|
Plagegeister aller Art und deren Bekämpfung: TAN-Banker-trojaner hat sich eingenistetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.07.2010, 11:43 | #1 |
| TAN-Banker-trojaner hat sich eingenistet Hallo, ich wollte vorhin postbanken und es kam direkt nach dem einloggen ein Popup, das eine TAN haben wollte, unten strand dran "weiter"..also wenn ich die TAN eingeben hätte, wäre das wohl noch lange so weitergegangen. Es war ein weißes Rechteck mit blauer Schrift. Habe schon die anderen Threads mit diesem Thema gelesen aber da ihr immer ausdrücklich auf die Individualität der angebotenen Lösungen hinweist, und daß das niemand einfach so nachmachen soll, habe ich jetzt extra einen Thread aufgemacht. Bin nicht so sehr bewandert mit Computersachen, wäre super wenn ihr das ganze für Doofe beschreibt Und natürlich wenn ihr helfen könntet. Arbeite gerade den CC-Scan, Malwarebytes und OTL durch, poste dann die Ergebnisse. Arbeite gerade die Scanliste durch, melde mich dann mit logs. CC-Cleaner durchgeführt, bis nur noch die Avira-Antivir-Eintragung über war. ----- Malwarebytes-log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4329 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.07.2010 15:34:53 mbam-log-2010-07-20 (15-34-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|) Durchsuchte Objekte: 437042 Laufzeit: 2 Stunde(n), 31 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 9 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 1 Infizierte Dateien: 37 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\HP_BES~1\ANWEND~1\MACROM~1\Common\855fe0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\HP_BES~1\ANWEND~1\MACROM~1\Common\855fe0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\HP_BES~1\ANWEND~1\MACROM~1\Common\855fe0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\HP_BES~1\ANWEND~1\MACROM~1\Common\855fe0481.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\AcroIEHelpe018.dll (Trojan.Banker) -> Quarantined and deleted successfully. C:\Programme\BBO-Almanach\BBO Almanach\BBO Almanach.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\4072_FF_0000002047.pst (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\4072_FF_0000002048_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\4072_FF_0000002049_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\4072_FF_0000002050_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB118A74516DE6_00001940_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB17E6F3676E70_00003112_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB17E6F3781EE6_00003112_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB17E6F3F8DDE2_00003112_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB17E6F40004F0_00003112_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB17E6F4668A0E_00003112_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB17E6F782DB7A_00003112_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB19FD354AFEDE_00000484_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB19FE75421526_00004036_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB20BF1ABDEACC_00003132_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB20BF1AC77434_00003132_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB20BF1B69941C_00003132_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB20BF1BF8A134_00003132_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB20BF1BFFC842_00003132_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB20BF1EEECD00_00003132_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB21107CDFF8FC_00003824_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB258089A6EBE5_00005944_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB258089B2D7A7_00005944_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB25808A65A805_00005944_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB25808B51B0D3_00005944_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB25808B5B3A3B_00005944_classes.jsa (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB25808DD7CE19_00005944_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB25808DDA3073_00005944_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB258284542A4D_00003208_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm\FromJava01CB258284568CA7_00003208_rasphone.pbk (Stolen.Data) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully. (is ja ein Horrorkabinett) ----------------------------- OTL OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.07.2010 16:01:27 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 143,04 Gb Total Space | 38,62 Gb Free Space | 27,00% Space Free | Partition Type: NTFS Drive D: | 5,99 Gb Total Space | 2,04 Gb Free Space | 34,08% Space Free | Partition Type: FAT32 Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NAME-CD5FDA878D Current User Name: HP_Besitzer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany -- File not found "C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard) "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.) "C:\Games\Ultima Online\No_Crypt_Client_2d.exe" = C:\Games\Ultima Online\No_Crypt_Client_2d.exe:*:Enabled:No_Crypt_Client_2d -- File not found "C:\Games\Ultima Online\Client.exe" = C:\Games\Ultima Online\Client.exe:*:Enabled:Client -- File not found "C:\Games\Horizons\horizons.exe" = C:\Games\Horizons\horizons.exe:*:Enabled:horizons -- File not found "C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe" = C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCalls -- (InternetCalls) "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe:*:Enabled:GMX Update -- File not found "C:\AeriaGames\12Sky\TwelveSky.exe" = C:\AeriaGames\12Sky\TwelveSky.exe:*:Enabled:TwelveSky -- File not found "C:\Programme\ICQ\Icq.exe" = C:\Programme\ICQ\Icq.exe:*:Enabled:ICQ -- File not found "C:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe" = C:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.) "C:\Programme\Metin2_Germany\metin2.bin" = C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2 -- File not found "C:\Games\bin\ExeFile.exe" = C:\Games\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.) "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\FOGDL-bbo_de_setup_0_24.exe" = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\FOGDL-bbo_de_setup_0_24.exe:*:Enabled:YuLeech -- File not found "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation) "C:\Games\AirRivals_DE\Launcher.atm" = C:\Games\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- File