Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys

Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys


Plagegeister aller Art und deren Bekämpfung: Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.06.2010, 15:00   #2
Perle
 
Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys - Standard

Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys


OTL
Code:
ATTFilter
OTL logfile created on: 03.06.2010 14:03:41 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
495,00 Mb Total Physical Memory | 118,00 Mb Available Physical Memory | 24,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 6,10 Gb Free Space | 24,99% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 5,87 Gb Free Space | 8,01% Space Free | Partition Type: NTFS
Drive E: | 14,13 Gb Total Space | 12,37 Gb Free Space | 87,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,65 Gb Total Space | 191,58 Gb Free Space | 41,14% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP-MR
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Free Download Manager\FUM\fumoei.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\ltsmmsg.exe (LT)
PRC - C:\Programme\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\X-Setup Pro\bin\MSScript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SandraDataSrv) -- C:\Programme\SiSoft Sandra Lite\Win32\RpcDataSrv.exe (SiSoftware)
SRV - (SandraTheSrv) -- C:\Programme\SiSoft Sandra Lite\RpcSandraSrv.exe (SiSoftware)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (A5AGU) -- C:\WINDOWS\system32\drivers\a5agu.sys (D-Link Corporation)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (vmm) -- C:\WINDOWS\system32\drivers\Vmm.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) -- C:\WINDOWS\system32\drivers\wa301a.sys (Intel Corporation)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://eigene.domain.de"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.3.3
FF - prefs.js..extensions.enabledItems: flickr@jzlabs.com:1.0.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.24 09:15:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.27 23:06:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Programme\Netscape\Components [2009.01.18 18:01:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Programme\Netscape\Plugins [2010.04.27 23:06:29 | 000,000,000 | ---D | M]
 
