Zone Media - auch hier

elchvonoslo · 19.07.2010, 20:22

Hallo Forum,
beim Aufräumem meiner installierten Programme habe ich einen Eintrag entdeckt den ich nicht löschen kann. Angeblich gibt (gab?) es bei mir auf dem Rechner ein Programm mit dem Namen "Zone Media".
Ja ich hatte vor einiger Zeit einen Virus, den ich erfolgreich mit Malwarebytes Antivirus bekämpfen und entfernen (dachte ich!) konnte.
Nun habe ich alle möglichen Scans mit den empfholenen Programmen gemacht und wirklich keine Viren mehr gefunden.
Dennoch ist das Programm ja noch irgendwie da.
Wer hat mir eine Dummy Anleitung zum endültigen Entfernen?

Erstaunlich finde ich die vielen Einträge zum InternetExplorer 8.0.0, den ich aber gar nicht (wohl doch!) installiert habe. Habe auch alle anderen IE-Versionen deinstalliert und nutze nur noch FireFox (derzeit 3.6.6).
Woran liegt denn das?

Anbei mein aktueller HijackThis log:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:03, on 19.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Lexmark 9300 Series\lxcqmon.exe
C:\Programme\Lexmark 9300 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\TextPad 4\TextPad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.muc.eu.nfowg.com:8080
O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Programme\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Programme\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Programme\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {670C5F66-0866-4DD7-8A3F-1EDE62C2E8BB} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230041342062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230041522328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - h**p://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - h**p://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - h**p://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - h**p://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - h**p://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxcq_device -   - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7185 bytes

--- --- ---

cosinus · 22.07.2010, 15:05

Zitat:

den ich erfolgreich mit Malwarebytes Antivirus bekämpfen und entfernen (dachte ich!) konnte.

Poste bitte alles Malwarebytes-Logfiles!

Zitat:

Erstaunlich finde ich die vielen Einträge zum InternetExplorer 8.0.0, den ich aber gar nicht (wohl doch!) installiert habe. Habe auch alle anderen IE-Versionen deinstalliert und nutze nur noch FireFox (derzeit 3.6.6).
Woran liegt denn das?

Den IE kann man nicht richtig deinstallieren, da er eine Systemkomponente von Windows ist!
Du hast den IE8 wohl deswegen drauf, weil er automatisch durch die automatischen Update installiert wird, er ist auch ein wichtiges Update. Lass den IE8 drauf aber verwende nur Firefox oder andere Alternativbrowser.

Zitat:

C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe

Davon solltest Du die Finger lassen. => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de

elchvonoslo · 22.07.2010, 19:56

erstmal vielen Dank für die Antwort!

Zitat:

Zitat von cosinus

Poste bitte alles Malwarebytes-Logfiles!

Hier ein hochaktueller Logfile - da überall 0 oder "keine bösartigen Objete gefunden" fand ich es beim ersten Mal überflüssig, aber es hilft wahrscheinlich doch irgendwie:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4327

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.07.2010 20:20:00
mbam-log-2010-07-22 (20-20-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130077
Laufzeit: 12 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

Zitat von cosinus

Davon solltest Du die Finger lassen. => TuneUp: Wundermittel oder Placebo Reloaded

Ja, weiß ich. Bin auch der Meinung des Artikelschreibers: Alles in schöner Verpackung an einem Ort zusammengefasst, was XP eigentlich auch irgendwo kann. Aber dafür finde ich es praktisch und in Ermangelung von Alternativen - nun kenne ich auch den CCleaner, der das ähnlich macht - fand ich das gut. Und wenn man es geschenkt bekommt :-)

Danke auch für den Tipp mit den Internetexplorer, war mir so nicht bewußt ...

Viele Grüße,

der Elch

cosinus · 22.07.2010, 20:16

Bitte Malwarebytes aktualisieren und einen Vollscan machen.

elchvonoslo · 22.07.2010, 21:08

Danke für die Problemlösungmitarbeit, Arne!

Aktualisierung hätte ich machen können,
Vollscan läuft gerade.

Bin müde (wegen der Kinder) und gehe nun ins Bett - stelle das Ergebnis morgen dann ins Netz.

Gute Nacht und Danke!

der Elch

elchvonoslo · 22.07.2010, 21:14

Danke für die Problemlösungshilfe, Arne,
lasse gerade den Vollscan laufen, bin aber müde wegen der Kinder und gehe nun schlafen.
Stelle das Scanprotokoll dann morgen früh ins Netz.

