| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan Fraud Pack in Registry entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2010, 23:42
| #16 | |
 |  Trojan Fraud Pack in Registry entfernen Guten Abend Julian, danke, dass Du Dich gemeldet hast. Dummerweise hatte ich vergessen den IE zu schließen. Ist das schlimm? Hier der Logfile: Zitat:
|
|
04.08.2010, 00:04
| #17 | |
| | Trojan Fraud Pack in Registry entfernen Ich werde verrückt. Jetzt habe ich nochmal einen Scan mit Malwarebytes gemacht und jetzt wurde folgendes gefunden:
__________________Zitat:
|
|
04.08.2010, 11:03
| #18 | |
| | Trojan Fraud Pack in Registry entfernen Hallo Julian,
__________________ich war mal wieder aktiv. Bitte nicht schimpfen, wenn das verkehrt war. Nachdem Malwarebytes die gefundene Spyware in Quarantäne geschickt hat wurde nichts mehr gefunden. Heute habe ich diese SUPERAntiSpyware laufen lassen und siehe da, es wurden wieder Trojaner gefunden. Oder sind das die, die auf Malwarebytes in Quarantäne sind? Hier der Logfile Zitat:
|
|
04.08.2010, 11:12
| #19 |
| | Trojan Fraud Pack in Registry entfernen Dann habe ich OTL gestartet. Hier ist das Ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.08.2010 11:39:48 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Carmen\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 104,00 Mb Available Physical Memory | 20,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,86 Gb Total Space | 25,57 Gb Free Space | 64,16% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 52,40 Gb Total Space | 50,43 Gb Free Space | 96,23% Space Free | Partition Type: NTFS Drive G: | 19,53 Gb Total Space | 16,64 Gb Free Space | 85,22% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-C43B3FD694 Current User Name: Carmen Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Carmen\Desktop\OTL.exe (OldTimer Tools) PRC - F:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe (Computer Associates International, Inc.) PRC - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe (Computer Associates International, Inc.) PRC - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (Computer Associates International, Inc.) PRC - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe (Computer Associates International, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.) PRC - C:\Programme\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) PRC - C:\Programme\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA) PRC - C:\Programme\EzButton\EzButton.EXE (Dritek System Inc.) PRC - C:\Programme\TOSHIBA\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Carmen\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (CAISafe) -- C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe (Computer Associates International, Inc.) SRV - (VETMSGNT) -- C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (Computer Associates International, Inc.) SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (CeEPwrSvc) -- C:\Programme\TOSHIBA\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MHIKEY10) -- C:\WINDOWS\System32\Drivers\MHIKEY10.sys File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (VETMONNT) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.) DRV - (VETEFILE) -- C:\WINDOWS\System32\drivers\VetEFile.sys (Computer Associates International, Inc.) DRV - (VETEBOOT) -- C:\WINDOWS\System32\drivers\VetEBoot.sys (Computer Associates International, Inc.) DRV - (VET-FILT) -- C:\WINDOWS\System32\drivers\Vet-Filt.sys (Computer Associates International, Inc.) DRV - (VETFDDNT) -- C:\WINDOWS\System32\drivers\VetFDDNT.sys (Computer Associates International, Inc.) DRV - (VET-REC) -- C:\WINDOWS\System32\drivers\Vet-Rec.sys (Computer Associates International, Inc.) DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.) DRV - (SrvcEPECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys () DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (PCX504) -- C:\WINDOWS\system32\drivers\PCX504.sys (Cisco Systems) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.) DRV - (w22n51) Intel(R) -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation) DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation ) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.28 12:00:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: F:\Programme\Mozilla Firefox\components [2010.07.25 23:18:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: F:\Programme\Mozilla Firefox\plugins [2010.08.01 16:08:09 | 000,000,000 | ---D | M] [2008.09.01 20:37:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Mozilla\Extensions [2010.08.04 01:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Mozilla\Firefox\Profiles\yufesfbo.default\extensions [2010.04.27 20:47:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Mozilla\Firefox\Profiles\yufesfbo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.26 00:36:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2010.08.04 00:33:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [CaAvTray] C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe (Computer Associates International, Inc.) O4 - HKLM..\Run: [CAVRID] C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe (Computer Associates International, Inc.) O4 - HKLM..