| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gen:trojan.heur.lp.ju8@aqoltiiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2010, 22:28
| #1 |
| |  gen:trojan.heur.lp.ju8@aqoltii Hallo, ich kämpf hier gegen einen Trojaner.  F-Secur meldet beim Öffnen des IE 8 (Win XP) Viren gefunden, werden entfernt in Windows\system32 die Datei pngsztje.dll - Neustart. Meldung und Bereinigung folgt bei jedem Start des IE. Vollständiger Scan kommt zum gleichen Ergebnis. CCCleaner ist durch - mach ich regelmäßig Dann hier mal die gewünschten Logs. Freu mich auf Unterstüzung. Grüßle Walburga Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4386 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 03.08.2010 22:56:58 mbam-log-2010-08-03 (22-56-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 162605 Laufzeit: 9 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-08-03 23:18:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (13%) free of 73 GB
Total RAM: 2038 MB (69% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1547161642-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1547161642-725345543-1004UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C7311DCA-C7DF-455E-AB17-DFD20552180A}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44d38240-259c-4c96-a14c-da52631fbac0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
WsftpBrowserHelper Class - C:\Programme\WS_FTP Pro\wsbho2K0.dll [2003-12-16 118830]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Programme\Siber Systems\AI RoboForm\roboform.dll [2010-05-29 6021696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E425EB4-ADBD-4816-B1E8-49BB9DECF034}]
Advertising Cookie Opt-out - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll [2009-03-07 304624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}]
Browsing Protection Class - C:\Programme\F-Secure Internet Security\NRS\iescript\baselitmus.dll [2010-07-06 540424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Programme\Siber Systems\AI RoboForm\roboform.dll [2010-05-29 6021696]
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Programme\F-Secure Internet Security\NRS\iescript\baselitmus.dll [2010-07-06 540424]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-20 114688]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2004-04-06 61440]
"REGSHAVE"=C:\Programme\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"Windows Defender"=C:\Programme\Windows Defender\MSASCui.exe [2006-11-03 866584]
"VX1000"=C:\WINDOWS\vVX1000.exe [2006-10-13 707376]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"F-Secure Manager"=C:\Programme\F-Secure Internet Security\Common\FSM32.EXE [2009-07-09 199264]
"F-Secure TNB"=C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe [2009-07-09 2349664]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-05-27 413696]
"AVMWlanClient"=C:\Programme\avmwlanstick\FRITZWLANMini.exe [2007-02-02 283136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"KiesTrayAgent"= []
"RoboForm"=C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2010-05-29 160328]
"Google Update"=C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-05-29 136176]
C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart
Verknüpfung mit GoodSync.lnk - C:\Programme\Siber Systems\GoodSync\GoodSync.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxdev.dll [2005-07-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen"
"C:\Programme\Yahoo!\Messenger\YPager.exe"="C:\Programme\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Programme\Yahoo!\Messenger\YServer.exe"="C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Programme\WS_FTP Pro\wsftppro.exe"="C:\Programme\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\fsetup.exe"="D:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Programme\fotobuch.de AG\Designer\Designer.exe"="C:\Programme\fotobuch.de AG\Designer\Designer.exe:*:Designer.exe"
"C:\Programme\Microsoft LifeCam\LifeExp.exe"="C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Programme\Microsoft LifeCam\LifeCam.exe"="C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Tobit ClipInc\Server\ClipInc-Server.exe"="D:\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server"
"D:\Tobit ClipInc\Player\ClipInc-Player.exe"="D:\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player"
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe"="C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="
======List of files/folders created in the last 1 months======
2010-08-03 23:18:17 ----D---- C:\Programme\trend micro
2010-08-03 23:18:16 ----D---- C:\rsit
2010-08-03 22:46:38 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
2010-08-03 22:46:26 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-03 22:46:24 ----D---- C:\Programme\ Malwarebytes Anti-Malware
2010-08-03 22:46:24 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
2010-08-03 22:46:24 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-03 14:30:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 21:58:14 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab Setup Files
2010-08-02 18:31:54 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP
2010-07-28 21:22:10 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2010-07-28 17:38:50 ----D---- C:\WINDOWS\system32\System32
2010-07-26 20:36:31 ----A---- C:\WINDOWS\system32\drivers\avmeject.sys
2010-07-26 20:35:45 ----A---- C:\WINDOWS\system32\fwlanci.dll
2010-07-25 12:19:16 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Aldi Sued Fotoservice
2010-07-25 12:19:02 ----D---- C:\Programme\Aldi Sued Fotoservice
2010-07-25 12:18:41 ----D---- C:\Programme\Aldi Süd Foto Service