Gute Nacht und nochmals Danke,

der Elch

elchvonoslo · 23.07.2010, 07:04

Guten Morgen Arne,
wie versprochen: Hier das Log-file des vollstädigen Scans.
Tatsächlich gab es noch 20 infizierte Dateien. Sieh selbst:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4339

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.07.2010 00:17:15
mbam-log-2010-07-23 (00-17-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 248315
Laufzeit: 1 Stunde(n), 40 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 20

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248880.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248881.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248882.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248883.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248884.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248885.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248886.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248887.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248888.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248889.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248890.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248891.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248892.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248893.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248894.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248895.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248896.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248897.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248898.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4BE448C6-B399-484A-9F21-4E9F44C9B360}\RP64\A0248900.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Viele Grüße,

der Elch

elchvonoslo · 23.07.2010, 07:09

und hier noch der aktuelle RSIT-log:

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by Standard at 2010-07-23 08:10:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (44%) free of 57 GB
Total RAM: 1022 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:10:56, on 23.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Lexmark 9300 Series\lxcqmon.exe
C:\Programme\Lexmark 9300 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\TextPad 4\TextPad.exe
C:\Dokumente und Einstellungen\Standard\Desktop\PC Sicherheit\RSIT.exe
C:\Programme\trend micro\Standard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.muc.eu.nfowg.com:8080
O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Programme\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Programme\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Programme\Lexmark 9300 Series\ezprint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {670C5F66-0866-4DD7-8A3F-1EDE62C2E8BB} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230041342062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230041522328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxcq_device -   - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7044 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{B821E66C-7F32-4744-9AAD-031778487884}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Symbolleiste - C:\Programme\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Symbolleiste - C:\Programme\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXCQCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16 []
"LexwareInfoService"=C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-09-11 339240]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"lxcqmon.exe"=C:\Programme\Lexmark 9300 Series\lxcqmon.exe [2006-10-23 286720]
"Lexmark 9300 Series Fax Server"=C:\Programme\Lexmark 9300 Series\fm3032.exe [2006-10-26 299008]
"EzPrint"=C:\Programme\Lexmark 9300 Series\ezprint.exe [2006-10-06 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLCoMan]
C:\Programme\DSL Connection Manager\DSLCoMan.exe -autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\helpdelete]
C:\DOKUME~1\Standard\ANWEND~1\SHOWFU~1\Popbibflaw.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Programme\HP\HP Software Update\HPWuSchd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPpromo psc 1300 series]
C:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe /N psc 1300 series -r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memo cool 4 locks]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fork for memo cool\joy dog.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE [2004-08-18 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Siemens SmartSync - ScheduleSync]
C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
C:\WINDOWS\system32\TCtrlIOHook.exe [2005-02-16 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2005-01-21 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
C:\WINDOWS\system32\ZoomingHook.exe [2004-07-14 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-02-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lxcqcoms.exe"="C:\WINDOWS\system32\lxcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Programme\WS_FTP Pro\wsftppro.exe"="C:\Programme\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\Sherpa-MV\sherpa-client-SCHULUNG\jre\bin\javaw.exe"="C:\Sherpa-MV\sherpa-client-SCHULUNG\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Sherpa-MV\sherpa-client-LIVE\jre\bin\javaw.exe"="C:\Sherpa-MV\sherpa-client-LIVE\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Sherpa-MV\sherpa-client-LIVE\sherpa.exe"="C:\Sherpa-MV\sherpa-client-LIVE\sherpa.exe:*:Enabled:sherpa"
"C:\Sherpa-MV\sherpa-client-SCHULUNG\sherpa.exe"="C:\Sherpa-MV\sherpa-client-SCHULUNG\sherpa.exe:*:Enabled:sherpa"
"C:\Programme\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe"="C:\Programme\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Programme\SPSSInc\PASWStatistics17\statistics.exe"="C:\Programme\SPSSInc\PASWStatistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe"
"C:\Programme\SPSSInc\PASWStatistics17\paswstat.com"="C:\Programme\SPSSInc\PASWStatistics17\paswstat.com:*:Disabled:Statistics17:com"
"C:\Programme\SPSSInc\PASWStatistics17\paswstat.exe"="C:\Programme\SPSSInc\PASWStatistics17\paswstat.exe:*:Disabled:Statistics17:exe"
"C:\Programme\SPSSInc\PASWStatistics17\statistics.com"="C:\Programme\SPSSInc\PASWStatistics17\statistics.com:*:Disabled:Statistics17:deprecated com"
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.com"="C:\Programme\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com"
"C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe"="C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe"="C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.bat - edit - "C:\Programme\TextPad 4\textpad.exe" -s