not found "C:\Games\AirRivals_DE\Res-Voip\SCVoIP.exe" = C:\Games\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{1650594B-3979-48DB-B8F2-4634CAA872A3}_is1" = Bounty Bay Online "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224 "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices "{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1 "{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig "{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C907932-0AA6-46E9-A6FA-86FE4DD62EE9}" = Digital MP3 Music Player "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader 4.00 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1 "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin "{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08 "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung "{81D2FECF-FB01-4120-828B-DB3213440356}" = EverQuest II "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97257926-3443-4DB5-93CF-2B3ADAD581CC}" = World Community Grid - BOINC Agent "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone "{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA "{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Kameras 5.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0 "{D0B3166F-BBE3-4025-B822-84A4D3D8608E}" = Vanguard: Saga of Heroes "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Multi-Card Reader & Flash Disk "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Die Schatten von Angmar v01.04.00.80 "7-Zip" = 7-Zip 4.49 beta "A Tale in the Desert" = A Tale in the Desert "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Anarchy Online_is1" = Anarchy Online "a-squared Free_is1" = a-squared Free 4.5 "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "AutoItv3" = AutoIt v3.3.6.1 "AVGAntiSpyware75" = AVG Anti-Spyware 7.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Dark Age of Camelot - Catacombs_is1" = Dark Age of Camelot - Catacombs "Dark Age of Camelot - Shrouded Isles_is1" = Dark Age of Camelot - Shrouded Isles "Dark Age of Camelot - Trial of Atlantis" = Dark Age of Camelot - Trial of Atlantis "Dark Age of Camelot: Darkness Rising_is1" = Dark Age of Camelot: Darkness Rising "Entropia Universe" = Entropia Universe "EQ2MAP Updater" = EQ2MAP Updater 1.0.6 "EVE" = EVE Online (remove only) "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "EZMacros" = EZ Macros "Free Download Manager_is1" = Free Download Manager 2.0 - Free Downloads Center Edition "GMX IE7 Browser Update" = GMX IE7 Browser Update "Google Chrome" = Google Chrome "HP Document Viewer" = HP Document Viewer 5.3 "HP Imaging Device Functions" = HP Imaging Device Functions 5.3 "HP LaserJet P1000 series" = HP LaserJet P1000 series "HP Photo & Imaging" = HP Image Zone 5.3 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "ICQToolbar" = ICQ Toolbar "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen "InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung "Intelli-studio" = SAMSUNG Intelli-studio "InternetCalls_is1" = InternetCalls "IrfanView" = IrfanView (remove only) "K-Meleon" = K-Meleon (nur entfernen) "MabinogiEU" = MabinogiEU "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "MSNINST" = MSN "MultiRes (remove only)" = MultiRes (remove only) "Navilog1" = Navilog1 Version 2.0.3 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Nvidia Omega Drivers for Windows 2k-XPv1.6693" = Nvidia Omega Drivers Setup Files "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "PhotoFiltre" = PhotoFiltre "PristonTale2" = PristonTale2 "PS2" = PS2 "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "ST6UNST #1" = UORudder "SystemRequirementsLab" = System Requirements Lab "UO Extreme 7" = UO Extreme 7 "UOAM" = UO Auto-Map "UOAssist" = UOAssist "Warhammer Online: Age of Reckoning_is1" = Warhammer Online: Age of Reckoning "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BobsUI_1.89c_v3.00 (Complete)" = BobsUI_1.89c_v3.00 (Complete) "Wurm Online 2.4.2a" = Wurm Online 2.4.2a ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.07.2010 01:48:38 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135894 Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr) Serveranwendungs-ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {86FF3CFD-4562-41D7-9A2F-2D7F6DCD76AC} Serveranwendungsname: System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet. Fehlercode = 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion von 'Comsvcs.dll': ENU 2001.12.4414.702 s Error - 19.07.2010 01:48:38 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135761 Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt. Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten, die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector fail Error - 19.07.2010 01:48:38 | Computer Name = NAME-CD5FDA878D | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten. Error - 19.07.2010 01:48:41 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135894 Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr) Serveranwendungs-ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {2F9115C4-058F-453D-A88F-B89D79BADA0A} Serveranwendungsname: System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet. Fehlercode = 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion von 'Comsvcs.dll': ENU 2001.12.4414.702 s Error - 19.07.2010 01:48:47 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135894 Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr) Serveranwendungs-ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {DB3CFE63-E37E-4245-88CA-5F737485C8E1} Serveranwendungsname: System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet. Fehlercode = 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion von 'Comsvcs.dll': ENU 2001.12.4414.702 s Error - 19.07.2010 01:54:28 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135894 Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr) Serveranwendungs-ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {09A22DB9-170A-445C-BFE4-E63CFD920F7E} Serveranwendungsname: System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet. Fehlercode = 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion von 'Comsvcs.dll': ENU 2001.12.4414.702 s Error - 19.07.2010 01:54:28 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135761 Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt. Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten, die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector fail Error - 19.07.2010 01:54:28 | Computer Name = NAME-CD5FDA878D | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten. Error - 19.07.2010 01:54:30 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135894 Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr) Serveranwendungs-ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {38782190-64D6-4CCB-B116-36961B1FD610} Serveranwendungsname: System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet. Fehlercode = 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion von 'Comsvcs.dll': ENU 2001.12.4414.702 s Error - 19.07.2010 01:54:35 | Computer Name = NAME-CD5FDA878D | Source = COM+ | ID = 135894 Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr) Serveranwendungs-ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {C7736002-62A5-4C88-ABC8-0075DA836FE9} Serveranwendungsname: System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet. Fehlercode = 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion von 'Comsvcs.dll': ENU 2001.12.4414.702 s [ System Events ] Error - 20.07.2010 05:22:24 | Computer Name = NAME-CD5FDA878D | Source = DCOM | ID = 10010 Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2010 05:49:05 | Computer Name = NAME-CD5FDA878D | Source = DCOM | ID = 10010 Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2010 08:33:04 | Computer Name = NAME-CD5FDA878D | Source = DCOM | ID = 10010 Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2010 08:51:40 | Computer Name = NAME-CD5FDA878D | Source = DCOM | ID = 10010 Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2010 08:59:45 | Computer Name = NAME-CD5FDA878D | Source = DCOM | ID = 10010 Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2010 09:18:56 | Computer Name = NAME-CD5FDA878D | Source = DCOM | ID = 10010 Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2010 09:39:58 | Computer Name = NAME-CD5FDA878D | Source = Service Control Manager | ID = 7000 Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.07.2010 09:39:58 | Computer Name = NAME-CD5FDA878D | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 20.07.2010 09:39:58 | Computer Name = NAME-CD5FDA878D | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Creative Service for CDROM Access" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.07.2010 09:40:06 | Computer Name = NAME-CD5FDA878D | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: IntelIde ViaIde < End of report > -------------------------------------- OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2010 16:01:27 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 143,04 Gb Total Space | 38,62 Gb Free Space | 27,00% Space Free | Partition Type: NTFS Drive D: | 5,99 Gb Total Space | 2,04 Gb Free Space | 34,08% Space Free | Partition Type: FAT32 Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NAME-CD5FDA878D Current User Name: HP_Besitzer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86 () PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\BOINC\boincmgr.exe (World Community Grid) PRC - C:\Programme\BOINC\boinc.exe (World Community Grid) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS\Dit.exe () PRC - C:\WINDOWS\DitExp.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\System32\CTsvcCDA.exe File not found SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AdminSVC) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (a2free) -- C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AVG Anti-Spyware Guard) -- C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZSMC301b) -- C:\WINDOWS\System32\Drivers\usbVM31b.sys File not found DRV - (TSMPacket) -- C:\WINDOWS\System32\DRIVERS\tsmpkt.sys File not found DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys File not found DRV - (PciCon) -- E:\PciCon.sys File not found DRV - (ossrv) -- C:\WINDOWS\System32\drivers\ctoss2k.sys File not found DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (dsltestSp5) -- C:\WINDOWS\System32\Drivers\dsltestSp5.sys File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows (R) 2000/XP) DRV - (AVG Anti-Spyware Driver) -- C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys () DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010.06.23 06:38:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Programme\K-Meleon\Plugins [2010.07.15 06:43:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Programme\K-Meleon\Components [2010.07.15 06:43:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.18 09:06:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.17 06:25:41 | 000,000,000 | ---D | M] [2009.07.04 18:34:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Extensions [2010.07.20 11:31:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\extensions [2010.07.18 18:26:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) [2010.07.10 17:43:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.06.16 22:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.17 06:26:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\searchplugins\icqplugin-1.xml [2010.06.16 22:34:50 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\searchplugins\icqplugin.gif [2010.06.16 22:34:50 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\searchplugins\icqplugin.src [2010.07.08 16:07:04 | 000,001,069 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\90ul3gml.default\searchplugins\icqplugin.xml [2010.07.20 11:31:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.17 06:54:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.27 07:48:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.17 06:25:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.17 06:25:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.17 06:25:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.17 06:25:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.17 06:25:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.10.17 18:14:50 | 000,000,842 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (no name) - {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe018.dll (Adobe Systems, Incorporated) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe () O4 - HKLM..