| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2010, 07:37
| #1 |
| |  TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart) Hallo zusammen, im Zuge meiner Recherche bin ich auf dieses Forum gestoßen. Hat mir schon viel weitergeholfen. Ich habe insgesamt 2 Probleme: Laptop und Desktop. Ich fange mal mit dem Laptop an: Avira hat beim Suchlauf verschiedene Viren/Trojaner im TEMP-Verzeichnis bzw. im Temporary Internet Files gefunden. Und ich kann die nicht dauerhaft löschen. Sie kommen immer wieder. Außerdem bringt Avira nach jedem Start auch 2 bis 3 gefundene Malware. - CC Cleaner ausgeführt - Malwarebytes-Bericht anbei (Ergebnis ähnlich zu Avira, daher hier nur das Malware-Log) - RSIT-Log anbei Für Hilfe wäre ich wirklich dankbar. Gruß Rainer PS: Dies ist mein erster Beitrag, falls ich was vergessen habe - vergebt mir. Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19.07.2010 08:17:22 mbam-log-2010-07-19 (08-17-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 129685 Laufzeit: 9 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: C:\WINDOWS\system32\system.exe (Spyware.OnlineGames) -> Unloaded process successfully. Infizierte Speichermodule: C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\164581.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\3462444.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\686754.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\859537.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv141279360189.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv211279361246.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\msvcrt2.dll (Malware.Traces) -> Quarantined and deleted successfully. C:\WINDOWS\system32\system.exe (Spyware.OnlineGames) -> Delete on reboot. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\180.exe (Trojan.Cinmus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\csrss.exe (Trojan.Agent) -> Delete on reboot. Log.txt RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-07-19 08:28:17 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 57 GB (50%) free of 114 GB Total RAM: 958 MB (58% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:28:29, on 19.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\o2 Verbindungsmanager\BRService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe C:\Programme\iPod\bin\iPodService.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\trend micro\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*hxxp://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://de.yahoo.com/fsc/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [OdTray.exe] "C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Programme\o2 Verbindungsmanager\BRService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Websense CPM Report Scheduler (jbtei40e1esaijye) - Unknown owner - C:\WINDOWS\system32\memmoojymmoob.exe (file missing) O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- End of file - 7115 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-01 163840] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2004-12-29 544768] "OdTray.exe"=C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Muscbrigade"=c:\Musicbrigade\Musicbrigade.exe [2005-12-20 40960] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2003-12-29 130560] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-04-28 142120] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"=C:\Programme\Yahoo!\Messenger\ypager.exe [2004-08-06 2502656] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart Dropbox.lnk - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient] C:\WINDOWS\system32\odyEvent.dll [2007-03-13 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-07-19 08:23:15 ----D---- C:\Programme\trend micro 2010-07-19 08:23:14 ----D---- C:\rsit 2010-07-19 08:05:18 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-07-19 08:05:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:01 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-07-19 08:05:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-07-19 07:43:45 ----D---- C:\Programme\CCleaner 2010-07-18 23:43:51 ----D---- C:\WINDOWS\system32\NtmsData 2010-07-18 23:28:22 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira 2010-07-18 23:27:02 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-07-18 23:26:54 ----D---- C:\Programme\Avira 2010-07-18 23:26:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-07-18 18:26:02 ----D---- C:\WINDOWS\Prefetch 2010-07-18 18:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-07-18 18:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-07-18 18:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-07-18 18:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-07-18 18:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-07-18 18:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-07-18 18:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-07-18 18:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-07-18 18:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-07-18 18:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-07-18 18:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-07-18 18:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-07-18 18:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-07-18 18:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-07-18 18:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-07-18 18:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-07-18 18:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-07-18 18:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-07-18 18:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-07-18 18:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-07-18 18:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-07-18 18:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-07-18 18:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-07-18 18:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-07-18 18:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-07-18 18:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-07-18 18:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-07-18 18:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-07-18 18:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-07-18 18:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-07-18 18:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-07-18 18:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-07-18 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-07-18 18:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-07-18 18:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-07-18 18:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-07-18 18:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-07-18 18:18:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-07-18 18:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-07-18 18:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-07-18 18:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-07-18 18:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-07-18 18:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-07-18 18:18:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-07-18 18:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-07-18 18:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-07-18 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-07-18 18:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-07-18 18:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$ 2010-07-18 18:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-07-18 18:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-07-18 18:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-07-18 18:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-07-18 18:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-07-18 18:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-07-18 18:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-07-18 18:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-07-18 18:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-07-18 18:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-18 18:12:41 ----D---- C:\WINDOWS\l2schemas 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\de 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\bits 2010-07-18 18:07:04 ----D---- C:\WINDOWS\network diagnostic 2010-07-18 18:01:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-07-18 18:01:43 ----D---- C:\WINDOWS\EHome 2010-07-18 17:49:58 ----D---- C:\WINDOWS\ie8updates 2010-07-18 12:24:11 ----D---- C:\0306c4323e4d491ffa9f1f30 2010-07-18 11:56:27 ----D---- C:\WINDOWS\WBEM 2010-07-18 11:55:03 ----HDC---- C:\WINDOWS\ie8 2010-07-18 11:54:02 ----A---- C:\WINDOWS\system32\MRT.exe 2010-07-17 22:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$ 2010-07-17 22:11:55 ----D---- C:\WINDOWS\system32\de-DE 2010-07-17 12:36:53 ----RSH---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\yjty.exe 2010-07-15 18:48:36 ----D---- C:\c91d2f7368e4b1d2a872 2010-07-15 11:51:58 ----A---- C:\WINDOWS\system32\SystemHelper.exe 2010-07-11 16:31:34 ----A---- C:\WINDOWS\ModemLog_BandLuxe 3.5G HSDPA Modem.txt 2010-07-11 12:34:54 ----A---- C:\WINDOWS\system32\drivers\br3gmdm.sys 2010-07-11 12:34:44 ----D---- C:\Programme\o2 Verbindungsmanager ======List of files/folders modified in the last 1 months====== 2010-07-19 08:27:56 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox 2010-07-19 08:27:47 ----D---- C:\WINDOWS\Temp 2010-07-19 08:27:46 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-19 08:27:33 ----D---- C:\WINDOWS 2010-07-19 08:27:30 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt 2010-07-19 08:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-19 08:23:15 ----RAD---- C:\Programme 2010-07-19 08:19:28 ----AD---- C:\WINDOWS\system32 2010-07-19 08:19:27 ----D---- C:\WINDOWS\system32\drivers 2010-07-19 07:49:17 ----D---- C:\WINDOWS\Debug 2010-07-19 07:49:15 ----D---- C:\WINDOWS\Minidump 2010-07-19 00:52:37 ----SHD---- C:\System Volume Information 2010-07-18 23:56:38 ----D---- C:\WINDOWS\Registration 2010-07-18 23:44:23 ----HD---- C:\WINDOWS\inf 2010-07-18 23:43:51 ----D---- C:\WINDOWS\repair 2010-07-18 23:25:04 ----D---- C:\Programme\AntiVir PersonalEdition Classic 2010-07-18 23:19:15 ----SHD---- C:\WINDOWS\Installer 2010-07-18 23:19:14 ----D---- C:\WINDOWS\WinSxS 2010-07-18 23:19:12 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-07-18 21:13:22 ----D---- C:\MAGIX 2010-07-18 21:13:21 ----D---- C:\WINDOWS\system32\MAGIX 2010-07-18 20:10:01 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-07-18 18:31:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-18 18:25:26 ----D---- C:\WINDOWS\system32\Setup 2010-07-18 18:25:26 ----D---- C:\WINDOWS\AppPatch 2010-07-18 18:25:25 ----D---- C:\WINDOWS\system32\wbem 2010-07-18 18:25:24 ----RSD---- C:\WINDOWS\Fonts 2010-07-18 18:24:45 ----D---- C:\WINDOWS\security 2010-07-18 18:23:53 ----D---- C:\WINDOWS\system32\CatRoot 2010-07-18 18:23:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-18 18:22:48 ----D---- C:\Programme\Outlook Express 2010-07-18 18:22:00 ----D---- C:\Programme\Movie Maker 2010-07-18 18:13:02 ----D---- C:\Programme\Messenger 2010-07-18 18:12:59 ----D---- C:\WINDOWS\ime 2010-07-18 18:12:59 ----D---- C:\WINDOWS\Help 2010-07-18 18:12:41 ----D---- C:\WINDOWS\system32\usmt 2010-07-18 18:12:41 ----D---- C:\Programme\Internet Explorer 2010-07-18 18:12:40 ----D---- C:\WINDOWS\PeerNet 2010-07-18 18:09:50 ----D---- C:\WINDOWS\ServicePackFiles 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\Restore 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\npp 2010-07-18 18:09:42 ----D---- C:\WINDOWS\msagent 2010-07-18 18:09:40 ----D---- C:\WINDOWS\srchasst 2010-07-18 18:09:39 ----D---- C:\Programme\NetMeeting 2010-07-18 18:09:37 ----D---- C:\WINDOWS\system32\Com 2010-07-18 18:09:34 ----D---- C:\Programme\Windows Media Player 2010-07-18 18:09:33 ----D---- C:\Programme\Windows NT 2010-07-18 18:09:28 ----D---- C:\Programme\Gemeinsame Dateien\System 2010-07-18 18:09:09 ----AD---- C:\WINDOWS\system32\oobe 2010-07-18 18:09:06 ----D---- C:\WINDOWS\system 2010-07-18 18:05:23 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-07-18 17:50:39 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-18 11:56:30 ----D---- C:\WINDOWS\system32\config 2010-07-18 11:56:15 ----D---- C:\WINDOWS\Media 2010-07-17 22:19:35 ----RSD---- C:\WINDOWS\assembly 2010-07-17 22:12:53 ----D---- C:\WINDOWS\Microsoft.NET 