======List of files/folders created in the last 1 months======

2010-07-19 21:38:44 ----D---- C:\Programme\Microsoft Visual Studio
2010-07-19 21:38:40 ----D---- C:\Programme\Gemeinsame Dateien\Designer
2010-07-19 21:37:03 ----D---- C:\WINDOWS\ShellNew
2010-07-19 20:57:33 ----DC---- C:\rsit
2010-07-19 20:34:25 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-19 20:34:22 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-07-19 20:34:22 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-19 20:02:39 ----D---- C:\Programme\CCleaner
2010-07-19 19:27:20 ----D---- C:\Programme\Trend Micro
2010-07-19 15:56:39 ----A---- C:\WINDOWS\system32\reboot.txt
2010-07-13 22:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

======List of files/folders modified in the last 1 months======

2010-07-23 07:57:13 ----D---- C:\WINDOWS\Temp
2010-07-23 07:57:06 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2010-07-23 00:50:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-23 00:30:45 ----D---- C:\Programme\Lx_cats
2010-07-23 00:28:48 ----D---- C:\WINDOWS\system32\drivers
2010-07-22 19:49:41 ----D---- C:\WINDOWS\Prefetch
2010-07-21 16:41:05 ----D---- C:\WINDOWS\Help
2010-07-21 16:26:38 ----D---- C:\Programme\Mozilla Firefox
2010-07-21 09:30:33 ----RSD---- C:\WINDOWS\assembly
2010-07-21 09:30:33 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-20 22:56:17 ----SHD---- C:\WINDOWS\Installer
2010-07-20 21:31:12 ----AC---- C:\WINDOWS\ODBC.INI
2010-07-20 11:06:01 ----A---- C:\WINDOWS\win.ini
2010-07-20 08:52:46 ----D---- C:\WINDOWS
2010-07-20 08:51:40 ----D---- C:\WINDOWS\SxsCaPendDel
2010-07-19 21:39:33 ----AC---- C:\WINDOWS\vbaddin.ini
2010-07-19 21:39:22 ----HD---- C:\WINDOWS\inf
2010-07-19 21:39:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-19 21:39:19 ----D---- C:\Programme\Gemeinsame Dateien
2010-07-19 21:39:01 ----D---- C:\WINDOWS\system32
2010-07-19 21:38:44 ----RD---- C:\Programme
2010-07-19 21:38:23 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-07-19 21:34:47 ----D---- C:\Programme\Microsoft Office
2010-07-19 21:34:27 ----D---- C:\WINDOWS\msapps
2010-07-19 21:34:27 ----D---- C:\Programme\microsoft frontpage
2010-07-19 21:34:26 ----D---- C:\WINDOWS\system
2010-07-19 20:20:43 ----D---- C:\WINDOWS\WinSxS
2010-07-19 20:11:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-07-19 20:11:03 ----D---- C:\WINDOWS\Debug
2010-07-19 18:27:05 ----D---- C:\WINDOWS\system32\config
2010-07-19 17:42:01 ----D---- C:\Programme\Google
2010-07-19 16:54:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-07-19 16:43:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-07-19 16:43:16 ----D---- C:\Programme\Microsoft Visual Studio .NET 2003
2010-07-19 16:17:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2010-07-19 16:17:03 ----SD---- C:\WINDOWS\Tasks
2010-07-19 16:09:17 ----RSD---- C:\WINDOWS\Fonts
2010-07-19 14:57:55 ----D---- C:\WINDOWS\system32\URTTemp
2010-07-19 14:57:54 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-07-19 14:57:54 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-19 14:57:54 ----D---- C:\WINDOWS\system32\BWKDLogs
2010-07-19 14:57:52 ----D---- C:\Programme\Password Spectator
2010-07-17 10:44:55 ----D---- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\vlc
2010-07-13 22:03:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-13 22:02:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-28 22:11:33 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-08-17 87168]
R0 ohci1394;Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-29 43528]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-18 58016]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr; C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 6400]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-29 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-29 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-02-23 986624]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-18 108256]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-11 157056]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-01-08 29184]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S0 goyozx;goyozx; C:\WINDOWS\system32\drivers\goyozx.sys []
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S1 StickyMesger;StickyMesger; \??\C:\Programme\TOSHIBA\Accessibility\StickyMesger.sys []
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-05-15 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-05-15 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-05-15 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-05-15 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-05-15 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-05-15 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-05-15 90800]
S3 siusbmod;siusbmod; C:\WINDOWS\system32\DRIVERS\siusbmod.sys []
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-02-23 352256]
R2 CFSvcs;ConfigFree Service; C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 lxcq_device;lxcq_device; C:\WINDOWS\system32\lxcqcoms.exe [2006-11-06 532480]
R2 McAfeeFramework;McAfee Framework Service; C:\Programme\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Programme\Network Associates\VirusScan\Mcshield.exe [2004-08-18 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Programme\Network Associates\VirusScan\VsTskMgr.exe [2004-08-18 28672]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