[2010.04.23 00:15:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.06.03 12:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xyxg34vs.default\extensions
[2010.06.01 15:37:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xyxg34vs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.31 20:36:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xyxg34vs.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.23 00:16:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xyxg34vs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.05.31 19:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xyxg34vs.default\extensions\flickr@jzlabs.com
[2010.04.23 00:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\xyxg34vs.default\extensions\sxipper@sxip.com
[2010.06.03 12:36:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.18 16:03:40 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Programme\Mozilla Firefox\plugins\npmidas.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.02 00:57:28 | 000,199,085 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: 127.0.0.1 	localhost.localdomain
O1 - Hosts: 255.255.255.255	broadcasthost
O1 - Hosts: ::1		localhost
O1 - Hosts: 0.0.0.0 	local
O1 - Hosts: 192.168.0.1	router
O1 - Hosts: 127.0.0.1	web
O1 - Hosts: 127.0.0.1	web.local
O1 - Hosts: 127.0.0.1	xampp
O1 - Hosts: 127.0.0.1	xampp.local
O1 - Hosts: 0.0.0.0 binlayer.de
O1 - Hosts: 0.0.0.0 binimage.de
O1 - Hosts: 0.0.0.0 binlayer.com
O1 - Hosts: 0.0.0.0 binimage.com
O1 - Hosts: 0.0.0.0 binlayer.ru
O1 - Hosts: 0.0.0.0 binimage.ru
O1 - Hosts: 0.0.0.0 goatse.cx       # More information on sites such as 
O1 - Hosts: 0.0.0.0 www.goatse.cx   # these can be found in this article
O1 - Hosts: 0.0.0.0 oralse.cx       # en.wikipedia.org/wiki/List_of_shock_sites
O1 - Hosts: 0.0.0.0 www.oralse.cx
O1 - Hosts: 0.0.0.0 goatse.ca
O1 - Hosts: 0.0.0.0 www.goatse.ca
O1 - Hosts: 0.0.0.0 oralse.ca
O1 - Hosts: 0.0.0.0 www.oralse.ca
O1 - Hosts: 0.0.0.0 goat.cx
O1 - Hosts: 6585 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Programme\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\ltsmmsg.exe (LT)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PadTouch] C:\Programme\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TFncKy]  File not found
O4 - HKLM..\Run: [TouchED] C:\Programme\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ussshreg] C:\Programme\Ulead SmartSaver Pro\Ussshreg.exe ()
O4 - HKLM..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Free Uploader Oe Integration] C:\Programme\Free Download Manager\FUM\fumoei.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen in Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Programme\Free Download Manager\FUM\fumiebtn.dll ()
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} hxxp://192.168.0.2/connectcomputer/nshelp.dll (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231804693796 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231804669218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.01 22:46:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.04.20 13:04:20 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005.11.15 11:08:04 | 000,000,036 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{7e84ab5a-e678-11de-b2da-00080dde46f6}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.03 12:36:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.06.03 12:36:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.03 12:36:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.03 12:36:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.03 12:36:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 12:20:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.06.03 10:59:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable
[2010.06.02 13:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft Web Folders
[2010.06.02 01:14:09 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010.06.02 01:10:23 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.06.01 16:36:47 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.06.01 16:36:11 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.01 16:09:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.01 16:08:09 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.05.28 02:35:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.05.25 23:15:45 | 014,590,080 | ---- | C] (DivX, Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\DivXInstaller 6.8.exe
[2010.05.25 22:39:34 | 000,000,000 | ---D | C] -- C:\Programme\Cut Assistant 0.9.13.16
[2010.05.07 21:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.03 14:12:35 | 000,741,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\hljrifmj.sys
[2010.06.03 14:02:34 | 037,885,984 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.06.03 12:20:53 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.06.03 10:51:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.03 10:38:13 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.06.03 10:36:30 | 000,058,727 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.06.03 10:36:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.03 10:35:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.03 05:08:57 | 000,454,772 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.06.03 05:08:38 | 007,340,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.06.03 05:08:38 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.06.02 21:41:39 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\4hf4fesu.exe
[2010.06.02 20:54:46 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.02 15:56:39 | 000,000,535 | ---- | M] () -- C:\hpfr5550.xml
[2010.06.02 13:13:54 | 000,000,403 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.06.02 13:12:57 | 000,001,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2010.06.02 00:17:04 | 000,001,550 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk
[2010.06.01 23:42:41 | 000,114,176 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.01 22:49:35 | 000,648,116 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2010.06.01 16:36:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.01 16:35:58 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.06.01 16:09:08 | 000,000,853 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.05.26 22:19:37 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\avdrn.dat