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [CeEPOWER] C:\Programme\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [EzButton] C:\Programme\EzButton\EzButton.EXE (Dritek System Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} </title> <script language="JavaScript" type="text/javascript" src="/ocom/groups/systemobject/@mktg_admin/documents/webcontent/oraclelib.js"> </script> <style type="text/css"> HTML,BODY,TD,H1,H2,H3,H4,OL,UL,DL,LI,DT,DD {font-family:arial,helvetica,san (Java Plug-in 1.4.2_05) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Carmen\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Carmen\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.19 12:05:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{10be443a-00ea-11df-b6cc-000e359e5f2b}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{68aed1b0-7ea3-11de-b49d-000e359e5f2b}\Shell - "" = AutoRun O33 - MountPoints2\{68aed1b0-7ea3-11de-b49d-000e359e5f2b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{68aed1b0-7ea3-11de-b49d-000e359e5f2b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{b68cb7d2-f9a0-11dc-afe8-000e359e5f2b}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.04 09:28:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.04 09:28:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.04 09:28:27 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.04 01:22:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Carmen\Recent [2010.08.04 00:32:31 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.03 18:06:17 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Carmen\Desktop\OTL.exe [2010.08.01 16:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.01 16:08:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.01 16:08:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.01 16:08:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.01 16:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.01 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.08.01 15:09:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Carmen\Desktop\MFTools [2010.08.01 02:24:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.07.28 14:52:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.07.26 00:18:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.26 00:17:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.26 00:17:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.14 15:18:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2004.08.19 12:48:45 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [2004.08.16 20:38:28 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll ========== Files - Modified Within 30 Days ========== [2010.08.04 11:13:24 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.08.04 11:13:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.04 11:13:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.04 11:13:03 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 10:43:38 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Carmen\NTUSER.DAT [2010.08.04 10:43:38 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Carmen\ntuser.ini [2010.08.04 09:28:30 | 000,001,648 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.04 00:33:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.08.03 18:06:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Carmen\Desktop\OTL.exe [2010.08.01 16:34:04 | 000,100,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\SystemLook.exe [2010.08.01 16:07:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.01 16:07:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.01 16:07:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.01 16:07:56 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.01 16:07:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.01 15:09:42 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\gmer.zip [2010.08.01 15:06:56 | 000,410,626 | ---- | M] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\Load.exe [2010.07.28 15:14:50 | 000,011,714 | ---- | M] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\cc_20100728_151351.reg [2010.07.28 14:52:04 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\CCleaner.lnk [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.26 00:18:04 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.24 13:56:00 | 000,379,214 | ---- | M] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\Schräge_Verkehrsschilder.pdf [2010.07.24 13:55:00 | 000,302,063 | ---- | M] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\Vorschultest_der_Macht_Spass.pdf [2010.07.24 13:53:00 | 000,029,887 | ---- | M] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\Ups.jpg [2010.07.06 09:29:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== Files Created - No Company Name ========== [2010.08.04 09:28:30 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.03 22:19:40 | 000,572,174 | ---- | C] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\IMG_8276.JPG [2010.08.01 15:06:54 | 000,410,626 | ---- | C] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\Load.exe [2010.07.31 13:31:57 | 000,100,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\SystemLook.exe [2010.07.29 15:27:41 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\gmer.zip [2010.07.28 15:14:08 | 000,011,714 | ---- | C] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\cc_20100728_151351.reg [2010.07.28 14:52:04 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\Carmen\Desktop\CCleaner.lnk [2010.07.26 00:18:04 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.24 13:56:00 | 000,379,214 | ---- | C] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\Schräge_Verkehrsschilder.pdf [2010.07.24 13:55:00 | 000,302,063 | ---- | C] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\Vorschultest_der_Macht_Spass.pdf [2010.07.24 13:53:00 | 000,029,887 | ---- | C] () -- F:\Dokumente und Einstellungen\Carmen\Eigene Dateien\Ups.jpg [2010.02.17 14:36:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2009.05.15 00:32:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI [2008.10.18 16:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI [2008.03.22 17:52:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSBrow.INI [2008.03.22 11:41:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI [2004.08.19 15:42:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.08.19 15:33:15 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini [2004.08.19 15:29:16 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.08.19 14:16:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2004.08.19 14:10:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004.08.19 