2010-07-17 21:59:38 ----D---- C:\WINDOWS\system32\en-US 2010-07-17 21:59:22 ----D---- C:\Programme\Microsoft.NET 2010-07-11 12:34:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-06-29 22:18:59 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype 2010-06-28 18:55:18 ----D---- C:\Programme\Mozilla Firefox 2010-06-28 13:13:02 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;iaStor; C:\WINDOWS\system32\drivers\iaStor.sys [2005-10-12 874240] R0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2005-08-18 93568] R0 nvraid;nvraid; C:\WINDOWS\system32\drivers\nvraid.sys [2005-08-18 77056] R0 SiSRaid2;SiSRaid2; C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 30976] R0 uagp35;Microsoft AGPv3.5-Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672] R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904] R0 viamraid;viamraid; C:\WINDOWS\system32\drivers\viamraid.sys [2005-11-23 92672] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-31 3960896] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168] R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-11 923826] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-09 248704] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB; C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [2008-12-23 104448] S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 PcdrNt;PcdrNt; C:\WINDOWS\System32\drivers\PcdrNt.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-16 41472] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 BandLuxe_Service;BandLuxe Service; C:\Programme\o2 Verbindungsmanager\BRService.exe [2009-06-14 87264] R2 Bonjour Service;Dienst "Bonjour"; C:\Programme\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MSSQLSERVER;MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337] R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-04-28 545576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 jbtei40e1esaijye;Websense CPM Report Scheduler; C:\WINDOWS\system32\memmoojymmoob.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- Info.txt. RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-07-19 08:28:17 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 57 GB (50%) free of 114 GB Total RAM: 958 MB (58% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:28:29, on 19.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\o2 Verbindungsmanager\BRService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe C:\Programme\iPod\bin\iPodService.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\trend micro\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*hxxp://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://de.yahoo.com/fsc/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [OdTray.exe] "C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Programme\o2 Verbindungsmanager\BRService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Websense CPM Report Scheduler (jbtei40e1esaijye) - Unknown owner - C:\WINDOWS\system32\memmoojymmoob.exe (file missing) O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- End of file - 7115 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-01 163840] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2004-12-29 544768] "OdTray.exe"=C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Muscbrigade"=c:\Musicbrigade\Musicbrigade.exe [2005-12-20 40960] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2003-12-29 130560] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-04-28 142120] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"=C:\Programme\Yahoo!\Messenger\ypager.exe [2004-08-06 2502656] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart Dropbox.lnk - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient] C:\WINDOWS\system32\odyEvent.dll [2007-03-13 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-07-19 08:23:15 ----D---- C:\Programme\trend micro 2010-07-19 08:23:14 ----D---- C:\rsit 2010-07-19 08:05:18 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-07-19 08:05:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:01 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-07-19 08:05:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-07-19 07:43:45 ----D---- C:\Programme\CCleaner 2010-07-18 23:43:51 ----D---- C:\WINDOWS\system32\NtmsData 2010-07-18 23:28:22 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira 2010-07-18 23:27:02 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-07-18 23:26:54 ----D---- C:\Programme\Avira 2010-07-18 23:26:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-07-18 18:26:02 ----D---- C:\WINDOWS\Prefetch 2010-07-18 18:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-07-18 18:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-07-18 18:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-07-18 18:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-07-18 18:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-07-18 18:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-07-18 18:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-07-18 18:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-07-18 18:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-07-18 18:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-07-18 18:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-07-18 18:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-07-18 18:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-07-18 18:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-07-18 18:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-07-18 18:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-07-18 18:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-07-18 18:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-07-18 18:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-07-18 18:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-07-18 18:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-07-18 18:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-07-18 18:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-07-18 18:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-07-18 18:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-07-18 18:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-07-18 18:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-07-18 18:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-07-18 18:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-07-18 18:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-07-18 18:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-07-18 18:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-07-18 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-07-18 18:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-07-18 18:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-07-18 18:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-07-18 18:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-07-18 18:18:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-07-18 18:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-07-18 18:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-07-18 18:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-07-18 18:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-07-18 18:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-07-18 18:18:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-07-18 18:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-07-18 18:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-07-18 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-07-18 18:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-07-18 18:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$ 2010-07-18 18:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-07-18 18:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-07-18 18:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-07-18 18:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-07-18 18:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-07-18 18:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-07-18 18:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-07-18 18:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-07-18 18:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-07-18 18:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-18 18:12:41 ----D---- C:\WINDOWS\l2schemas 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\de 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\bits 2010-07-18 18:07:04 ----D---- C:\WINDOWS\network diagnostic 2010-07-18 18:01:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-07-18 18:01:43 ----D---- C:\WINDOWS\EHome 2010-07-18 17:49:58 ----D---- C:\WINDOWS\ie8updates 2010-07-18 12:24:11 ----D---- C:\0306c4323e4d491ffa9f1f30 2010-07-18 11:56:27 ----D---- C:\WINDOWS\WBEM 2010-07-18 11:55:03 ----HDC---- C:\WINDOWS\ie8 2010-07-18 11:54:02 ----A---- C:\WINDOWS\system32\MRT.exe 2010-07-17 22:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$ 2010-07-17 22:11:55 ----D---- C:\WINDOWS\system32\de-DE 2010-07-17 12:36:53 ----RSH---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\yjty.exe 2010-07-15 18:48:36 ----D---- C:\c91d2f7368e4b1d2a872 2010-07-15 11:51:58 ----A---- C:\WINDOWS\system32\SystemHelper.exe 2010-07-11 16:31:34 ----A---- C:\WINDOWS\ModemLog_BandLuxe 3.5G HSDPA Modem.txt 2010-07-11 12:34:54 ----A---- C:\WINDOWS\system32\drivers\br3gmdm.sys 2010-07-11 12:34:44 ----D---- C:\Programme\o2 Verbindungsmanager ======List of files/folders modified in the last 1 months====== 2010-07-19 08:27:56 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox 2010-07-19 08:27:47 ----D---- C:\WINDOWS\Temp 2010-07-19 08:27:46 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-19 08:27:33 ----D---- C:\WINDOWS 2010-07-19 08:27:30 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt 2010-07-19 08:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-19 08:23:15 ----RAD---- C:\Programme 2010-07-19 08:19:28 ----AD---- C:\WINDOWS\system32 2010-07-19 08:19:27 ----D---- C:\WINDOWS\system32\drivers 2010-07-19 07:49:17 ----D---- C:\WINDOWS\Debug 2010-07-19 07:49:15 ----D---- C:\WINDOWS\Minidump 2010-07-19 00:52:37 ----SHD---- C:\System Volume Information 2010-07-18 23:56:38 ----D---- C:\WINDOWS\Registration 2010-07-18 23:44:23 ----HD---- C:\WINDOWS\inf 2010-07-18 23:43:51 ----D---- C:\WINDOWS\repair 2010-07-18 23:25:04 ----D---- C:\Programme\AntiVir PersonalEdition Classic 2010-07-18 23:19:15 ----SHD---- C:\WINDOWS\Installer 2010-07-18 23:19:14 ----D---- C:\WINDOWS\WinSxS 2010-07-18 23:19:12 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-07-18 21:13:22 ----D---- C:\MAGIX 2010-07-18 21:13:21 ----D---- C:\WINDOWS\system32\MAGIX 2010-07-18 20:10:01 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-07-18 18:31:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-18 18:25:26 ----D---- C:\WINDOWS\system32\Setup 2010-07-18 18:25:26 ----D---- C:\WINDOWS\AppPatch 2010-07-18 18:25:25 ----D---- C:\WINDOWS\system32\wbem 2010-07-18 18:25:24 ----RSD---- C:\WINDOWS\Fonts 2010-07-18 18:24:45 ----D---- C:\WINDOWS\security 2010-07-18 18:23:53 ----D---- C:\WINDOWS\system32\CatRoot 2010-07-18 18:23:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-18 18:22:48 ----D---- C:\Programme\Outlook Express 2010-07-18 18:22:00 ----D---- C:\Programme\Movie Maker 2010-07-18 18:13:02 ----D---- C:\Programme\Messenger 2010-07-18 18:12:59 ----D---- C:\WINDOWS\ime 2010-07-18 18:12:59 ----D---- C:\WINDOWS\Help 2010-07-18 18:12:41 ----D---- C:\WINDOWS\system32\usmt 2010-07-18 18:12:41 ----D---- C:\Programme\Internet Explorer 2010-07-18 18:12:40 ----D---- C:\WINDOWS\PeerNet 2010-07-18 18:09:50 ----D---- C:\WINDOWS\ServicePackFiles 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\Restore 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\npp 2010-07-18 18:09:42 ----D---- C:\WINDOWS\msagent 2010-07-18 18:09:40 ----D---- C:\WINDOWS\srchasst 2010-07-18 18:09:39 ----D---- C:\Programme\NetMeeting 2010-07-18 18:09:37 ----D---- C:\WINDOWS\system32\Com 2010-07-18 18:09:34 ----D---- C:\Programme\Windows Media Player 2010-07-18 18:09:33 ----D---- C:\Programme\Windows NT 2010-07-18 18:09:28 ----D---- C:\Programme\Gemeinsame Dateien\System 2010-07-18 18:09:09 ----AD---- C:\WINDOWS\system32\oobe 2010-07-18 18:09:06 ----D---- C:\WINDOWS\system 2010-07-18 18:05:23 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-07-18 17:50:39 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-18 11:56:30 ----D---- C:\WINDOWS\system32\config 2010-07-18 11:56:15 ----D---- C:\WINDOWS\Media 2010-07-17 22:19:35 ----RSD---- C:\WINDOWS\assembly 2010-07-17 22:12:53 ----D---- C:\WINDOWS\Microsoft.NET 2010-07-17 21:59:38 ----D---- C:\WINDOWS\system32\en-US 2010-07-17 21:59:22 ----D---- C:\Programme\Microsoft.NET 2010-07-11 12:34:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-06-29 22:18:59 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype 2010-06-28 18:55:18 ----D---- C:\Programme\Mozilla Firefox 2010-06-28 13:13:02 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;iaStor; C:\WINDOWS\system32\drivers\iaStor.sys [2005-10-12 874240] R0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2005-08-18 93568] R0 nvraid;nvraid; C:\WINDOWS\system32\drivers\nvraid.sys [2005-08-18 77056] R0 SiSRaid2;SiSRaid2; C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 30976] R0 uagp35;Microsoft AGPv3.5-Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672] R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904] R0 viamraid;viamraid; C:\WINDOWS\system32\drivers\viamraid.sys [2005-11-23 92672] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-31 3960896] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168] R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-11 923826] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-09 248704] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB; C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [2008-12-23 104448] S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 PcdrNt;PcdrNt; C:\WINDOWS\System32\drivers\PcdrNt.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-16 41472] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 BandLuxe_Service;BandLuxe Service; C:\Programme\o2 Verbindungsmanager\BRService.exe [2009-06-14 87264] R2 Bonjour Service;Dienst "Bonjour"; C:\Programme\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MSSQLSERVER;MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337] R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-04-28 545576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 jbtei40e1esaijye;Websense CPM Report Scheduler; C:\WINDOWS\system32\memmoojymmoob.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- |
|
22.07.2010, 14:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart) Hallo und
__________________ Bleiben wir in diesem Strang jetzt erstmal nur beim Laptop, sonst wirds zu unübersichtlich. Bitte nen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
23.07.2010, 20:06
| #3 |
| | TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart) Hallo cosinus,
__________________danke für Deine Antwort. Ich muss gleich eins vorwegschicken: Ich hatte schon befürchtet, dass bei meinem Problem keiner Rat weiß und habe deshalb schon seit Anfang der Woche selbst ein bisschen was probiert. Ich habe etwas Ähnliches wie mein Problem in einem älteren Beitrag hier gefunden. Da habe ich einfach einiges ausprobiert und damit dann auch schon einige Fehler wegbekommen. Für den Rest hatte ich dann woanders noch gefragt. Ich glaube also, dass das Problem weg ist. Ich hoffe Deine Analyse von gestern hat nicht zu lange gedauert. Ich will wirklich nicht mehrere Leute beschäftigen und glaube, dass ich da etwas ruhiger werden muss. Es war nur so, dass das der erste "richtige" Fehler im Laptop war und ich echt Panik hatte. Ich habe aber trotzdem das Malware-Tool und OTL ausgeführt (siehe unten). Bei Malware wurde nichts gefunden. Mit den Logs von OTL kann ich nichts anfangen. Bei dem Desktop (anderer Rechner) muss ich wohl das System neu aufsetzen wg. Rotkitt (Mist.). Danke auf jeden Fall. Ich hoffe, dass ich mich falls mal wieder etwas sein sollte, trotzdem melden darf. Gruß Rainer Log von Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4341 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.07.2010 18:24:03 mbam-log-2010-07-23 (18-24-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 245378 Laufzeit: 1 Stunde(n), 37 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 1. Log von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.07.2010 19:54:09 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\***\Desktop\Diagnosetools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,00 Mb Total Physical Memory | 423,00 Mb Available Physical Memory | 44,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 111,79 Gb Total Space | 57,08 Gb Free Space | 51,06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NAME-824B437F60 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\Diagnosetools\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\o2 Verbindungsmanager\BRService.exe (BandRich Inc.) PRC - C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.) PRC - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe (Funk Software, Inc.) PRC - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.) PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\Diagnosetools\OTL.exe (OldTimer Tools) MOD - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (jbtei40e1esaijye) -- C:\WINDOWS\System32\memmoojymmoob.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BandLuxe_Service) -- C:\Programme\o2 Verbindungsmanager\BRService.exe (BandRich Inc.) SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project) SRV - (odClientService) -- C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe (Funk Software, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (MSSQLSERVER) -- C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLSERVERAGENT) -- C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PcdrNt) -- C:\WINDOWS\System32\drivers\PcdrNt.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (br3gmdm) -- C:\WINDOWS\system32\drivers\br3gmdm.sys (BandRich Inc.