--- --- ---

cosinus · 23.07.2010, 16:03

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

elchvonoslo · 23.07.2010, 22:04

Guten Abend Arne,
erneut ein großes DANKESCHÖN!

Und anbei zunächst das LOG File otl.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.07.2010 22:58:38 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Standard\Desktop\PC Sicherheit
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 193,00 Mb Available Physical Memory | 19,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 24,36 Gb Free Space | 43,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SC-HELM
Current User Name: Standard
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Standard\Desktop\PC Sicherheit\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxcqcoms.exe ( )
PRC - C:\Programme\Lexmark 9300 Series\lxcqmon.exe ()
PRC - C:\Programme\Lexmark 9300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
PRC - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
PRC - C:\Programme\Network Associates\Common Framework\naPrdMgr.exe (Network Associates, Inc.)
PRC - C:\Programme\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Microsoft Office\Office\OUTLOOK.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Standard\Desktop\PC Sicherheit\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (lxcq_device) -- C:\WINDOWS\System32\lxcqcoms.exe ( )
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (McShield) -- C:\Programme\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager) -- C:\Programme\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
SRV - (McAfeeFramework) -- C:\Programme\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found
DRV - (StickyMesger) -- C:\Programme\TOSHIBA\Accessibility\StickyMesger.sys File not found
DRV - (siusbmod) -- C:\WINDOWS\System32\DRIVERS\siusbmod.sys File not found
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS File not found
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG)
DRV - (NaiAvFilter1) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (Network Associates, Inc.)
DRV - (NaiAvTdi1) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys (Network Associates, Inc.)
DRV - (EntDrv51) -- C:\WINDOWS\system32\drivers\EntDrv51.sys (Network Associates, Inc)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (SerTVOutCtlr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.muc.eu.nfowg.com:8080
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.ftp: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.ssl_port: 8080
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 22:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 16:26:12 | 000,000,000 | ---D | M]
 