2010-07-14 18:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-10 12:49:20 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla
2010-07-10 12:49:09 ----D---- C:\Programme\FileZilla FTP Client
======List of files/folders modified in the last 1 months======
2010-08-03 23:18:17 ----RD---- C:\Programme
2010-08-03 23:18:12 ----D---- C:\WINDOWS\Temp
2010-08-03 23:11:56 ----D---- C:\WINDOWS\Prefetch
2010-08-03 23:05:54 ----D---- C:\WINDOWS\system32
2010-08-03 23:04:55 ----D---- C:\WINDOWS
2010-08-03 23:03:41 ----SD---- C:\WINDOWS\Tasks
2010-08-03 23:00:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-03 22:59:29 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-08-03 22:58:49 ----D---- C:\WINDOWS\system32\drivers
2010-08-03 22:57:37 ----D---- C:\WINDOWS\ie7updates
2010-08-03 14:30:58 ----HD---- C:\WINDOWS\inf
2010-08-03 14:30:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-03 14:12:46 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-03 13:21:44 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GoodSync
2010-08-02 17:55:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-01 10:30:11 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Adobe
2010-08-01 10:30:11 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe
2010-07-29 22:50:20 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-28 21:28:31 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype
2010-07-28 21:22:26 ----SHD---- C:\WINDOWS\Installer
2010-07-28 21:22:26 ----D---- C:\Config.Msi
2010-07-28 21:22:11 ----RD---- C:\Programme\Skype
2010-07-28 21:22:10 ----D---- C:\Programme\Gemeinsame Dateien
2010-07-28 21:22:06 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype
2010-07-28 21:18:34 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM
2010-07-28 17:57:00 ----D---- C:\WINDOWS\Minidump
2010-07-28 17:46:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-28 17:37:15 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Samsung
2010-07-28 06:33:34 ----D---- C:\Programme\Google
2010-07-27 08:29:42 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 20:35:55 ----D---- C:\Programme\avmwlanstick
2010-07-24 00:18:45 ----D---- C:\Programme\CCleaner
2010-07-14 18:38:24 ----D---- C:\WINDOWS\Debug
2010-07-14 17:42:42 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTKRNL;Bluetooth Protocol Stack; C:\WINDOWS\system32\drivers\btkrnl.sys [2003-04-08 1168410]
R0 fsbts;fsbts; C:\WINDOWS\system32\Drivers\fsbts.sys [2010-07-13 41256]
R0 FSFW;F-Secure Firewall Driver; C:\WINDOWS\System32\drivers\fsdfw.sys [2009-07-09 80000]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 ACEDRV06;ACEDRV06; \??\C:\WINDOWS\system32\drivers\ACEDRV06.sys []
R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2010-06-09 18136]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys []
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-20 1049180]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-30 10368]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 hidsw8u7;hidsw8u7; \??\C:\WINDOWS\system32\drivers\hidsw8u7.sys []
S3 APL531;OVT Scanner; C:\WINDOWS\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-01-26 4352]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
S3 Dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
S3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25856]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 SE4501D;Gigaset USB Adapter 54 Driver; C:\WINDOWS\system32\DRIVERS\SE4501D.sys [2004-02-26 344000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-21 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-21 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-21 121856]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-21 98560]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 1966000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-04-08 126976]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2010-06-09 95568]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe [2009-07-09 215648]
R2 FSMA;FSMA; C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE [2009-07-09 186976]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-10-09 217088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSCamSvc;MSCamSvc; C:\Programme\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
R2 WinDefend;Windows Defender; C:\Programme\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe [2009-07-09 522848]
R3 FSORSPClient;F-Secure ORSP Client; C:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe [2010-07-16 57008]
S2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe []
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-01-13 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Insmgrsn;Insmgrsn; C:\WINDOWS\system32\mshearts.exe [2004-08-04 128000]
S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe []
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-03 23:18:21
======Uninstall list======
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NAC Support"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY FineReader OCR Engine für ScanWizard-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe"
ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x7
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AI RoboForm (All Users)-->"C:\Programme\Siber Systems\AI RoboForm\rfwipeout.exe"
Aldi Süd Foto Service 4.6-->C:\Programme\Aldi Süd Foto Service\Deinstallieren.exe
ALDI Süd Online Druck Service 4.6-->C:\Programme\Aldi Süd Foto Service\ODS_Plugin\Deinstallieren.exe
Aldi Sued Fotoservice 2.7-->"C:\Programme\Aldi Sued Fotoservice\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}\setup.exe" -l0x7
AVS DVD Player version 2.4-->"C:\Programme\AVSMedia\DVDPlayer\unins000.exe"
AXIS Media Control Embedded-->C:\Programme\Axis Communications\AXIS Media Control Embedded\setup.exe setup.rem remove
