| |
| |||||||
Log-Analyse und Auswertung: TR/Vilsel.rouWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.08.2010, 09:48
| #1 |
 |  TR/Vilsel.rou Hallo allerseits  Auch ich hatte das Vergnügen mit einem Trojaner... USB-Stick angeschlossen - aber Avira hat mich sofort alarmiert: Die Datei 'F:\RECYCLER\recycld.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Vilsel.rou' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ec52940.qua' verschoben. Ich habe den USB-Stick formatiert (genügt das?) und weiß allerdings nicht, ob ich mir den Trojaner nun auf meinem Laptop eingefangen hab oder eben nicht :/ Könnte für mich bitte jemand darüberschauen? Das wäre mir eine große Hilfe... Vielen Dank im Voraus schon mal HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:30:33, on 03.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Avira\AntiVir Desktop\avmailc.exe C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Napster\napster.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe C:\Programme\Microsoft Office\Office\FINDFAST.EXE C:\Programme\Microsoft Office\Office\OSA.EXE C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu91\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Samsung_AppInst] E:\SamsungSoftware\AppInst.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Samsung Auto Backup Guage.lnk = ? O4 - Global Startup: Samsung Auto Backup Real-Time Daemon.lnk = ? O4 - Global Startup: Samsung Auto Backup Scheduler.lnk = ? O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1221174105 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=1203376838 O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1209238572 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79C73F04-4629-4EDC-8B37-305B6A90F3F7}: NameServer = 141.2.149.10,141.2.22.74 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13798 bytes [/CODE] Ich wäre wirklich sehr dankbar, wenn jemand einmal darüber schauen könnte und mir sagen kann, ob alles iO ist oder irgendwas auffällig... Liebe Grüße |
|
03.08.2010, 12:30
| #2 |
| /// Malware-holic   | TR/Vilsel.rou das formatieren reicht.
__________________download malwarebytes: Malwarebytes instalieren, updaten, über die registerkarte aktualisierung, schalte nun alles an laufenden programmen ab, auch den avira guard. trenne die internetverbindung, in dem du wlan abschaltest, bzw die lanverbindung trennst. starte nun nen komplett scan, funde löschen, avira + internet ein, log posten. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. am schluss stellen wirs so ein, das sich über autorun nichts mehr einschleichen kann, diese option gehört abgeschaltet, um genauso was zu verhindern. |
|
03.08.2010, 14:07
| #3 |
| | TR/Vilsel.rou zunächst log von malewarebytes:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4384
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03.08.2010 13:57:43
mbam-log-2010-08-03 (13-57-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 246923
Laufzeit: 1 Stunde(n), 8 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Programme\ICQToolbar\tbu91\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
OTL.txt folgt sogleich... Code:
ATTFilter OTL logfile created on: 03.08.2010 14:12:08 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\anne\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 414,00 Mb Available Physical Memory | 41,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 111,79 Gb Total Space | 69,29 Gb Free Space | 61,98% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-9E5E84168E Current User Name: anne Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\anne\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.) PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.) PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.) PRC - C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe () PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Napster\napster.exe (Napster) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Programme\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.) PRC - C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) PRC - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.) PRC - C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Toshiba\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) PRC - C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office\OSA.EXE () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\anne\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MSR Service) -- C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe () SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (TAPPSRV) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (CFSvcs) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (mvd20) -- File not found DRV - (mdf15) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (Eacfilt) -- C:\WINDOWS\system32\drivers\eacfilt.sys (Nortel Networks) DRV - (IPSECSHM) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (IPSECEXT) -- C:\WINDOWS\system32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-139224490-1622099281-510958009-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com IE - HKU\S-1-5-21-139224490-1622099281-510958009-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-139224490-1622099281-510958009-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.24 19:43:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.24 19:43:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2010.02.24 23:34:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.07.23 17:01:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.02.21 18:07:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Extensions [2010.02.21 18:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.02 13:31:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\extensions [2010.05.01 13:54:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.21 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.02.24 23:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.02.24 23:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Sunbird\Profiles\ihg5zqd5.default\extensions [2010.08.01 12:59:39 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\searchplugins\icqplugin-1.xml [2010.07.21 19:53:15 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\searchplugins\icqplugin.gif [2010.07.21 19:53:15 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\searchplugins\icqplugin.src [2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla\Firefox\Profiles\ciuw60cv.default\searchplugins\icqplugin.xml [2010.08.02 13:31:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.22 21:31:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NapsterShell] C:\Programme\Napster\napster.exe (Napster) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-139224490-1622099281-510958009-1005..\Run: [Samsung_AppInst] E:\SamsungSoftware\AppInst.exe File not found O4 - HKU\S-1-5-21-139224490-1622099281-510958009-1005..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-139224490-1622099281-510958009-1005..