[2010.02.09 22:59:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Extensions
[2010.07.22 19:38:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\5hi6ezge.default\extensions
[2010.07.02 21:54:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\5hi6ezge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.09 22:57:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.30 22:50:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.30 22:50:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.30 22:50:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.30 22:50:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.30 22:50:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.02.14 23:01:20 | 000,380,585 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 hk.winantivirus.com ## added by CiD
O1 - Hosts: 13074 more lines...
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 9300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 9300 Series Fax Server] C:\Programme\Lexmark 9300 Series\fm3032.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LXCQCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcqmon.exe] C:\Programme\Lexmark 9300 Series\lxcqmon.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230041342062 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230041522328 (MUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.03.17 07:48:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{494114e8-45e0-11da-9796-0013ce30eae7}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.19 21:38:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2010.07.19 21:38:40 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Designer
[2010.07.19 21:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010.07.19 20:57:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.19 20:34:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.19 20:34:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.19 20:34:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.19 20:11:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Standard\Recent
[2010.07.19 20:02:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.19 19:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Standard\Desktop\PC Sicherheit
[2010.07.19 19:27:20 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.07.13 20:57:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.06.29 21:08:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Standard\Desktop\Radios
[2007.07.05 17:02:41 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCQhcp.dll
[2007.07.05 17:02:36 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqinpa.dll
[2007.07.05 17:02:36 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqiesc.dll
[2007.07.05 17:02:35 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqserv.dll
[2007.07.05 17:02:35 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqusb1.dll
[2007.07.05 17:02:35 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqprox.dll
[2007.07.05 17:02:35 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpplc.dll
[2007.07.05 17:02:34 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpmui.dll
[2007.07.05 17:02:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqlmpm.dll
[2007.07.05 17:02:32 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqhbn3.dll
[2007.07.05 17:02:30 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomc.dll
[2007.07.05 17:02:30 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.23 22:54:24 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B821E66C-7F32-4744-9AAD-031778487884}.job
[2010.07.23 22:36:02 | 000,012,650 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.23 22:35:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.23 22:35:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.23 08:29:01 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\NTUSER.DAT
[2010.07.23 08:29:01 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Standard\ntuser.ini
[2010.07.22 21:31:47 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Microsoft Word.lnk
[2010.07.22 20:48:48 | 000,002,513 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Microsoft Excel.lnk
[2010.07.22 19:26:14 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010.07.20 21:31:12 | 000,000,403 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.07.20 21:31:05 | 000,023,124 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Microsoft Excel.ADR
[2010.07.20 11:15:01 | 000,027,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.07.20 11:06:01 | 000,000,841 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.20 08:51:42 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.19 21:39:33 | 000,000,059 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010.07.19 21:39:06 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2010.07.19 18:20:05 | 013,774,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\NTUSER.DAT_BAK_80249
[2010.07.19 15:53:21 | 000,021,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Desktop\memoriesdisccreator_a.pdf
[2010.07.19 15:19:06 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\NTUSER.DAT_BAK_27495
[2010.07.18 17:20:37 | 014,153,728 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb
[2010.07.18 17:20:29 | 009,649,152 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb
[2010.06.28 22:11:34 | 000,452,926 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.28 22:11:34 | 000,436,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.28 22:11:34 | 000,069,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.28 22:11:33 | 001,008,632 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.28 22:11:33 | 000,082,262 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.20 09:01:42 | 000,002,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Microsoft Word.lnk
[2010.07.19 21:39:06 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2010.07.19 21:39:05 | 000,002,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Microsoft Excel.lnk
[2010.07.19 18:20:01 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Standard\NTUSER.DAT_TU_80249.LOG
[2010.07.19 15:53:19 | 000,021,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\memoriesdisccreator_a.pdf
[2010.07.19 15:19:02 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Standard\NTUSER.DAT_TU_27495.LOG
[2009.07.07 22:18:54 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009.07.07 22:18:54 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009.07.07 22:18:54 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008.04.05 10:20:58 | 000,000,354 | ---- | C] () -- C:\WINDOWS\avpr.ini
[2007.11.15 22:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2007.11.15 22:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 22:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 22:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007.08.03 21:46:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007.07.05 17:12:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcqvs.dll
[2007.07.05 17:12:27 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcqcoin.dll
[2007.07.05 17:11:39 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcqdrs.dll
[2007.07.05 17:11:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcqcaps.dll
[2007.07.05 17:11:39 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcqcnv4.dll
[2007.07.05 17:10:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007.07.05 17:10:27 | 000,000,277 | ---- | C] () -- C:\WINDOWS\LogInfo.ini
[2007.07.05 17:08:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2007.07.05 17:08:46 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007.07.05 17:06:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lxcqpmon.dll
[2007.07.05 17:06:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCQFXPU.DLL
[2007.07.05 17:05:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\lxcqpmrc.dll
[2007.07.05 17:04:46 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\lxcqrwrd.ini
[2007.07.05 17:02:42 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCQinst.dll
[2007.07.05 17:02:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxcqgrd.dll
[2007.06.25 09:10:57 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC7.dll
[2007.06.25 09:10:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll
[2007.06.25 09:10:54 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\LxImport50VC7.dll
[2007.06.25 09:10:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\LxImport40VC7.dll
[2006.12.10 15:52:04 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC8.dll
[2006.11.04 03:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll
[2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2006.06.30 10:02:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006.06.30 10:02:39 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006.06.30 09:43:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006.06.30 09:43:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006.06.11 12:39:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Standard.ini
[2006.05.09 22:47:29 | 000,000,143 | ---- | C] () -- C:\WINDOWS\mandant.ini
[2006.05.09 22:38:51 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2006.05.09 22:38:51 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2006.05.09 22:38:51 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2006.05.09 22:38:51 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[2006.05.09 22:38:50 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26.dll
[2006.05.09 22:38:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter.dll
[2006.05.09 22:38:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SBSPAINT.DLL
[2006.05.09 22:38:49 | 000,237,623 | ---- | C] () -- C:\WINDOWS\System32\dnt26.dll
[2006.05.09 22:38:49 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2006.05.09 22:38:49 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm26.dll
[2006.05.09 22:38:47 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2006.05.09 22:28:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[2006.05.09 22:28:30 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2006.05.04 17:07:33 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.04.10 11:11:28 | 000,003,130 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.03.20 11:45:52 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2006.03.06 07:34:16 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.03.05 20:36:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2005.11.18 21:01:28 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005.09.30 08:57:39 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005.09.17 21:28:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005.09.17 20:08:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2005.09.17 16:34:39 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005.04.17 12:34:52 | 000,001,096 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.04.17 12:27:21 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.04.17 12:27:21 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.04.17 11:30:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.dll
[2005.03.23 15:34:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.03.23 15:26:30 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2005.03.23 15:14:26 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.03.23 15:08:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.03.23 15:08:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.03.23 15:08:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.03.23 15:08:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.03.23 15:08:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.03.23 15:08:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.03.17 09:57:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005.03.17 09:57:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005.03.17 09:57:54 | 000,010,163 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005.03.17 09:57:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005.03.17 09:04:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.03.17 07:52:23 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.03.17 07:34:35 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.03.02 21:02:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005.03.01 15:36:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005.02.17 15:51:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005.02.16 14:37:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005.02.16 14:36:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004.08.27 10:34:50 | 000,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004.05.06 14:07:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\dnt26VC7.dll
[2004.05.06 14:05:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26VC7.dll
[2004.05.06 14:04:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dntvm26VC7.dll
[2000.09.08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 40 bytes -> C:\Dokumente und Einstellungen\All Users\DRM:hex
< End of report >