Canon iP4300 Benutzerregistrierung-->C:\Programme\Canon\IJEREG\iP4300\UNINST.EXE
Canon iP4300-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0007
Canon Setup Utility 2.3-->"C:\Programme\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\Programme\Canon\Easy-PrintToolBox\uninst.exe uninst.ini
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Programme\CDex_150\uninstall.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
DATA BECKER Handy Pack 7-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\DATA BECKER\Handy Pack 7\Uninst.isu"
DivX-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu
FileZilla Client 3.3.3-->C:\Programme\FileZilla FTP Client\uninstall.exe
FotodruckTool-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4F7AA4C1-B6D1-4D63-B550-19DA9BF008AF}\Setup.exe" -l0x7
Free YouTube Downloader Converter-->C:\PROGRA~1\FREEYO~1\UNWISE.EXE C:\PROGRA~1\FREEYO~1\INSTALL.LOG
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
F-Secure Internet Security 2010-->"C:\Programme\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall
F-Secure PSC Prerequisites-->MsiExec.exe /I{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GoodSync-->"C:\Programme\Siber Systems\GoodSync\uninstall.exe"
Google Advertising Cookie Opt-out-->MsiExec.exe /I{4415B0E6-B266-49C3-B501-FFEF76C3D71B}
Google Talk Plugin-->MsiExec.exe /I{26B878A8-5704-3B64-BDBC-4F0EACA38121}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.64-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.64\uninstal.txt"
Großer Falk Reiseplaner-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A123A7A9-36B6-49FD-BD76-A4D200765C60}\setup.exe" -uninst
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\PROGRA~1\WS_FTP~1\uninst.isu" -c"C:\PROGRA~1\WS_FTP~1\FTPInstUtils.dll"
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kies-->"C:\Programme\InstallShield Installation Information\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}\Setup.exe" -runfromtemp -l0x0407 -removeonly
Kies-->MsiExec.exe /X{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}
Malwarebytes' Anti-Malware-->"C:\Programme\ Malwarebytes Anti-Malware \unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{B76B2B1C-EDB0-4A4A-9D97-226EFE745BC4}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OVT Scanner-->MsiExec.exe /I{A746CE98-A755-4AD7-B4B8-346DC74CDECD}
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
Phase 5 HTML-Editor-->MsiExec.exe /I{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}
PhotoRescue Wizard PC 2.0.647 Hama Version-->"C:\Programme\PhotoRescue PC\unins000.exe"
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
SAMSUNG USB Driver for Mobile Phones-->C:\Programme\SAMSUNG\USB Drivers\Uninstall.exe
ScanWizard 5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Studio 9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x7 UNINSTALL
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{0F51A262-1ADF-4914-B448-78AC58C4178A}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Security center information======
AV: F-Secure Internet Security 2010 10.00
FW: F-Secure Internet Security 2010 10.00
======System event log======
Computer Name: ****
Event Code: 4201
Message: Netzwerkadapter "Gigaset USB Adapter 54 - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 235229
Source Name: Tcpip
Time Written: 20100725225206.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 4201
Message: Netzwerkadapter "Gigaset USB Adapter 54 - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 235228
Source Name: Tcpip
Time Written: 20100725225201.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 4201
Message: Netzwerkadapter "Gigaset USB Adapter 54 - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 235227
Source Name: Tcpip
Time Written: 20100725225156.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 4201
Message: Netzwerkadapter "Gigaset USB Adapter 54 - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 235226
Source Name: Tcpip
Time Written: 20100725225151.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 4201
Message: Netzwerkadapter "Gigaset USB Adapter 54 - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 235225
Source Name: Tcpip
Time Written: 20100725225146.000000+120
Event Type: Informationen
User:
=====Application event log=====
Computer Name: ****
Event Code: 0
Message:
Record Number: 5
Source Name: MSCamSvc
Time Written: 20100728170435.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 0
Message:
Record Number: 4
Source Name: MSCamSvc
Time Written: 20100728170435.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 0
Message:
Record Number: 3
Source Name: MSCamSvc
Time Written: 20100728170435.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 0
Message:
Record Number: 2
Source Name: gupdate
Time Written: 20100728170433.000000+120
Event Type: Informationen
User:
Computer Name: ****
Event Code: 0
Message:
Record Number: 1
Source Name: btwdins
Time Written: 20100728170425.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAMME\GEMEINSAME DATEIEN\GIS\TOOLS;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
04.08.2010, 11:43
| #2 |
| /// Malware-holic   | gen:trojan.heur.lp.ju8@aqoltii ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
04.08.2010, 16:54
| #3 |
| | gen:trojan.heur.lp.ju8@aqoltii Hallo Markus, vielen lieben Dank für Deine Unterstützung!