14:10:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004.08.19 14:10:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004.08.19 14:10:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004.08.19 14:10:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004.08.19 14:10:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004.08.19 13:56:41 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2004.08.19 13:56:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2004.08.19 13:56:41 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2004.08.19 13:56:41 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2004.08.19 13:53:17 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll [2004.08.19 12:59:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004.08.19 12:48:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004.08.19 12:09:36 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.19 11:51:15 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.08.16 20:35:54 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.11.15 13:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll [2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll [2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll [2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll ========== LOP Check ========== [2008.04.06 22:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2008.03.22 18:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA [2008.04.06 22:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2008.12.29 22:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2008.06.01 00:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2008.07.06 10:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.06.17 21:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Haufe [2008.12.29 22:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Lexware [2008.12.17 21:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\toshiba [2008.03.22 12:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\TuneUp Software [2008.03.27 20:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Ulead Systems [2010.02.16 15:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\WinBatch [2010.07.26 00:36:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Yfgod [2010.07.25 23:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Carmen\Anwendungsdaten\Ykhye [2010.08.04 11:13:24 | 000,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.08.2010 11:39:48 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Carmen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
510,00 Mb Total Physical Memory | 104,00 Mb Available Physical Memory | 20,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,86 Gb Total Space | 25,57 Gb Free Space | 64,16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 52,40 Gb Total Space | 50,43 Gb Free Space | 96,23% Space Free | Partition Type: NTFS
Drive G: | 19,53 Gb Total Space | 16,64 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-C43B3FD694
Current User Name: Carmen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "F:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"H:\Windows Live\Messenger\msnmsgr.exe" = H:\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"H:\Skype\Phone\Skype.exe" = H:\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\52795eb\SM5279_231.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\52795eb\SM5279_231.exe:*:Enabled:Security Master AV -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Hotkey Hook
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Benutzerhandbücher
"{1dc34015-aa09-4f8c-9fd1-8135747ddea9}" = C4340
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{323f35d7-9fcf-48cf-a66e-cf3ddf6c0621}" = C4340_Help
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32a8e314-9663-4fbc-bc03-f4d84e670fcc}" = PS_AIO_03_C4340_ProductContext
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3AAFCB5F-5166-46EC-A521-E363C6950A94}" = Steuer Update 15.01
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CF29999-1BB0-42B2-99BB-3A34507F9E3B}" = Steuer Update 15.01
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{584B7A79-1262-4424-BB2E-21D8EF10DFB4}" = HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5E8C42DD-7E43-462C-84CC-99E5BBE3E101}" = Steuer 2007
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{7EF2432D-8C52-40C1-962A-1EB0413F25ED}" = TouchPad On/Off Utility
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A933190B-9C8E-4E81-B4D4-038D594A1675}" = TOSHIBA Hotkey Utility
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{bb06d04a-9871-4a6b-a668-2ef483b5c2b5}" = PS_AIO_03_C4340_Software_Min
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D674A81F-0216-4523-B6AB-3F18D789798E}" = TOSHIBA Power Management
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ed8fcd31-e06b-4103-b4f7-657b9a82e29f}" = PS_AIO_03_C4340_Software
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F04D6A72-92D3-44FB-9005-A89065245E33}" = Steuer Update 15.01
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDDC37C3-B2FC-4B5E-A854-1E69B2FFCA71}" = Steuer Update 14.01
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"EzButton" = Easy Button
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"InstallShield_{7EF2432D-8C52-40C1-962A-1EB0413F25ED}" = Touchpad EIN/AUS-Utility
"InstallShield_{A933190B-9C8E-4E81-B4D4-038D594A1675}" = TOSHIBA Hotkey-Dienstprogramm
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"myphotobook" = myphotobook 3.65
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool
"Shop for HP Supplies" = Shop for HP Supplies
"TOSHIBA Power Management" = TOSHIBA Energieverwaltung
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VETWIN32Vp5" = eTrust EZ Antivirus
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2010 14:18:25 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung lsass.exe, Version 6.5.0.5, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000101b3.