--- --- ---

elchvonoslo · 23.07.2010, 22:06

und dann noch das mit dem Namen extras.txt:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.07.2010 22:58:38 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Standard\Desktop\PC Sicherheit
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 193,00 Mb Available Physical Memory | 19,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 24,36 Gb Free Space | 43,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SC-HELM
Current User Name: Standard
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- File not found
"C:\WINDOWS\system32\lxcqcoms.exe" = C:\WINDOWS\system32\lxcqcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Programme\WS_FTP Pro\wsftppro.exe" = C:\Programme\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington MA)
"C:\Sherpa-MV\sherpa-client-SCHULUNG\jre\bin\javaw.exe" = C:\Sherpa-MV\sherpa-client-SCHULUNG\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Sherpa-MV\sherpa-client-LIVE\jre\bin\javaw.exe" = C:\Sherpa-MV\sherpa-client-LIVE\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Sherpa-MV\sherpa-client-LIVE\sherpa.exe" = C:\Sherpa-MV\sherpa-client-LIVE\sherpa.exe:*:Enabled:sherpa -- ()
"C:\Sherpa-MV\sherpa-client-SCHULUNG\sherpa.exe" = C:\Sherpa-MV\sherpa-client-SCHULUNG\sherpa.exe:*:Enabled:sherpa -- ()
"C:\Programme\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\statistics.exe" = C:\Programme\SPSSInc\PASWStatistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\paswstat.com" = C:\Programme\SPSSInc\PASWStatistics17\paswstat.com:*:Disabled:Statistics17:com -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\paswstat.exe" = C:\Programme\SPSSInc\PASWStatistics17\paswstat.exe:*:Disabled:Statistics17:exe -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\statistics.com" = C:\Programme\SPSSInc\PASWStatistics17\statistics.com:*:Disabled:Statistics17:deprecated com -- File not found
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.com" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{17A50383-2F75-4F6D-BAF9-8E22662E3797}" = TAXMAN 2009 spezial
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Benutzerhandbücher
"{1B657E63-2A6E-414C-9F92-7569C621CBBF}" = TAXMAN 2006
"{1BA00D7B-636C-4396-AFBE-9286EB6175C3}" = Steuer Update 15.01
"{1D80FA2B-C0E4-4138-BE4B-D517E0D59468}" = Lexware reisekosten Steuerversion 2006
"{2546003F-2D14-4ECE-A4C5-27FCF12825DA}" = Lexware buchhalter 2006
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3EAE4683-E5EE-4835-AAAF-9F2A3014E04B}" = Lexware reisekosten 2007
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{48E341CA-D2DC-4458-8E84-FA4D72BDCF7A}" = TAXMAN 2007 spezial
"{4D01E330-676E-4F5D-8C9B-0E84A0E61184}" = Steuer Update 14.01
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service
"{6A92FDF6-3E24-4D82-A1B4-51FBDD4A0493}" = TAXMAN 2008 spezial
"{700C61BE-9424-4B20-9153-7A0C59722AF4}" = TAXMAN Bibliothek 2009
"{70788C1F-9CFB-41A8-807F-E79AE0F9C6FD}" = Lexware reisekosten 2007
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{74726CC3-B4FC-4528-A99A-E36BED200617}" = Lexware buchhalter 2006
"{76409DA4-E9F8-4EB3-8FDC-51D576CD3353}" = Visual Studio.NET Baseline - German
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7E81E513-27E6-4EC2-BA25-ECF1023A070D}" = Lexware reisekosten 2007
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{86AA1376-1970-41A6-A154-430A4A190BF4}" = TIxx21/x515
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8979F2B8-BBF6-444A-8344-0ABB1791F7F9}" = Einnahme-Überschussrechner für Steuererklärungsprodukte 2006
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{98CB479F-7A43-473D-B203-10C6576867F4}" = Lexware buchhalter 2006
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF33C368-670C-4048-8EA4-4353A89C9417}" = Steuer Update 14.01
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B26CEFDF-DD0A-4145-ADE6-EE3440DB6711}" = Lexware reisekosten 2007
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.50.02
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C2C95288-289B-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - German
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF346565-52CF-4985-B72A-C164A3B525C1}" = o2 Communication Center
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D92FE7C1-8487-4595-AF20-B3C0BD01C5CB}" = Steuer Update 14.01