__________________Hier das Ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.08.2010 17:36:43 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 71,45 Gb Total Space | 9,47 Gb Free Space | 13,25% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 165,57 Gb Free Space | 35,55% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 931,51 Gb Total Space | 655,08 Gb Free Space | 70,32% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BETTINA Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure Internet Security\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure Internet Security\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\F-Secure Internet Security\Spam Control\fsscoepl.dll (F-Secure Corporation) MOD - \\?\c:\programme\f-secure internet security\hips\fshook32.dll () MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation) MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Pml Driver HPZ12) -- C:\WINDOWS\System32\HPZipm12.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (Bonjour Service) -- C:\Programme\Bonjour\mDNSResponder.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (FSORSPClient) -- C:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (dgdersvc) -- C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (FSMA) -- C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Insmgrsn) -- C:\WINDOWS\system32\mshearts.exe (Microsoft Corporation) SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ComFiltr) -- C:\WINDOWS\System32\DRIVERS\COMFiltr.sys File not found DRV - (AvFlt) -- C:\WINDOWS\System32\drivers\av5flt.sys File not found DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys () DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bserd) -- C:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (F-Secure HIPS) -- C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Programme\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys () DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI) DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI) DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI) DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI) DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI) DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI) DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI) DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.) DRV - (ACEDRV06) -- C:\WINDOWS\system32\drivers\ACEDRV06.sys (Protect Software GmbH) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH) DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems, Inc.) DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.) DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.) DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.) DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH) DRV - (SE4501D) -- C:\WINDOWS\system32\drivers\SE4501D.sys (Siemens Technology Corporation) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys () DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys () DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1547161642-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-329068152-1547161642-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-329068152-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure Internet Security\NRS\litmus-ff@f-secure.com [2010.07.06 14:42:46 | 000,000,000 | ---D | M] [2009.02.04 23:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\944gg67f.default\extensions O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {44d38240-259c-4c96-a14c-da52631fbac0} - No CLSID value found. O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {44D38240-259C-4C96-A14C-DA52631FBAC0} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {44D38240-259C-4C96-A14C-DA52631FBAC0} - No CLSID value found. O3 - HKU\S-1-5-21-329068152-1547161642-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-329068152-1547161642-725345543-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKU\S-1-5-21-329068152-1547161642-725345543-1004\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-329068152-1547161642-725345543-1004..\Run: [KiesTrayAgent] File not found O4 - HKU\S-1-5-21-329068152-1547161642-725345543-1004..\Run: [RoboForm] C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - Startup: C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\Verknüpfung mit GoodSync.lnk = C:\Programme\Siber Systems\GoodSync\GoodSync.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1547161642-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: RF - Formular ausfüllen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll File not found O15 - HKU\S-1-5-21-329068152-1547161642-725345543-1004\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-329068152-1547161642-725345543-1004\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} hxxp://www.pixaco.de/static/download/pixacodndupload.cab (Reg Error: Key error.) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253548954203 (MUWebControl Class) O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element) O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} hxxp://www.remoteme.de/remote/msrdp.cab (Microsoft RDP Client Control (redist)) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://shop.aldisued-fotos-druck.de/shop/aurigma/ImageUploader6.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C8B73157-8752-429E-A465-3F361C76AE89} https://shop.hofer-fotos-druck.at/shop/activex/aldi_at_express_upload.cab (AldiAtActiveFormX Element) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://213.146.232.238/activex/AMC.cab (AxisMediaControlEmb Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.18 15:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5f6d4ae0-8087-11db-aeea-0001e306d59c}\Shell - "" = AutoRun O33 - MountPoints2\{5f6d4ae0-8087-11db-aeea-0001e306d59c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5f6d4ae0-8087-11db-aeea-0001e306d59c}\Shell\AutoRun\command - "" = H:\pushinst.exe -- File not found O33 - MountPoints2\{b71035d4-9963-11dd-9753-0001e306d59c}\Shell\AutoRun\command - "" = H:\EmDesk.exe -- File not found O33 - MountPoints2\{b71035d4-9963-11dd-9753-0001e306d59c}\Shell\EmDesk\command - "" = H:\EmDesk.