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (EKBfltr) -- C:\WINDOWS\system32\drivers\EKBfltr.sys (EnE Technology Inc.) DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.11 12:37:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 06:34:19 | 000,000,000 | ---D | M] [2008.12.29 17:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.07.18 15:05:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mshdpcqz.default\extensions [2010.05.20 08:25:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mshdpcqz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.30 15:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mshdpcqz.default\extensions\beta@linkdiagnosis.com [2010.07.20 21:20:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.20 21:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.20 21:20:39 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.02 12:33:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.05.02 12:33:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.05.02 12:33:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.05.02 12:33:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.05.02 12:33:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe ( ) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [OdTray.exe] C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.) O4 - HKCU..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\yjty.exe) - C:\Dokumente und Einstellungen\***\Anwendungsdaten\yjty.exe File not found O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Funk Software, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.16 14:28:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0c075574-d351-11de-945d-00c0a8c04fa3}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0c075574-d351-11de-945d-00c0a8c04fa3}\Shell\AutoRun\command - "" = E:\PRVA\\\\\STRANA.exe -- File not found O33 - MountPoints2\{0c075574-d351-11de-945d-00c0a8c04fa3}\Shell\explore\command - "" = E:\PRVA\\\\\\STRANA.exe -- File not found O33 - MountPoints2\{0c075574-d351-11de-945d-00c0a8c04fa3}\Shell\open\command - "" = E:\PRVA\\\\\\STRANA.exe -- File not found O33 - MountPoints2\{11bab87b-3c39-11df-9508-00140b028a85}\Shell - "" = Autorun O33 - MountPoints2\{11bab87b-3c39-11df-9508-00140b028a85}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{11bab87b-3c39-11df-9508-00140b028a85}\Shell\open\command - "" = E:\unlock.exe -- File not found O33 - MountPoints2\{67afb94c-5a14-11dc-9005-00c0a8c04fa3}\Shell - "" = AutoRun O33 - MountPoints2\{67afb94c-5a14-11dc-9005-00c0a8c04fa3}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d43660fe-aea3-11dd-9266-00c0a8c04fa3}\Shell\AutoRun\command - "" = E:\i8ikdjwt.exe -- File not found O33 - MountPoints2\{d43660fe-aea3-11dd-9266-00c0a8c04fa3}\Shell\open\Command - "" = E:\i8ikdjwt.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.21 18:00:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.07.20 21:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.07.20 21:21:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.07.20 21:20:57 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.20 21:20:57 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.20 21:20:57 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.20 21:20:57 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.20 21:20:57 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.20 21:20:33 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.07.20 21:18:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2010.07.20 20:53:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2010.07.20 20:53:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2010.07.20 20:04:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Diagnosetools [2010.07.20 19:56:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search [2010.07.20 19:32:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.07.20 19:32:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.07.20 19:25:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell [2010.07.20 19:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2010.07.20 19:25:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2010.07.20 19:19:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2010.07.20 19:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Windows Desktop Search [2010.07.20 19:18:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy [2010.07.20 19:17:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll [2010.07.20 19:17:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll [2010.07.20 19:17:45 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll [2010.07.20 19:17:36 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010.07.20 19:17:12 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2 [2010.07.20 19:15:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010.07.20 19:15:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010.07.20 19:07:18 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2010.07.19 08:23:15 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.07.19 08:23:14 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.19 08:05:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.07.19 08:05:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.19 08:05:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.19 08:05:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.19 08:05:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.19 07:43:45 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.07.18 23:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.07.18 23:28:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2010.07.18 23:27:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.07.18 23:27:00 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.07.18 23:27:00 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.07.18 23:27:00 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.07.18 23:27:00 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.07.18 23:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.07.18 23:26:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.07.18 21:59:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Settings [2010.07.18 18:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.07.18 18:12:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010.07.18 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2010.07.18 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010.07.18 18:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010.07.18 18:01:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.07.18 18:01:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [2010.07.18 17:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.07.18 17:47:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.07.18 17:47:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.07.18 17:47:45 