Error - 24.06.2010 10:19:44 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqtra08.exe, Version 110.0.180.0, fehlgeschlagenes
Modul ole32.dll, Version 5.1.2600.5512, Fehleradresse 0x0001d91e.
Error - 24.06.2010 15:47:58 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqtra08.exe, Version 110.0.180.0, fehlgeschlagenes
Modul ole32.dll, Version 5.1.2600.5512, Fehleradresse 0x0001d91e.
Error - 25.06.2010 10:24:14 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqtra08.exe, Version 110.0.180.0, fehlgeschlagenes
Modul ole32.dll, Version 5.1.2600.5512, Fehleradresse 0x0001d91e.
Error - 25.06.2010 16:34:54 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqtra08.exe, Version 110.0.180.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x8510758b.
Error - 06.07.2010 03:36:05 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpwucli.exe, Version 5.0.8.1, fehlgeschlagenes
Modul hpwucli.exe, Version 5.0.8.1, Fehleradresse 0x00004607.
Error - 13.07.2010 04:00:36 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpwucli.exe, Version 5.0.8.1, fehlgeschlagenes
Modul hpwucli.exe, Version 5.0.8.1, Fehleradresse 0x00004607.
Error - 20.07.2010 08:53:20 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpwucli.exe, Version 5.0.8.1, fehlgeschlagenes
Modul hpwucli.exe, Version 5.0.8.1, Fehleradresse 0x00004607.
Error - 25.07.2010 17:50:57 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sm5279_231.exe, Version 0.6.0.0, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
Error - 03.08.2010 17:04:31 | Computer Name = YOUR-C43B3FD694 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17055, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ec41b36.
[ System Events ]
Error - 03.08.2010 18:32:41 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 03.08.2010 18:32:41 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7034
Description = Dienst "LiveUpdate Notice Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 03.08.2010 18:32:47 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7034
Description = Dienst "VET Message Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 03.08.2010 18:36:35 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 03.08.2010 18:56:52 | Computer Name = YOUR-C43B3FD694 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 03.08.2010 18:58:36 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 03.08.2010 18:58:36 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 04.08.2010 02:38:58 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 04.08.2010 04:34:49 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 04.08.2010 05:15:01 | Computer Name = YOUR-C43B3FD694 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
< End of report >
|
|
04.08.2010, 22:25
| #20 |
| /// Helfer-Team  | Trojan Fraud Pack in Registry entfernen Hallo Carmen, da hast Du ja schon gut vorgearbeitet. SuperAntiSpyware wäre sowieso dann einer der nächsten Schritte gewesen.  Zu den Funden: die sind insofern alle "ungefährlich", da sie sich in der Systemwiederherstellung befinden und somit nicht aktiv sind. Um die kümmern wir uns am Ende noch... Nochmal zu dem Rootkitscanner GMER: Starte Deinen Rechner mal im abgesicherten Modus. Lass dann GMER nochmal gemäß Anleitung scannen. Achte aber darauf, dass Du in der Auswahlliste diesmal den Punkt "Sections" nicht anhakst! Dann sollte es problemlos durchlaufen und auch ein Logfile erstellen. |
|
05.08.2010, 15:44
| #21 |
| | Trojan Fraud Pack in Registry entfernen Hallo Julian, zunächst noch einmal ganz, ganz lieben Dank für Deine Hilfe. Heute hatte ich einen Bekannten hier, der Fachmann in Sachen PC ist. Er hat meinen Laptop wieder auf Vordermann gebracht und mir versichert, dass jetzt alles zu 100 % sauber ist. Wenn wider Erwarten nicht, komme ich wieder auf Dich zu. Solltest Du noch irgendwelche Infos von mir benötigen, melde Dich bitte. Herzliche Grüße und  Carmen |
|
| Themen zu Trojan Fraud Pack in Registry entfernen |
| anti-malware, dateien, englisch, entfernen, explorer, folge, forum, fraud, gen, internet, malwarebytes, mas, microsoft, notebook, problem, registry, security, seite, seiten, software, system, system32, trojan, userinit, winlogon |
Linear-Darstellung