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {0466949F-967A-45A0-74DB-AC4378113538} - Browseranpassungen ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation) Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point (62219580604416000) ========== Files/Folders - Created Within 30 Days ========== [2010.08.04 17:33:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2010.08.03 23:18:17 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.03 23:18:16 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.03 23:04:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2010.08.03 22:46:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2010.08.03 22:46:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.03 22:46:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.03 22:46:24 | 000,000,000 | ---D | C] -- C:\Programme\ Malwarebytes Anti-Malware [2010.08.03 22:46:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes [2010.08.03 13:58:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\virus [2010.08.02 21:58:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Kaspersky Lab Setup Files [2010.08.02 18:31:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP [2010.08.02 18:30:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Simply Super Software [2010.08.01 11:32:56 | 008,260,184 | ---- | C] (Aladdin Systems, Inc.) -- C:\Dokumente und Einstellungen\Admin\Desktop\eos40d111.exe [2010.07.29 22:33:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\fotocommunity [2010.07.28 21:22:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.07.28 20:07:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\handy videos [2010.07.28 17:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\System32 [2010.07.26 21:27:33 | 071,973,192 | ---- | C] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Admin\Desktop\fs2010.exe [2010.07.26 20:36:31 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys [2010.07.26 20:35:45 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlanci.dll [2010.07.25 12:34:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Fotobuch kurt-Dateien [2010.07.25 12:19:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Aldi Sued Fotoservice [2010.07.25 12:19:02 | 000,000,000 | ---D | C] -- C:\Programme\Aldi Sued Fotoservice [2010.07.25 12:18:41 | 000,000,000 | ---D | C] -- C:\Programme\Aldi Süd Foto Service [2010.07.14 22:31:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\piet [2010.07.14 17:47:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.10 12:49:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2010.07.10 12:49:09 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.04 17:40:03 | 000,001,208 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1547161642-725345543-1004UA.job [2010.08.04 17:38:03 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.04 17:34:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2010.08.04 17:15:41 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.08.04 17:11:34 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.04 17:11:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.04 17:11:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.03 23:32:31 | 011,796,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.dat [2010.08.03 23:32:29 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.ini [2010.08.03 23:31:58 | 000,161,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Dok1.doc [2010.08.03 23:12:50 | 000,339,991 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RSIT.exe [2010.08.03 23:00:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.03 22:46:30 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 22:36:21 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Word 2003.lnk [2010.08.03 19:41:57 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C7311DCA-C7DF-455E-AB17-DFD20552180A}.job [2010.08.02 06:45:39 | 000,002,563 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\ACDSee Pro 2.5.lnk [2010.08.01 11:32:58 | 008,260,184 | ---- | M] (Aladdin Systems, Inc.) -- C:\Dokumente und Einstellungen\Admin\Desktop\eos40d111.exe [2010.07.30 06:40:01 | 000,001,156 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1547161642-725345543-1004Core.job [2010.07.29 22:50:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.07.28 21:16:42 | 000,000,073 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AVSDVDPlayer.m3u [2010.07.28 20:45:44 | 000,095,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.28 17:46:56 | 001,195,860 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.28 17:46:56 | 001,091,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.28 17:46:56 | 000,349,616 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.28 17:46:56 | 000,321,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.28 17:46:56 | 000,005,582 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.26 21:27:56 | 000,108,223 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\EDV-BUCHVERSAND Delf Michel Lizenz 7dc87dc1b57da071d609bdc096a6c124.pdf [2010.07.26 21:27:40 | 071,973,192 | ---- | M] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Admin\Desktop\fs2010.exe [2010.07.25 22:43:12 | 000,057,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mdbu.bin [2010.07.25 22:18:32 | 000,126,830 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Fotobuch kurt.pbf [2010.07.24 00:18:49 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\CCleaner.lnk [2010.07.22 22:09:41 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Excel 2003.lnk [2010.07.14 