[2010.05.26 17:55:38 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.05.26 00:14:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.25 23:17:55 | 014,590,080 | ---- | M] (DivX, Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\DivXInstaller 6.8.exe
[2010.05.25 22:38:20 | 000,896,541 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Cut_Assistant_0.9.13.16.ZIP
[2010.05.23 12:03:31 | 000,000,152 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010.05.22 13:03:17 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini
[2010.05.13 18:25:42 | 000,071,742 | ---- | M] () -- D:\Eigene Dateien\Waschmaschinen Vergleich.ods
[2010.05.07 10:35:13 | 000,432,824 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.07 10:35:12 | 000,449,576 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.05.07 10:35:12 | 000,067,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.07 10:35:11 | 000,080,388 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.05.07 10:35:06 | 001,042,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.02 21:41:38 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\4hf4fesu.exe
[2010.06.02 03:10:08 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.06.02 00:17:03 | 000,001,550 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk
[2010.06.01 17:06:42 | 000,648,116 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2010.06.01 16:42:53 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.06.01 16:09:08 | 000,000,853 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.05.26 22:20:52 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\hljrifmj.sys
[2010.05.26 22:19:37 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\avdrn.dat
[2010.05.25 22:38:03 | 000,896,541 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Cut_Assistant_0.9.13.16.ZIP
[2010.05.13 17:03:41 | 000,071,742 | ---- | C] () -- D:\Eigene Dateien\Waschmaschinen Vergleich.ods
[2009.05.11 15:15:13 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2009.04.16 13:09:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\my.ini
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.07.14 04:33:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008.03.18 20:42:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.10.23 04:16:18 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2007.10.05 23:32:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007.10.05 01:45:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.10.05 01:45:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.10.05 01:06:07 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2007.10.05 01:05:18 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll
[2007.10.04 02:50:12 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.10.04 02:50:12 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.10.04 02:49:23 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.10.04 02:34:19 | 000,000,186 | ---- | C] () -- C:\WINDOWS\X-Filter.INI
[2007.10.04 02:06:02 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.10.04 01:39:41 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007.10.03 22:57:17 | 000,001,695 | ---- | C] () -- C:\WINDOWS\IF40LE.INI
[2007.10.03 22:57:17 | 000,000,253 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[2007.10.03 22:56:36 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007.10.03 22:56:36 | 000,000,398 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2007.10.03 20:24:04 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.10.03 16:21:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2007.10.03 15:04:05 | 000,000,076 | ---- | C] () -- C:\WINDOWS\EasyCash.ini
[2007.10.03 15:00:20 | 000,000,190 | ---- | C] () -- C:\WINDOWS\EasyCT.INI
[2007.10.03 13:59:03 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2007.10.03 12:37:20 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2007.10.03 12:37:18 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2007.10.03 01:09:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007.10.03 00:08:59 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007.10.03 00:08:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007.10.03 00:08:59 | 000,010,252 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007.10.03 00:08:59 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
< End of report >
OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 03.06.2010 14:03:41 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
495,00 Mb Total Physical Memory | 118,00 Mb Available Physical Memory | 24,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 6,10 Gb Free Space | 24,99% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 5,87 Gb Free Space | 8,01% Space Free | Partition Type: NTFS
Drive E: | 14,13 Gb Total Space | 12,37 Gb Free Space | 87,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,65 Gb Total Space | 191,58 Gb Free Space | 41,14% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP-MR
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\ACDSee.exe" "%1" ()
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MakeFolders] -- C:\Programme\MakeFolders\MkFldrs.exe ()
Directory [Mp3tag] -- "C:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\SiSoft Sandra Lite\Win32\RpcDataSrv.exe" = C:\Programme\SiSoft Sandra Lite\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Programme\SiSoft Sandra Lite\RpcSandraSrv.exe" = C:\Programme\SiSoft Sandra Lite\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{01191F55-F0E8-47E0-A942-0C1179F1A05F}" = JDContextMenu
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3C1475DA-F9D5-47B1-AB9C-B5F1C7A331C6}" = MECK
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{4082365B-0985-499A-920D-E4D4414DC58F}" = Microsoft Virtual PC 2004
"{45A54FAD-AADB-4CD2-9E56-2507A15F013D}" = Opera 9.23
"{4ACBBFC6-3F39-48DE-8D85-182736B2749B}" = Garmin MapSource
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52C97E71-DC72-4BFC-8F27-3DD60228FBAF}" = FTP-Watchdog
"{55E90923-5691-4A15-85EA-735045C2C405}" = Suchen und ersetzen fuer HTML
