client -- File not found "G:\halo\halo.exe" = G:\halo\halo.exe:*:Enabled:Halo -- File not found "F:\spiele\World of Warcraft\WoW-1.12.0-deDE-downloader.exe" = F:\spiele\World of Warcraft\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found "F:\eigene dateien\ICQ Lite\248609996\^--OblvoN--^_236384996\rhune\System\Rune.exe" = F:\eigene dateien\ICQ Lite\248609996\^--OblvoN--^_236384996\rhune\System\Rune.exe:*:Enabled:Rune -- File not found "F:\spiele\Warcraft III 1.07\War3.exe" = F:\spiele\Warcraft III 1.07\War3.exe:*:Enabled:Warcraft III -- File not found "F:\spiele\warcraft III 1.17\war3.exe" = F:\spiele\warcraft III 1.17\war3.exe:*:Enabled:Warcraft III -- File not found "F:\spiele\Valve\hl.exe" = F:\spiele\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found "F:\halo\halo.exe" = F:\halo\halo.exe:*:Enabled:Halo -- File not found "E:\programme\iTunes\iTunes.exe" = E:\programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F1B0D47-B479-4D0E-9AB4-98DCE8F40FA8}" = ArcSoft RAW Thumbnail Viewer "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio "{1C844488-0091-4680-9D67-76EF52F90DA7}" = Lively by Google "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D14BEA3-9115-42C2-870A-5CDC14309F68}" = Media Key "{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3F3188E-EC4E-413B-BFEC-6A179ADB14FF}" = MSXML "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1) "Ad-aware 6 Personal" = Ad-aware 6 Personal "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium "Alice" = Alice-Installationsdateien entfernen "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung "CCleaner" = CCleaner "C-Media Audio" = C-Media 3D Audio "F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "GENEUIDE" = USB Storage Driver "Google Updater" = Google Updater "GTK 2.0" = GTK+ Runtime 2.6.9 rev a (nur entfernen) "Hamachi" = Hamachi 1.0.1.5 "HP PrecisionScan LTX" = HP PrecisionScan LTX "Macromedia Dreamweaver 3 De" = Macromedia Dreamweaver 3 De "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MsgPlus! Plugin" = Messenger Plus! 3 "RealPlayer 6.0" = RealPlayer "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "sizer" = Sizer (remove only) "Totalcmd" = Total Commander (Remove or Repair) "Uninstall_is1" = Uninstall 1.0.0.0 "Vodafone 804SS USB driver" = SAMSUNG Mobile USB Modem ^^ "Vuze" = Vuze "WIC" = Windows Imaging Component "Winamp" = Winamp (remove only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 2 "WinLiveSuite_Wave3" = Windows Live Essentials "winscp3_is1" = WinSCP 3.3 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Pixie" = Pixie 3.1 (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04.05.2010 03:00:56 | Computer Name = GOOFY | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <h**p://w*w.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 07.05.2010 13:05:51 | Computer Name = GOOFY | Source = Windows Live Messenger | ID = 1000 Description = Error - 12.05.2010 03:56:20 | Computer Name = GOOFY | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <h**p://w*w.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 14.05.2010 11:56:30 | Computer Name = GOOFY | Source = Windows Live Messenger | ID = 1000 Description = Error - 20.05.2010 16:59:53 | Computer Name = GOOFY | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <h**p://w*w.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 21.05.2010 04:52:24 | Computer Name = GOOFY | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3726, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.05.2010 12:29:30 | Computer Name = GOOFY | Source = Windows Live Messenger | ID = 1000 Description = Error - 27.05.2010 15:44:38 | Computer Name = GOOFY | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung guardgui.exe, Version 9.0.3.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 27.05.2010 16:11:59 | Computer Name = GOOFY | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 27.05.2010 16:12:29 | Computer Name = GOOFY | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 09.05.2010 10:57:12 | Computer Name = GOOFY | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease xxx für die Netzwerkkarte mit der Netzwerkadresse xxxx wurde durch den DHCP-Server xxxx abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 10.05.2010 04:53:49 | Computer Name = GOOFY | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 11.05.2010 04:47:53 | Computer Name = GOOFY | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease xxx für die Netzwerkkarte mit der Netzwerkadresse xxx wurde durch den DHCP-Server xxx abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 11.05.2010 06:07:28 | Computer Name = GOOFY | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 13.05.2010 06:38:11 | Computer Name = GOOFY | Source = Service Control Manager | ID = 7034 Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.05.2010 05:18:46 | Computer Name = GOOFY | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 15.05.2010 07:41:47 | Computer Name = GOOFY | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 19.05.2010 09:52:21 | Computer Name = GOOFY | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 20.05.2010 03:29:32 | Computer Name = GOOFY | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease xxx für die Netzwerkkarte mit der Netzwerkadresse xxxx wurde durch den DHCP-Server xxx abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 22.05.2010 06:33:12 | Computer Name = GOOFY | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease xxx für die Netzwerkkarte mit der Netzwerkadresse xxx wurde durch den DHCP-Server xxx abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > |
28.05.2010, 17:31 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst TR/Crypt.ZPACK.Gen, dann 9 weitere, dann unklar (Teil 1) Hallo und
__________________Bitte die Datenbank von Malwarebytes updaten und einen Vollscan starten, dann sehen wir weiter.
__________________ |
Themen zu Erst TR/Crypt.ZPACK.Gen, dann 9 weitere, dann unklar (Teil 1) |
0x00000001, 32 bit, ad-aware, adware.hotbar, adware.mywebsearch, antivir, auf einmal, avgntflt.sys, benutzerregistrierung, bho, bredolab.bv.15, canon, components, computer, crypt.cfi.gen, device driver, drop.vidro.aid, error, fehler, firefox, firefox.exe, flash player, helper, hängen, installation, jusched.exe, location, logfile, malwarebytes' anti-malware, mozilla, mp3, object, oldtimer, otl logfile, otl.exe, plug-in, problem, realtek, registry, saver, searchplugins, searchscopes, security, server, shell32.dll, software, system, total commander, trojan.dropper, trojaner, usb, userini.exe, vodafone |