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{EC4D5610-F99A-41C8-BA00-9801F81A46CD}" = Lexware buchhalter 2007
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B53A83-7277-45A6-9E2C-CEE2F04BBE48}" = Steuer Update 14.01
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4E16EDA-D4CA-48C3-94C8-4D5F0B4351C1}" = TAXMAN 2009 spezial
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"{FF57AAA8-2F35-4FB2-84D3-DA2DA7B5E19A}" = Lexware reisekosten Steuerversion 2005
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"GMX SMS-Manager" = GMX SMS-Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey-Dienstprogramm
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Touchpad EIN/AUS-Utility
"InstallShield_{86AA1376-1970-41A6-A154-430A4A190BF4}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{CF346565-52CF-4985-B72A-C164A3B525C1}" = o2 Communication Center
"Lexmark 9300 Series" = Lexmark 9300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool
"Power Saver" = TOSHIBA Power Saver
"R for Windows 2.7.1_is1" = R for Windows 2.7.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Switch" = Switch Uninstall
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VBAPass97 2.0_is1" = Version 2.0
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xp-AntiSpy" = xp-AntiSpy 3.96-4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = 
"findintraless" = Zone Media
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with New Malware.jf Trojan. Detected with Scan Engine 5300 DAT version 5514.(from
 SC-HELM IP 192.168.0.131 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with the New Malware.jf Trojan. No cleaner available, quarantined successfully 
. Detected using Scan engine version 5300 DAT version 5514.(from SC-HELM IP 192.168.0.131
 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with New Malware.jf Trojan. Detected with Scan Engine 5300 DAT version 5514.(from
 SC-HELM IP 192.168.0.131 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with the New Malware.jf Trojan. No cleaner available, quarantined successfully 
. Detected using Scan engine version 5300 DAT version 5514.(from SC-HELM IP 192.168.0.131
 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with New Malware.jf Trojan. Detected with Scan Engine 5300 DAT version 5514.(from
 SC-HELM IP 192.168.0.131 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with the New Malware.jf Trojan. No cleaner available, quarantined successfully 
. Detected using Scan engine version 5300 DAT version 5514.(from SC-HELM IP 192.168.0.131
 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with New Malware.jf Trojan. Detected with Scan Engine 5300 DAT version 5514.(from
 SC-HELM IP 192.168.0.131 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\A0084047.exe.Vir is infected
 with the New Malware.jf Trojan. No cleaner available, quarantined successfully 
. Detected using Scan engine version 5300 DAT version 5514.(from SC-HELM IP 192.168.0.131
 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\vergleich1.txt.Vir is
 infected with the JS/Exploit-Script Trojan.  Undetermined clean error, quarantined
 successfully. Detected using Scan engine version 5300 DAT version 5514.(from SC-HELM
 IP 192.168.0.131 user SC-HELM running VirusScan Enter 8.0 OAS)
 
Error - 22.07.2010 16:37:45 | Computer Name = SC-HELM | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: The file C:\quarantine\vergleich2.txt.Vir is
 infected with the JS/Exploit-Script Trojan.  Undetermined clean error, quarantined
 successfully. Detected using Scan engine version 5300 DAT version 5514.(from SC-HELM
 IP 192.168.0.131 user SC-HELM running VirusScan Enter 8.0 OAS)
 
[ System Events ]
Error - 16.07.2010 14:54:20 | Computer Name = SC-HELM | Source = Service Control Manager | ID = 7034
Description = Dienst "lxcq_device" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 18.07.2010 13:59:32 | Computer Name = SC-HELM | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Kirchenschreibertexte Holzendorf.doc,
 im Besitz von Standard, konnte nicht auf dem Drucker \\hxxp://172.19.193.158\hamprt03
 gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes:
 0. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 0. Anzahl
 der gedruckten Seiten: 0. Clientcomputer: \\SC-HELM. Vom Druckprozessor zurückgelieferter
 Win32-Fehlercode: 259 (0x103). 
 