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{641FE800-650B-4E99-A304-9D50E7235BAF}" = Topo Deutschland v2
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{79ED0EE7-098C-465F-A853-B17F6FC6CDD8}" = GPS TrackMaker
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DF4C257-26FF-4FD1-BC5C-42CD5953EECB}" = MapSource - European Points of Interest v4.00
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{878B631B-E0F9-41B9-83D9-BC9DFB0B9F2B}" = Ebad
"{87F5E4C0-AF6F-4502-A9A7-09A0B6D62A52}" = DX-Browser
"{88645D03-45B0-4366-A24E-D88530719FCC}" = Web-Passport
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8FE73E6F-2D9B-428B-BCB2-1217F56A5E87}" = CacheStats
"{90150407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A89131FD-3D18-4DA8-84C8-622423011B51}_is1" = ALNO AG  Küchenplaner
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BF059DDE-13A5-4A5D-8DC2-D664B9D9DD15}" = GhostWriter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XIIc
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3EBEF79-DE34-44AE-8774-F6A17ABE27B2}" = Garmin nRoute
"{C4CFD617-6906-463E-80E6-5061E8D2BE00}" = e-Coolector
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CC399A03-4695-432E-AE6E-BB450DDE5248}_is1" = mirkes.de Tiny Hexer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0AC6844-79D4-11D4-AFEE-00C04F443448}" = Microsoft Works 6.0
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DC77A3D0-9ADA-47C6-9536-F9E7CF497C9D}" = Instant Sound Off
"{DD1AF1C9-1CEB-49B9-9CCC-641B7B3D55FF}" = MapSource - Atlantic BlueChart v6
"{DEB51E39-0F14-4B0C-BE19-4001399A5504}" = MapSource - European Roads and Recreation v4.00
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF768459-AEAF-47F4-8CD6-CC9697F43A49}" = WinAttrib
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EDA023EF-0F82-4030-BF23-5283C1EE1031}" = Nero 7 Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5193D77-5EF9-4731-991A-EC1F6551C818}" = MapSource - European MetroGuide v6
"{F7107906-5D75-438A-BB33-010818834487}" = IKEA HomePlanner Kitchen
"ACDSee" = ACDSee
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced IP Address Calculator v1.1" = Advanced IP Address Calculator v1.1
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced LAN Scanner v1.0 BETA 1" = Advanced LAN Scanner v1.0 BETA 1
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AIDA32_is1" = AIDA32 v3.93
"aignesamdeadlink_is1" = AM-DeadLink 3.1
"AllDup_is1" = AllDup 1.7.12
"ASCII Art - Machine_is1" = ASCII Art - Machine 1.2
"AVCutty" = AVCutty 2.4e
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"Biet-O-Matic v2.4.0" = Biet-O-Matic v2.4.0
"Bildschutz_is1" = Bildschutz Pro
"Button Studio" = Button Studio
"cdngo_is1" = CD'n'Go! Suite 2.09 (Beta)
"Crazy Browser 3.0.0 Beta2_is1" = Crazy Browser version 3.0.0 Beta2
"CryptextNT4" = Cryptext (Remove Only)
"CSVed_is1" = CSVed 1.4.3
"DirPrinter" = DirPrinter
"DokuTool 1.0R6_is1" = DokuTool (Non Commercial Edition)
"Dragonboard_is1" = Dragonboard 0.9
"DriveScan Plus_is1" = DriveScan Plus für Windows, Version 3.6
"DynGate" = DynGate
"EasyCash&Tax_is1" = EasyCash&Tax 1.34
"EasyRide&Tax_is1" = EasyRide&Tax 1.3
"ECT Import Plugin_is1" = Re2ECT-Plugin 1.0
"ECTPlugAnlagenverzeichnis_is1" = ECTPlugAnlagenverzeichnis 1.1
"ECTPlugWolframsJournal_is1" = ECTPlugWolframsJournal 1.02
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.0.10
"FLV Player1.33 FC" = FLV Player
"Free Download Manager_is1" = Free Download Manager 2.5
"FreePDF_XP" = FreePDF XP (Remove only)
"Geocache Scanner_is1" = Geocache Scanner V5.0.1 vom 13.12.2006
"GSAK (Geocaching Swiss Army Knife)_is1" = GSAK 6.6.5.19
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5550 series" = hp deskjet 5550 series (nur entfernen)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"if40leUninstall" = Presto! ImageFolio LE
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"InstallShield_{DD1AF1C9-1CEB-49B9-9CCC-641B7B3D55FF}" = MapSource - Atlantic BlueChart v6
"InstallShield_{F5193D77-5EF9-4731-991A-EC1F6551C818}" = MapSource - European MetroGuide v6
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.4
"JDownloader" = JDownloader
"king.com" = king.com (remove only)
"Lupas Rename 2000_is1" = Lupas Rename 2000 v5.0 Release
"MakeFolders 1.10_is1" = MakeFolders 1.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapSource" = MapSource
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mobility" = Mobility
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.39
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Packet Tracer 3.2_is1" = Packet Tracer 3.2
"Packet Tracer 4.0_is1" = Packet Tracer 4.0
"PageManager" = Presto! PageManager
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"phase5" = phase5
"PhraseExpress_is1" = PhraseExpress v4.1.14
"Power Saver" = TOSHIBA Power Saver
"Private Message Plus_is1" = Private Message Plus
"PROSet" = Intel(R) Network Connections Drivers
"Rechnung/2_is1" = Version 2.6.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SlimBrowser" = SlimBrowser (remove only)
"Spoiler Sync_is1" = Spoiler Sync
"TeamViewer" = TeamViewer
"The Bat!" = The Bat!
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA Touchpad Ein/Aus Utility V2.05.00
"Ulead SmartSaver Pro 3.0" = Ulead SmartSaver Pro 3.0 Full Version
"UNDOReg" = UNDOReg
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VLC media player 0.9.4
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"waterMark V2" = waterMark V2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Winamp 5.02 Deutsche Sprachdatei v14" = Deutsche Sprachdatei für Winamp 5.02 v14 
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-3
"WinRAR archiver" = WinRAR archiver
"Winston_is1" = Winston Version 02072
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.6.3a
"xp-AntiSpy" = xp-AntiSpy 3.96-6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"xqdcXSP_is1" = Xteq-dotec X-Setup Pro 6.6.300.Final1
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Renatager" = Mp3 Renatager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.11.2009 19:29:39 | Computer Name = LAPTOP-MR | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.12.2009 08:32:26 | Computer Name = LAPTOP-MR | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner
 Fehler aufgetreten.  .
 