\Run: [HPHUPD08] c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCDrProfiler] File not found O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [{4D8B5A7F-A580-F7EE-4725-E711B6C0BCF4}] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Roymc\egduu.exe () O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\World Community Grid - BOINC Manager.lnk = C:\Programme\BOINC\boincmgr.exe (World Community Grid) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all with Free Download Manager - C:\Tools\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Tools\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download web site with Free Download Manager - C:\Tools\Free Download Manager\dlpage.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Tools\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} https://horizons.istaria.com/controls/launcher.ocx (Launcher Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab (Reg Error: Key error.) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe () O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.11.03 03:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001.07.28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - Unable to obtain root file information for disk D:\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: clipstub - (C:\WINDOWS\system32\ddesdt32.dll) - C:\WINDOWS\System32\ddesdt32.dll File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.20 15:58:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Recent [2010.07.20 15:44:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.07.20 15:42:25 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\ccsetup233.exe [2010.07.20 15:40:28 | 000,208,208 | ---- | C] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe018.dll [2010.07.20 15:40:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2010.07.20 12:53:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Malwarebytes [2010.07.20 12:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.20 12:52:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.20 12:52:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.20 12:52:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.20 12:29:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe [2010.07.19 07:16:25 | 000,000,000 | ---D | C] -- C:\Download [2010.07.19 07:16:11 | 000,421,888 | ---- | C] (NEXON Inc.) -- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe [2010.07.17 19:07:10 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\MabinogiEU [2010.07.17 18:34:19 | 000,000,000 | ---D | C] -- C:\Nexon [2010.07.17 06:55:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\skypePM [2010.07.17 06:54:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Skype [2010.07.17 06:54:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.07.17 06:53:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [2010.07.15 12:15:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\PrivacIE [2010.07.15 12:15:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\IECompatCache [2010.07.15 12:09:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\IETldCache [2010.07.15 11:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.07.15 11:44:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.07.15 11:41:49 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.07.15 06:43:20 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.07.14 06:30:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.02 17:55:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\cityguide [2010.06.26 08:38:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HpUpdate [2010.06.26 08:38:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard [2010.06.24 16:32:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2010.06.24 16:07:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\NetSpeedMonitor [2010.06.23 06:32:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5005 [2010.06.21 23:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs [2010.06.21 23:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5004 [2010.06.21 23:40:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cock [2007.06.05 16:45:27 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.20 15:42:27 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\ccsetup233.exe [2010.07.20 15:40:28 | 000,208,208 | ---- | M] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe018.dll [2010.07.20 15:40:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.20 15:39:45 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.20 15:39:45 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2010.07.20 15:39:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.20 15:39:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.20 15:39:40 | 2682,834,944 | -HS- | M] () -- C:\hiberfil.sys [2010.07.20 15:38:37 | 006,815,744 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\ntuser.dat [2010.07.20 15:38:37 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\ntuser.ini [2010.07.20 15:15:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.20 12:29:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe [2010.07.20 11:34:51 | 000,000,787 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat [2010.07.19 10:19:33 | 000,001,120 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MabinogiEU Homepage.lnk [2010.07.19 10:19:33 | 000,000,659 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MabinogiEU.lnk [2010.07.19 07:16:11 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe [2010.07.17 06:55:34 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.07.15 11:40:32 | 000,000,368 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\SciTE.session [2010.07.15 06:43:44 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.07.03 18:21:36 | 000,118,385 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.07.02 15:14:24 | 000,002,443 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Lb.rtf [2010.07.02 06:43:31 | 000,004,678 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\testlb [2010.06.30 15:39:11 | 000,053,248 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\BBV Juli.xls [2010.06.25 17:22:04 | 000,009,528 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2010.06.24 16:20:01 | 000,000,825 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.24 16:20:01 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2010.06.24 16:20:01 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.23 06:31:48 | 001,029,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.23 06:31:48 | 000,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.23 