18:04:30 | 000,002,559 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Access 2003.lnk [2010.07.13 20:30:19 | 000,041,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.03 23:12:47 | 000,339,991 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RSIT.exe [2010.08.03 22:46:30 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 22:38:35 | 000,161,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Dok1.doc [2010.07.28 06:33:20 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.28 06:33:20 | 000,000,872 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.26 21:27:54 | 000,108,223 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\EDV-BUCHVERSAND Delf Michel Lizenz 7dc87dc1b57da071d609bdc096a6c124.pdf [2010.07.25 12:34:07 | 000,126,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Fotobuch kurt.pbf [2010.07.25 12:25:38 | 000,057,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mdbu.bin [2010.05.27 20:51:02 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.05.27 20:51:01 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.05.21 18:05:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TETRIS.INI [2009.09.30 10:47:16 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2009.09.30 10:47:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2009.09.30 10:47:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2009.09.30 10:47:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2009.08.23 16:00:10 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2009.05.22 15:19:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009.02.13 12:14:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\VCDWizardDLLU.INI [2008.12.29 15:40:19 | 000,041,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2008.06.17 19:06:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2008.04.27 21:19:17 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini [2008.03.23 12:46:58 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI [2008.03.23 12:46:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini [2008.03.23 12:19:35 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini [2008.03.23 12:19:28 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys [2008.03.23 12:19:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys [2008.02.04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007.10.24 21:36:43 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.10.24 21:36:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.18 18:04:45 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2007.06.02 15:27:03 | 000,000,110 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.10.17 21:39:16 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.07.07 08:48:14 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI [2006.06.28 17:02:37 | 000,016,393 | ---- | C] () -- C:\WINDOWS\German.ini [2006.04.27 12:19:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2006.02.18 19:15:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\distlib.ini [2006.02.05 19:18:54 | 000,006,006 | ---- | C] () -- C:\WINDOWS\Unwise32.ini [2006.01.22 15:08:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.01.14 14:45:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2006.01.13 19:43:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll [2006.01.12 22:04:36 | 000,007,537 | ---- | C] () -- C:\WINDOWS\hplj1010.ini [2006.01.12 18:53:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.09.16 22:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004.03.18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2003.08.29 11:24:06 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2003.06.25 17:21:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\btsec.dll [2003.06.25 17:17:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\btins.dll [2003.06.25 17:17:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\BtXpShell.dll [2003.06.25 17:17:02 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\BtWizard.dll [2003.06.25 17:16:36 | 000,782,419 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll [2003.06.25 17:16:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\BTNCopy.dll [2003.06.25 17:14:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\btrezxp.dll [2003.06.25 17:14:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\btosif_olx.dll [2003.06.25 17:12:14 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\WidcommSdk.dll [2003.06.25 17:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\BtAudioHelper.dll [2003.06.25 17:02:40 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll [2003.06.25 17:02:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\BTXPPanel.dll [2003.06.25 17:01:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bt2k_ins.dll [2003.06.25 17:01:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\btdev.dll [2003.06.25 17:00:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\btwpimif.dll [2003.06.25 17:00:38 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\btosif_ol.dll [2003.06.25 17:00:18 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\btosif_notes.dll [2003.06.25 16:59:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\btosif.dll [2003.06.25 16:59:36 | 000,389,187 | ---- | C] () -- C:\WINDOWS\System32\wbtapi.dll [2003.04.08 17:48:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll [2003.04.08 17:47:56 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\btsendto_office.dll [2003.04.08 17:45:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\btsendto_notes.dll [2003.04.08 17:44:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2003.04.08 17:43:38 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\bthcrpui.dll [2003.04.08 17:43:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\bthcrp.dll [2003.04.08 17:42:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\btsendto.dll [2003.04.08 17:37:38 | 000,144,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwdndis.sys [2003.04.08 17:35:32 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\btbigbmp.dll [2003.04.08 17:35:26 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys [2003.04.08 17:35:04 | 000,222,812 | ---- | C] () -- C:\WINDOWS\System32\drivers\btslbcsp.sys [2003.04.08 17:32:42 | 001,168,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\btkrnl.sys [2003.04.08 17:27:36 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\btport.sys [2003.04.08 17:26:14 | 000,021,733 | ---- | C] () -- C:\WINDOWS\System32\drivers\btaudio.sys [2003.03.24 10:38:10 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btrez.