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\anne\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\anne\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE () O4 - Startup: C:\Dokumente und Einstellungen\anne\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab (SysData Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1221174105 (Image Uploader Control) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=1203376838 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1209238572 (Image Uploader Control) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\anne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\anne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.06.28 15:14:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3b2a33df-d02d-11de-bbd1-444553544200}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008.04.14 03:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{3b2a33df-d02d-11de-bbd1-444553544200}\Shell\explore\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008.04.14 03:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{3b2a33df-d02d-11de-bbd1-444553544200}\Shell\open\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008.04.14 03:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{8f5e6b14-8e96-11df-bc3e-444553544200}\Shell\AutoRun\command - "" = E:\APPInst.exe -- File not found O33 - MountPoints2\{99a176b4-9107-11df-bc42-444553544200}\Shell - "" = AutoRun O33 - MountPoints2\{99a176b4-9107-11df-bc42-444553544200}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{99a176b4-9107-11df-bc42-444553544200}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2010.08.03 14:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010.08.03 14:08:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\anne\Desktop\OTL.exe [2010.08.03 12:30:21 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.08.03 12:30:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Malwarebytes [2010.08.03 12:29:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.03 12:29:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.03 12:29:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.03 12:29:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.03 12:28:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Desktop\MFTools [2010.08.03 09:29:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.02 12:48:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Desktop\Inhalt cruzer [2010.08.02 12:38:08 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010.08.02 12:37:33 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.08.02 12:01:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2010.07.24 19:23:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Lokale Einstellungen\Anwendungsdaten\Temp [2010.07.22 21:35:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\skypePM [2010.07.22 21:32:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Skype [2010.07.22 21:31:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.07.22 21:31:17 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.07.22 21:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [2010.07.21 19:52:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Lokale Einstellungen\Anwendungsdaten\AOL [2010.07.21 19:52:06 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.07.21 10:40:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Eigene Dateien\Warwick [2010.07.17 08:59:30 | 000,000,000 | ---D | C] -- C:\Log [2010.07.17 08:59:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Clarus [2010.07.17 08:55:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data [2010.07.17 08:55:17 | 000,000,000 | ---D | C] -- C:\Programme\Clarus [2010.07.16 19:27:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\U3 [2010.07.14 09:53:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.06 15:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Eigene Dateien\referenz m databases [2010.07.06 14:14:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\EndNote [2010.07.06 12:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ResearchSoft [2010.07.06 12:00:02 | 000,000,000 | ---D | C] -- C:\Programme\Reference Manager 12 [2010.07.06 11:56:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2010.07.06 06:48:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ISI ResearchSoft [2010.07.06 06:48:31 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Risxtd [2010.07.06 06:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISI ResearchSoft [2010.07.06 06:47:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Reference Manager 12 [2010.07.06 06:45:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers [2006.07.12 10:23:20 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [1 C:\Dokumente und Einstellungen\anne\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\anne\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.03 14:08:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\anne\Desktop\OTL.exe [2010.08.03 14:01:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.03 14:01:17 | 000,005,775 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.03 14:00:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.03 14:00:10 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.03 14:00:09 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys [2010.08.03 13:58:39 | 008,388,608 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\ntuser.dat [2010.08.03 13:58:39 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\anne\ntuser.ini [2010.08.03 12:31:15 | 001,070,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.03 12:31:15 | 000,459,340 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.03 12:31:15 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.03 12:31:15 | 000,084,676 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.03 12:31:15 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.03 12:29:38 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 12:28:33 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Desktop\Gmer.zip [2010.08.03 12:24:42 | 000,410,626 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Desktop\Load.exe [2010.08.03 10:53:09 | 016,953,344 | -H-- | M] () -- C:\ffastun0.ffx [2010.08.03 10:53:09 | 001,122,304 | -H-- | M] () -- C:\ffastun.ffl [2010.08.03 10:53:09 | 000,409,600 | -H-- | M] () -- C:\ffastun.ffo [2010.08.03 10:53:09 | 000,004,715 | -H-- | M] () -- C:\ffastun.ffa [2010.08.03 09:29:40 | 000,001,982 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Desktop\HiJackThis.lnk [2010.07.30 13:39:42 | 000,100,899 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Desktop\20100924_GLEINICH_Z25ABG_Flug2409.pdf [2010.07.30 09:04:20 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.07.22 21:35:11 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.07.19 15:36:43 | 000,205,034 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Desktop\BoardingDocument.pdf [2010.07.17 08:55:56 | 000,001,523 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung SecretZone.lnk [2010.07.17 08:55:17 | 000,001,441 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Auto Backup.lnk [2010.07.17 08:55:17 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Real-Time Daemon.lnk [2010.07.17 08:55:17 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Scheduler.lnk [2010.07.17 08:55:17 | 000,000,571 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Guage.lnk [2010.07.15 17:46:39 | 000,011,643 