06:31:48 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.23 06:31:48 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.23 06:31:48 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.19 10:19:33 | 000,001,120 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MabinogiEU Homepage.lnk [2010.07.19 10:19:33 | 000,000,659 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MabinogiEU.lnk [2010.07.17 17:32:48 | 006,815,744 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\ntuser.dat [2010.07.17 06:55:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.07.15 06:43:43 | 000,001,595 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.07.02 06:43:30 | 000,004,678 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\testlb [2010.06.30 15:39:11 | 000,053,248 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\BBV Juli.xls [2010.06.23 17:46:31 | 000,002,443 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Lb.rtf [2010.06.22 03:29:28 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2009.09.05 14:40:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\PT2Key-ger.ini [2009.08.02 03:01:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\ezmacros.INI [2009.07.08 08:58:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll [2008.02.02 18:56:33 | 000,000,529 | ---- | C] () -- C:\WINDOWS\unezmac.ini [2007.09.28 18:07:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.09.28 18:05:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2007.09.28 18:05:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2007.09.28 18:05:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.07.26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll [2007.06.05 16:46:51 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2007.05.23 22:55:02 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007.01.05 07:37:45 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006.11.02 17:13:41 | 000,000,140 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.04.29 02:46:26 | 000,167,936 | ---- | C] () -- C:\WINDOWS\Dit.DLL [2006.04.29 02:46:26 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Dit.INI [2006.04.22 09:57:04 | 000,000,374 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2006.04.21 20:51:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RunSetup.dll [2006.04.21 20:00:42 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2006.04.21 20:00:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2006.04.21 19:58:04 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini [2006.04.21 19:57:35 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini [2006.04.21 19:40:46 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini [2006.04.21 19:39:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2006.03.13 19:29:02 | 000,009,528 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005.12.28 11:03:52 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005.12.28 11:03:52 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005.12.28 11:03:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005.12.28 11:03:44 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005.12.28 11:03:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005.12.28 11:03:42 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005.10.05 22:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.01.03 02:56:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.01.03 02:37:58 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2005.01.03 02:34:33 | 000,013,625 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2005.01.03 02:34:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2005.01.03 02:28:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005.01.03 02:28:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005.01.03 02:28:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005.01.03 02:28:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005.01.03 02:28:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005.01.03 02:28:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005.01.03 02:27:00 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2005.01.03 02:15:52 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.01.03 02:02:44 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005.01.03 01:59:35 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll [2005.01.03 01:59:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll [2005.01.03 01:59:15 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2002.09.21 01:19:34 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000023.DLL [2001.07.06 23:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI < End of report > Hoffentlich alles korrekt erstmal Ich weiß nicht, ob ich was falsch gemacht habe bisher, wäre sehr nett wenn jemand von den Kompetenzlern sich meiner annehmen könnte. |
21.07.2010, 18:09 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TAN-Banker-trojaner hat sich eingenistet Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL O4 - HKCU..\Run: [{4D8B5A7F-A580-F7EE-4725-E711B6C0BCF4}] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Roymc\egduu.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe () O32 - AutoRun File - [2001.07.28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O36 - AppCertDlls: clipstub - (C:\WINDOWS\system32\ddesdt32.dll) - C:\WINDOWS\System32\ddesdt32.dll File not found [2010.06.23 06:32:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5005 [2010.06.21 23:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs [2010.06.21 23:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5004 [2010.06.21 23:40:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cock :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
Themen zu TAN-Banker-trojaner hat sich eingenistet |
0x00000001, 7-zip, acroiehelpe, acroiehelper.dll, andere, anderen, appconf32.exe, audacity, avgntflt.sys, banke, banken, besitzer, blauer, browser update, ccsetup, components, compu, direkt, doofe, einfach, eingebe, einloggen, extra, firefox.exe, free download, google chrome, hinweis, jusched.exe, könntet, lange, location, lösungen, metin2, natürlich, niemand, officejet, oldtimer, optimierung, otl.exe, plug-in, popup, rechteck, rogue.drivecleaner, rogue.winantivirus, saver, sched.exe, searchplugins, shell32.dll, stolen.data, super, tan, thema, threads, torrent.exe, tracker, weißes, windows internet, windows internet explorer, xmldm |