Error - 19.07.2010 05:10:24 | Computer Name = SC-HELM | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - 20100716 vholzendorf_anschreiben.doc,
 im Besitz von Standard, konnte nicht auf dem Drucker \\hxxp://172.19.193.158\hamprt03
 gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes:
 0. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 0. Anzahl
 der gedruckten Seiten: 0. Clientcomputer: \\SC-HELM. Vom Druckprozessor zurückgelieferter
 Win32-Fehlercode: 259 (0x103). 
 
Error - 19.07.2010 05:12:36 | Computer Name = SC-HELM | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - 20100716 vholzendorf_anschreiben.doc,
 im Besitz von Standard, konnte nicht auf dem Drucker \\hxxp://172.19.193.158\hamprt03
 gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes:
 0. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 0. Anzahl
 der gedruckten Seiten: 0. Clientcomputer: \\SC-HELM. Vom Druckprozessor zurückgelieferter
 Win32-Fehlercode: 259 (0x103). 
 
Error - 19.07.2010 05:14:46 | Computer Name = SC-HELM | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - 20100716 vholzendorf_anschreiben.doc,
 im Besitz von Standard, konnte nicht auf dem Drucker \\hxxp://172.19.193.158\hamprt03
 gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes:
 0. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 0. Anzahl
 der gedruckten Seiten: 0. Clientcomputer: \\SC-HELM. Vom Druckprozessor zurückgelieferter
 Win32-Fehlercode: 259 (0x103). 
 
Error - 19.07.2010 05:17:01 | Computer Name = SC-HELM | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - 20100716 vholzendorf_anschreiben.doc,
 im Besitz von Standard, konnte nicht auf dem Drucker \\hxxp://172.19.193.158\hamprt03
 gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes:
 0. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 0. Anzahl
 der gedruckten Seiten: 0. Clientcomputer: \\SC-HELM. Vom Druckprozessor zurückgelieferter
 Win32-Fehlercode: 259 (0x103). 
 
Error - 19.07.2010 12:24:19 | Computer Name = SC-HELM | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst JavaQuickStarterService.
 
Error - 19.07.2010 12:28:49 | Computer Name = SC-HELM | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 0013CE30EAE7 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:   %%121.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 20.07.2010 04:06:01 | Computer Name = SC-HELM | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 22.07.2010 18:30:25 | Computer Name = SC-HELM | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   IntelIde
 
 
< End of report >

--- --- ---
Ich bin übers Wochenende weg, kann also erst So abend wieder an den Tatort PC.

Beste Grüße für ein schönes Wochenende,

der Elch

cosinus · 26.07.2010, 13:55

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.muc.eu.nfowg.com:8080
FF - prefs.js..network.proxy.ftp: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.muc.eu.nfowg.com"
FF - prefs.js..network.proxy.ssl_port: 8080
@Alternate Data Stream - 40 bytes -> C:\Dokumente und Einstellungen\All Users\DRM:hex
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

elchvonoslo · 26.07.2010, 19:00

HAllo Arne,
das habe ich gemacht - wenn auch mein Rechner sich beim Neustart aufhing und ich ihn "hart" ausschalten musste.

Ansonsten scheint er einiges getan zu haben:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "proxy.muc.eu.nfowg.com" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "proxy.muc.eu.nfowg.com" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "proxy.muc.eu.nfowg.com" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "proxy.muc.eu.nfowg.com" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "proxy.muc.eu.nfowg.com" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
ADS C:\Dokumente und Einstellungen\All Users\DRM:hex deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Standard
->Temp folder emptied: 397 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3053304 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55079417 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07262010_194742

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\WFV1.tmp not found!

Registry entries deleted on Reboot...

Beste Grüße,

der Elch

cosinus · 26.07.2010, 22:34

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

22.07.2010, 20:16	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Zone Media - auch hier Bitte Malwarebytes aktualisieren und einen Vollscan machen. __________________ Logfiles bitte immer in CODE-Tags posten

Zone Media - auch hier

Log-Analyse und Auswertung: Zone Media - auch hier