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Desktop\To do Liste!!!!.docx [2010.07.04 17:36:23 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [1 C:\Dokumente und Einstellungen\anne\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\anne\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.03 12:29:38 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 12:28:33 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\anne\Desktop\Gmer.zip [2010.08.03 12:24:41 | 000,410,626 | ---- | C] () -- C:\Dokumente und Einstellungen\anne\Desktop\Load.exe [2010.08.03 09:29:40 | 000,001,982 | ---- | C] () -- C:\Dokumente und Einstellungen\anne\Desktop\HiJackThis.lnk [2010.07.30 13:39:39 | 000,100,899 | ---- | C] () -- C:\Dokumente und Einstellungen\anne\Desktop\20100924_GLEINICH_Z25ABG_Flug2409.pdf [2010.07.22 21:35:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.07.22 21:31:21 | 000,002,243 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.07.19 15:36:43 | 000,205,034 | ---- | C] () -- C:\Dokumente und Einstellungen\anne\Desktop\BoardingDocument.pdf [2010.07.17 08:55:56 | 000,001,523 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung SecretZone.lnk [2010.07.17 08:55:17 | 000,001,441 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Auto Backup.lnk [2010.07.17 08:55:17 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Real-Time Daemon.lnk [2010.07.17 08:55:17 | 000,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Scheduler.lnk [2010.07.17 08:55:17 | 000,000,571 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Samsung Auto Backup Guage.lnk [2010.07.15 17:46:39 | 000,011,643 | ---- | C] () -- C:\Dokumente und Einstellungen\anne\Desktop\To do Liste!!!!.docx [2010.07.04 17:36:23 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2009.09.02 10:54:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ltserial.dll [2009.03.20 21:57:15 | 000,000,043 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.04.10 14:58:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2007.06.11 23:05:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2006.07.21 10:38:23 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006.07.12 12:40:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.07.12 12:40:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.07.12 12:40:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.07.12 12:40:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.07.12 12:40:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.07.12 12:40:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.07.12 11:23:59 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006.07.12 10:23:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2006.07.12 10:14:10 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.07.12 10:14:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.07.12 10:14:10 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.07.12 10:14:10 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.07.12 10:12:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.07.06 19:50:26 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.07.06 19:50:26 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.07.06 19:50:23 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.07.06 19:50:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.07.06 19:50:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.06.28 14:58:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.06.28 14:58:18 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.29 04:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.09.02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2004.01.14 02:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1997.01.16 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997.01.16 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== LOP Check ========== [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\toshiba [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search [2008.04.15 02:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development [2010.07.17 08:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Clarus [2010.07.21 19:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.07.06 06:48:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISI ResearchSoft [2008.02.14 21:57:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster [2010.03.25 15:48:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPPU [2010.07.06 12:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers [2010.05.04 10:47:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Academic Software Zurich [2010.07.28 11:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\EndNote [2010.07.29 21:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ICQ [2008.06.12 15:47:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ICQ Toolbar [2006.10.17 21:55:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ICQLite [2010.07.06 06:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ISI ResearchSoft [2008.04.14 17:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\iSilo [2008.05.10 19:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Leadertech [2008.04.10 15:34:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\OriginLab [2006.09.25 16:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Template [2010.02.21 18:07:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Thunderbird [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\toshiba [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Windows Desktop Search [2008.04.14 17:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\XnView [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\toshiba [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Windows Desktop Search [2007.01.01 13:50:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander [2010.05.30 11:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Academic Software Zurich [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\toshiba ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.04 10:47:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Academic Software Zurich [2008.02.04 10:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Adobe [2007.02.13 14:42:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\AdobeUM [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ATI [2009.07.31 10:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Avira [2009.07.04 17:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\DivX [2010.07.27 18:13:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\dvdcss [2010.07.28 11:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\EndNote [2007.06.19 17:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Google [2007.05.07 14:00:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Help [2007.06.11 23:17:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\HP [2010.04.06 09:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\HpUpdate [2010.07.29 21:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ICQ [2008.06.12 15:47:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ICQ Toolbar [2006.10.17 21:55:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ICQLite [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Identities [2009.12.16 08:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\IDMComp [2009.03.04 15:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\InstallShield [2006.09.25 16:17:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Intel [2010.07.06 06:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\ISI ResearchSoft [2008.04.14 17:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\iSilo [2008.05.10 19:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Leadertech [2006.09.25 20:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Macromedia [2010.08.03 12:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Malwarebytes [2010.07.23 09:47:28 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Microsoft [2009.05.16 23:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Move Networks [2010.02.24 23:34:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Mozilla [2010.08.03 13:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\OpenOffice.org2 [2008.04.10 15:34:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\OriginLab [2010.07.29 15:54:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Real [2008.04.19 16:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Roxio [2010.08.02 10:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Skype [2010.08.02 09:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\skypePM [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Sonic [2006.11.29 12:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Sun [2010.02.24 23:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Talkback [2006.09.25 16:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Template [2010.02.21 18:07:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Thunderbird [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\toshiba [2010.07.22 13:17:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\U3 [2010.07.30 23:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\vlc [2007.01.01 13:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Windows Desktop Search [2007.07.21 22:42:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\WinRAR [2008.04.14 17:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\XnView < %APPDATA%\*.exe /s > [2007.02.13 14:39:47 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2010.08.03 09:29:41 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2009.01.07 12:34:30 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Microsoft\Installer\{D13245CE-364E-4686-AD13-180FA1AC923F}\ARPPRODUCTICON.exe [2009.01.07 12:34:30 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Microsoft\Installer\{D13245CE-364E-4686-AD13-180FA1AC923F}\jumpplayer.exe_EC8D0E3C15AE4C7AA4E42602E13534B3.exe [2009.03.24 18:59:48 | 001,048,200 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Move Networks\MoveMediaPlayer_071303000004.exe [2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.03.24 18:59:51 | 000,034,062 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe [2010.07.25 11:17:08 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Real\Update\setup3.12\setup.exe [2010.07.25 19:18:32 | 013,407,072 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Real\Update\setup3.12\chr\ChromeInstaller.exe [2010.07.25 19:18:33 | 000,149,000 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Real\Update\setup3.12\chr_helper\LaunchHelper.exe [2010.07.25 19:18:34 | 000,220,272 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe [2010.07.25 19:19:53 | 027,198,960 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Real\Update\setup3.12\rp\RealPlayerSPGold_de.exe [2010.07.25 19:17:35 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\anne\Anwendungsdaten\Real\Update\setup3.12\RUP\vista.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2001.05.24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.10 13:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.10 13:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.08.28 07:48:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.08.28 07:48:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 13:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.10 13:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.08.28 07:48:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.08.28 07:48:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.10 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2004.01.28 17:37:06 | 000,032,851 | R--- | M] () MD5=EC04AFC4D1B3A905206069612D00E7B6 -- C:\Programme\Reference Manager 12\WebPublisher\thirdparty\Perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.10 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.06.28 17:03:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.06.28 17:03:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.06.28 17:03:30 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 03:22:08 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll < End of report > Vielen Dank Geändert von Ännchen (03.08.2010 um 14:27 Uhr) Grund: platz gespart statt neuer antwort |
|
03.08.2010, 14:28
| #4 |
| | TR/Vilsel.rou und extra.txt: Code:
ATTFilter OTL Extras logfile created on: 03.08.2010 14:12:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\anne\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 414,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 69,29 Gb Free Space | 61,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-9E5E84168E
Current User Name: anne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-139224490-1622099281-510958009-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache.exe" = C:\Programme\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache.exe:*:Enabled:RMWP_Apache.exe -- (Apache Software Foundation)
"C:\Programme\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe" = C:\Programme\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe:*:Enabled:RMWP_Apache_Admin.exe -- (Apache Software Foundation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01866A44-A697-4821-871F-1CB9F907E8DE}" = OpenOffice.org 2.3
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Foto 2006 Starter Edition Editor
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Foto 2006 Starter Edition Bibliothek
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BCAC105-C501-41F9-AED1-587024ABCA8C}" = Reference Manager 12 Professional Edition
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD-Sicherheitsmodul
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D13245CE-364E-4686-AD13-180FA1AC923F}" = Jump Player
"{D7452A01-9BF9-4FFD-8B2E-650F713AE099}" = Origin8
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"ACDLabs in C__Programme_ACDFREE11_" = ACD/Labs Software in C:\Programme\ACDFREE11\
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Avira AntiVir Desktop" = Avira AntiVir Premium
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool
"PictureItSuiteTrial_v11" = Microsoft Foto 2006 Starter Edition
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-139224490-1622099281-510958009-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.04.2010 15:26:44 | Computer Name = YOUR-9E5E84168E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung update.exe, Version 10.0.0.29, fehlgeschlagenes
Modul msvcr90.dll, Version 9.0.30729.1, Fehleradresse 0x00037259.