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.07.18 17:47:44 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.07.18 17:47:43 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010.07.18 15:15:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IECompatCache [2010.07.18 14:01:05 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.07.18 12:24:11 | 000,000,000 | ---D | C] -- C:\0306c4323e4d491ffa9f1f30 [2010.07.18 11:58:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.07.18 11:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010.07.18 11:55:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.07.17 22:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010.07.17 21:58:26 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.15 18:48:36 | 000,000,000 | ---D | C] -- C:\c91d2f7368e4b1d2a872 [2010.07.15 13:28:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.07.15 11:51:58 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SystemHelper.exe [2010.07.11 12:34:54 | 000,104,448 | ---- | C] (BandRich Inc.) -- C:\WINDOWS\System32\drivers\br3gmdm.sys [2010.07.11 12:34:44 | 000,000,000 | ---D | C] -- C:\Programme\o2 Verbindungsmanager [8 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.23 16:36:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.23 16:36:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.23 16:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.23 16:36:08 | 1004,851,200 | -HS- | M] () -- C:\hiberfil.sys [2010.07.23 07:07:48 | 006,029,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.07.23 07:07:48 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.07.22 23:11:00 | 002,277,699 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\iPod_nano_5th_gen_Benutzerhandbuch.pdf [2010.07.20 21:20:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.20 21:20:38 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.20 21:20:38 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.20 21:20:38 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.20 21:20:37 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.20 20:49:43 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe [2010.07.20 20:49:43 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2010.07.20 19:35:43 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Word.lnk [2010.07.20 19:23:25 | 001,286,976 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.20 19:23:25 | 000,571,432 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.20 19:23:25 | 000,521,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.20 19:23:25 | 000,123,204 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.20 19:23:25 | 000,095,776 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.20 19:18:56 | 000,001,765 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk [2010.07.20 19:17:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.07.20 19:17:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.07.20 19:17:18 | 000,000,716 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.20 19:15:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.07.19 08:02:08 | 000,048,736 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.07.19 08:00:04 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.18 23:29:54 | 000,000,160 | ---- | M] () -- C:\Dokumente und Einstellungen\***\startup.reg [2010.07.18 19:44:08 | 000,608,084 | ---- | M] () -- C:\WINDOWS\umcat_01.db [2010.07.18 18:27:03 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.07.18 18:06:37 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.07.17 21:57:44 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SystemHelper.exe [2010.07.17 21:57:00 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.07.14 21:05:34 | 000,003,350 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\IntelliPlanArchive.zip [2010.07.06 20:04:28 | 000,002,513 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Excel.lnk [2010.06.29 21:53:08 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\English - Term Paper Assignments.doc [2010.06.29 16:38:22 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [8 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.22 23:10:59 | 002,277,699 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\iPod_nano_5th_gen_Benutzerhandbuch.pdf [2010.07.20 19:18:56 | 000,001,765 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk [2010.07.20 19:15:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.07.18 19:43:57 | 000,608,084 | ---- | C] () -- C:\WINDOWS\umcat_01.db [2010.07.15 11:51:56 | 000,000,160 | ---- | C] () -- C:\Dokumente und Einstellungen\***\startup.reg [2010.07.14 17:59:22 | 000,003,350 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\IntelliPlanArchive.zip [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.02.02 18:31:34 | 000,000,033 | ---- | C] () -- C:\WINDOWS\unicon.ini [2007.03.27 18:52:38 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2007.03.13 19:34:53 | 000,000,112 | ---- | C] () -- C:\WINDOWS\init.ini [2007.03.12 20:08:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.11.16 15:56:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.11.16 15:42:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.11.16 15:42:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.11.16 15:42:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.11.16 15:42:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.11.16 15:42:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.11.16 15:42:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.11.16 15:41:37 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.11.16 15:36:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.11.16 15:33:54 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.11.16 15:33:16 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini [2006.11.16 15:25:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.11.16 14:31:28 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.11.16 14:25:13 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006.11.16 07:16:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll [2006.11.16 07:16:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll [2006.11.16 07:16:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll [2006.11.16 07:16:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll [2006.11.16 07:16:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll [2006.11.16 07:16:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll [2006.11.16 07:16:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll [2006.11.16 07:16:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll [2006.11.16 07:16:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll [2006.11.16 07:16:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2006.11.16 07:16:52 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006.11.16 07:13:52 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll [2002.04.01 18:45:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > 2. Log von OTL: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.07.2010 19:54:09 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\***\Desktop\Diagnosetools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
958,00 Mb Total Physical Memory | 423,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 57,08 Gb Free Space | 51,06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NAME-824B437F60
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CeWe Fotobuch.exe] -- "C:\Programme\CeWe Color\Mein CeWe Fotobuch\Mein CeWe Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-0000-4000-3600-0000836BD2D2}" = Microsoft Business Solutions-Navision 4.0
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B5BFFF9-9D55-45AF-9390-AA4DC1C4EEFE}" = Microsoft SQL Server Desktop Engine
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Professional 2002
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EFE315FB-CCE1-4678-87E1-77BF62D49301}" = Odyssey Client for Fujitsu Siemens Computers
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"{F5A89260-C909-11D3-A24B-00105A65139B}" = ARIS 5.0 deutsch
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein CeWe Fotobuch" = Mein CeWe Fotobuch
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NVEContent!UninstallKey" = NeroVision Express Content
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.07.2010 17:30:03 | Computer Name = NAME-824B437F60 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 93354.exe, Version 0.0.0.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 18.07.2010 22:46:00 | Computer Name = NAME-824B437F60 | Source = Bonjour Service | ID = 100
Description =
Error - 18.07.2010 22:46:00 | Computer Name = NAME-824B437F60 | Source = Bonjour Service | ID = 100
Description =
Error - 18.07.2010 22:46:00 | Computer Name = NAME-824B437F60 | Source = Bonjour Service | ID = 100
Description =
Error - 18.07.2010 22:46:16 | Computer Name = NAME-824B437F60 | Source = Bonjour Service | ID = 100
Description =
Error - 18.07.2010 22:46:16 | Computer Name = NAME-824B437F60 | Source = Bonjour Service | ID = 100
Description =
Error - 18.07.2010 22:46:16 | Computer Name = NAME-824B437F60 | Source = Bonjour Service | ID = 100
Description =
Error - 20.07.2010 13:19:43 | Computer Name = NAME-824B437F60 | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
erneut. Kontext: Windows Anwendung, SystemIndex Katalog
Error - 20.07.2010 13:29:57 | Computer Name = NAME-824B437F60 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 20.07.2010 14:10:59 | Computer Name = NAME-824B437F60 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avscan.exe, Version 10.0.3.0, fehlgeschlagenes
Modul mfc90u.dll, Version 9.0.30729.4148, Fehleradresse 0x0009fc0c.
[ System Events ]
Error - 21.07.2010 11:57:46 | Computer Name = NAME-824B437F60 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 21.07.2010 13:44:31 | Computer Name = NAME-824B437F60 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 21.07.2010 13:44:31 | Computer Name = NAME-824B437F60 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
iaStor nvatabus nvraid SiSRaid2 uagp35 viamraid
Error - 22.07.2010 13:58:21 | Computer Name = NAME-824B437F60 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 22.07.2010 22:25:18 | Computer Name = NAME-824B437F60 | Source = PSched | ID = 14103
Description = QoS [Adapter {5D9AF877-09FE-4DC7-848D-1C31F6C68DDE}]: Die Abfrage des
Netzwerkkartentreibers nach OID_GEN_LINK_SPEED ist fehlgeschlagen.
Error - 22.07.2010 22:25:52 | Computer Name = NAME-824B437F60 | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x10) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 23.07.2010 01:00:15 | Computer Name = NAME-824B437F60 | Source = PSched | ID = 14103
Description = QoS [Adapter {5D9AF877-09FE-4DC7-848D-1C31F6C68DDE}]: Die Abfrage des
Netzwerkkartentreibers nach OID_GEN_LINK_SPEED ist fehlgeschlagen.
Error - 23.07.2010 10:37:42 | Computer Name = NAME-824B437F60 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 23.07.2010 13:09:03 | Computer Name = NAME-824B437F60 | Source = PSched | ID = 14103
Description = QoS [Adapter {5D9AF877-09FE-4DC7-848D-1C31F6C68DDE}]: Die Abfrage des
Netzwerkkartentreibers nach OID_GEN_LINK_SPEED ist fehlgeschlagen.
Error - 23.07.2010 13:45:26 | Computer Name = NAME-824B437F60 | Source = PSched | ID = 14103
Description = QoS [Adapter {5D9AF877-09FE-4DC7-848D-1C31F6C68DDE}]: Die Abfrage des
Netzwerkkartentreibers nach OID_GEN_LINK_SPEED ist fehlgeschlagen.
< End of report >
|
|
23.07.2010, 20:19
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.07.2010, 12:32
| #5 |
| | TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart) Ich hatte in Beitrag 75091 geschaut (von 2009). Da wurde geraten, Adobe Reader/Flash Player etc. zu deinstallieren und neu drauf zu spielen und das neueste Java Update. Danach war fast alles weg. Ich hatte dann noch im Forum meines Antivirenprogramms gefragt, weil ich so verzweifelt war wegen des einen verbliebenen. Dann noch ein weiterer Scan damit und dann war alles weg. Danke Dir fürs Kümmern. |
|
| Themen zu TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart) |
| adobe, antivir guard, antivirus scan, bho, bonjour, browser, canon, cc cleaner, dropbox, einstellungen, excel, explorer, fontcache, hijackthis, hkus\s-1-5-18, home, iastor.sys, internet, microsoft, mozilla, mssql, msvcrt, opera.exe, ordner, programme, realtek, registry, server, software, spyware.onlinegames, symantec, system, temp, tr/crypt.zpack.gen, tr/spy., tr/spy.244736.13, trojan.cinmus, windows xp, winlogon |
Linear-Darstellung