Error - 05.12.2009 05:02:45 | Computer Name = LAPTOP-MR | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner
 Fehler aufgetreten.  .
 
Error - 19.04.2010 08:56:28 | Computer Name = LAPTOP-MR | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.04.2010 18:55:18 | Computer Name = LAPTOP-MR | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 22.04.2010 17:24:39 | Computer Name = LAPTOP-MR | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Opera.exe, Version 9.23.8808.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.04.2010 16:03:18 | Computer Name = LAPTOP-MR | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 27.04.2010 16:49:15 | Computer Name = LAPTOP-MR | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul comctl32.dll, Version 6.0.2900.5512, Fehleradresse 0x0007fda7.
 
Error - 27.04.2010 16:50:16 | Computer Name = LAPTOP-MR | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 27.04.2010 22:11:06 | Computer Name = LAPTOP-MR | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 26.05.2010 16:20:58 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7000
Description = Der Dienst "D-Link USB Wireless Network Adapter Service" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%31
 
Error - 27.05.2010 20:38:46 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
 auf Anwendungsebene.
 
Error - 27.05.2010 20:39:05 | Computer Name = LAPTOP-MR | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter bfa7199e,
 3. Parameter ee5d9a4c, 4. Parameter 00000000.
 
Error - 27.05.2010 20:39:15 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 01.06.2010 09:33:43 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7034
Description = Dienst "Ad-Aware 2007 Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 02.06.2010 09:44:11 | Computer Name = LAPTOP-MR | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - 02 - Deckblatt mit Foto.doc, im Besitz
 von ***, konnte nicht auf dem Drucker Automatisch hp deskjet 5550 series (2)
 auf WILLI gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei
 in Bytes: 1165664. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des 
Dokuments: 1. Anzahl der gedruckten Seiten: 1. Clientcomputer: \\LAPTOP-MR. Vom 
Druckprozessor zurückgelieferter Win32-Fehlercode: 53 (0x35). 
 
Error - 02.06.2010 14:57:06 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 02.06.2010 14:57:06 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 02.06.2010 16:13:03 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
 auf Anwendungsebene.
 
Error - 02.06.2010 16:13:03 | Computer Name = LAPTOP-MR | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
__________________
 

Themen zu Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
ad-aware, afd.sys, antivir guard, antivirus, antivirus scan, avira, browser, c:\windows\system32\rundll32.exe, components, desktop.ini, disabled.securitycenter, fontcache, free download, generic host process, internet explorer, kaspersky, mailversand, malware.packer, malware.trace, malwarebytes' anti-malware, nt.dll, ntdll.dll, plug-in, registry key, rootkit.agent, svchost.exe, trojan.gentee, trojaner-board, usbport.sys, virtual machine, warum, windows xp, zone alarm


« "Results5.google.de" statt normales Suchergebnis | unerwünschtes Programm 'TR/Spy.Banker.AG.1' [trojan] gefunden »


Ähnliche Themen: Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys


  1. Avira meldet TR/Rootkit.Gen in C:windows/system32/drivers....was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (22)
  2. TR/Rootkit.Gen2'-'C:\WINDOWS\system32\drivers\sptd.sys'
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (1)
  3. windows\system32\drivers\sptd.sys - Rootkit Modification
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (18)
  4. Trojan.Bubnix in c:\windows\system32\drivers\nqpqz.sys
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (14)
  5. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  6. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  7. Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys
    Plagegeister aller Art und deren Bekämpfung - 20.08.2010 (23)
  8. Rootkit Agent in C:\WINDOWS\system32\drivers\lpvmtsvd.sys
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (13)
  9. RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (24)
  10. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  11. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  12. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  13. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  14. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  15. TR/Rootkit.gen, TR/BHO.agcg in C:\Windows\system32\drivers\zaohb.sys
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (3)
  16. Was tun? Virus Rootkit C:\Windows\System32\drivers\hsntoaox.sys
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (12)
  17. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys - OTL Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 03.06.2010 14:03:41 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition - Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys...
Archiv
Du betrachtest: Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19