Error - 22.04.2010 15:30:09 | Computer Name = YOUR-9E5E84168E | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1818281103.
Error - 22.04.2010 17:26:18 | Computer Name = YOUR-9E5E84168E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung update.exe, Version 10.0.0.29, fehlgeschlagenes
Modul msvcr90.dll, Version 9.0.30729.1, Fehleradresse 0x00037259.
Error - 23.04.2010 12:02:53 | Computer Name = YOUR-9E5E84168E | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.04.2010 12:20:35 | Computer Name = YOUR-9E5E84168E | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 26.04.2010 07:26:47 | Computer Name = YOUR-9E5E84168E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung update.exe, Version 10.0.0.29, fehlgeschlagenes
Modul msvcr90.dll, Version 9.0.30729.1, Fehleradresse 0x00037259.
Error - 26.04.2010 11:26:27 | Computer Name = YOUR-9E5E84168E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung update.exe, Version 10.0.0.29, fehlgeschlagenes
Modul msvcr90.dll, Version 9.0.30729.1, Fehleradresse 0x00037259.
Error - 26.04.2010 12:21:44 | Computer Name = YOUR-9E5E84168E | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 26.04.2010 12:27:12 | Computer Name = YOUR-9E5E84168E | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 27.04.2010 14:05:53 | Computer Name = YOUR-9E5E84168E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung update.exe, Version 10.0.0.29, fehlgeschlagenes
Modul msvcr90.dll, Version 9.0.30729.1, Fehleradresse 0x00037259.
[ OSession Events ]
Error - 07.03.2010 16:40:40 | Computer Name = YOUR-9E5E84168E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13402
seconds with 2520 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.07.2010 14:30:00 | Computer Name = YOUR-9E5E84168E | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 28.07.2010 14:50:39 | Computer Name = YOUR-9E5E84168E | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 29.07.2010 03:23:09 | Computer Name = YOUR-9E5E84168E | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Pml
Driver HPZ12.
Error - 29.07.2010 03:23:09 | Computer Name = YOUR-9E5E84168E | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Pml Driver HPZ12" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 30.07.2010 06:45:28 | Computer Name = YOUR-9E5E84168E | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
001302CE5631 wurde durch den DHCP-Server 10.80.0.6 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 01.08.2010 07:46:47 | Computer Name = YOUR-9E5E84168E | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.1.4 über die
Netzwerkkarte mit der Netzwerkadresse 001302CE5631 ist verloren gegangen.
< End of report >
|
|
03.08.2010, 15:20
| #5 |
| /// Malware-holic | TR/Vilsel.rou Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL IE - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found O3 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found O3 - HKU\S-1-5-21-139224490-1622099281-510958009-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [TFncKy] File not found O4 - HKU\S-1-5-21-139224490-1622099281-510958009-1005..\Run: [Samsung_AppInst] E:\SamsungSoftware\AppInst.exe File not found [2010.08.03 12:24:42 | 000,410,626 | ---- | M] () -- C:\Dokumente und Einstellungen\anne\Desktop\Load.exe :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten nutze den ccleaner, bereinige dateien + registry: http://www.trojaner-board.de/51464-a...-ccleaner.html bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix Geändert von markusg (03.08.2010 um 15:26 Uhr) |
Linear-Darstellung