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2002.03.20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys [2002.03.20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll [2002.03.20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll [2002.03.20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll [2002.03.20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll [2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2006.01.11 19:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2008.04.13 22:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\BuddyW [2007.08.03 15:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CD-LabelPrint [2009.08.28 18:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\F-Secure [2010.07.10 15:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2009.11.29 12:06:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\fotobuch.de AG [2006.02.03 19:36:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FUJIFILM [2010.08.04 17:11:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GoodSync [2008.06.11 06:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2007.02.22 11:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MAGIX [2010.05.27 22:18:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PC Suite [2008.10.26 18:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\S.A.D [2010.05.27 20:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung [2008.06.11 20:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Teleca [2010.02.17 07:52:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Tobit [2005.12.25 21:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2005.12.27 19:17:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2005.12.28 14:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prism [2005.12.27 19:07:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2008.09.24 12:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ACD Systems [2010.07.25 12:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Aldi Sued Fotoservice [2007.07.24 14:35:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\CanonBJ [2008.12.29 15:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\F-Secure [2009.11.29 12:06:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\fotobuch.de AG [2009.08.28 18:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\fssg [2010.05.29 08:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\GoodSync [2007.07.18 18:05:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\MAGIX [2010.05.27 22:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PC Suite [2006.01.22 14:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Pinnacle [2010.05.29 08:48:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\RoboForm [2010.07.28 17:37:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Samsung [2006.01.22 14:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\SmartSound Software Inc [2008.06.17 18:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Teleca [2010.08.02 18:31:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP [2008.07.11 18:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\WinZip [2010.08.04 17:15:41 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010.08.03 19:41:57 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C7311DCA-C7DF-455E-AB17-DFD20552180A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2006.01.11 19:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2010.08.01 10:30:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe [2006.09.14 06:30:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AdobeAUM [2009.02.06 07:31:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AdobeUM [2007.09.23 22:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Apple Computer [2007.12.28 19:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ArcSoft [2008.04.13 22:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\BuddyW [2007.08.03 15:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CD-LabelPrint [2009.08.28 18:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\F-Secure [2010.07.10 15:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2009.11.29 12:06:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\fotobuch.de AG [2006.02.03 19:36:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FUJIFILM [2010.08.04 17:11:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GoodSync [2006.03.14 12:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Google [2008.06.11 06:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2006.04.13 18:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Help [2006.01.11 17:50:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities [2006.01.13 19:43:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Ipswitch [2006.12.28 11:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lavasoft [2006.01.12 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia [2007.02.22 11:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MAGIX [2010.08.03 22:46:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2010.05.27 22:19:55 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft [2009.09.14 20:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Move Networks [2010.07.14 17:42:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla [2010.05.27 22:18:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PC Suite [2006.03.05 23:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real [2008.10.26 18:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\S.A.D [2010.05.27 20:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung [2010.07.28 21:28:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype [2010.07.28 21:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM [2008.06.11 19:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sony Ericsson [2006.02.18 14:19:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun [2008.06.11 20:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Teleca [2010.02.17 07:52:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Tobit < %APPDATA%\*.exe /s > [2008.04.13 20:44:00 | 001,514,619 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\BuddyW\bin\Plugins\Fotoeditor\Fotoeditor.exe [2007.11.16 18:06:19 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{A746CE98-A755-4AD7-B4B8-346DC74CDECD}\AMCAP.EXE_63EBD8C6F09446A4BBBE1A09B0549CF9.exe [2007.11.16 18:06:18 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{A746CE98-A755-4AD7-B4B8-346DC74CDECD}\ARPPRODUCTICON.exe [2007.11.16 18:06:19 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{A746CE98-A755-4AD7-B4B8-346DC74CDECD}\UNINST_Uninstall_USB_A746CE98A7554AD7B4B8346DC74CDECD.exe [2008.09.22 14:56:49 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\Foren.exe [2008.09.22 14:56:49 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\htmledit.exe [2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.08.25 13:53:55 | 000,034,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe [2010.06.18 04:38:36 | 000,265,528 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.01.03 16:14:20 | 018,782,319 | ---- | M] () .cab file -- C:\dell\MEDIAEXE\Media\I386\sp2.cab:AGP440.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2006.01.03 16:14:20 | 018,782,319 | ---- | M] () .cab file -- C:\dell\MEDIAEXE\Media\I386\sp2.cab:atapi.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\i386\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005.04.25 15:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\dell\MEDIAEXE\RepFiles\iastor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\i386\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 16:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\i386\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 16:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\i386\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 16:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\i386\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 16:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\i386\winlogon.exe [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\i386\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.01.11 18:09:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.01.11 18:09:47 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.01.11 18:09:47 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
04.08.2010, 16:54
| #4 |
| | gen:trojan.heur.lp.ju8@aqoltii OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.08.2010 17:36:43 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,45 Gb Total Space | 9,47 Gb Free Space | 13,25% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 165,57 Gb Free Space | 35,55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,51 Gb Total Space | 655,08 Gb Free Space | 70,32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BETTINA
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Programme\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\Programme\Yahoo!\Messenger\YPager.exe" = C:\Programme\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- File not found
"C:\Programme\WS_FTP Pro\wsftppro.exe" = C:\Programme\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found
"C:\Programme\fotobuch.de AG\Designer\Designer.exe" = C:\Programme\fotobuch.de AG\Designer\Designer.exe:*:Designer.exe -- File not found
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"D:\Tobit ClipInc\Server\ClipInc-Server.exe" = D:\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- File not found
"D:\Tobit ClipInc\Player\ClipInc-Player.exe" = D:\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- File not found
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- File not found
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0F51A262-1ADF-4914-B448-78AC58C4178A}" = WIDCOMM Bluetooth Software
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für ScanWizard
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F7AA4C1-B6D1-4D63-B550-19DA9BF008AF}" = FotodruckTool
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A123A7A9-36B6-49FD-BD76-A4D200765C60}" = Großer Falk Reiseplaner
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A746CE98-A755-4AD7-B4B8-346DC74CDECD}" = OVT Scanner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B76B2B1C-EDB0-4A4A-9D97-226EFE745BC4}" = Microsoft LifeCam
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DATA BECKER Handy Pack 7" = DATA BECKER Handy Pack 7
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"FileZilla Client" = FileZilla Client 3.3.3
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FreePDF_XP" = FreePDF XP (Remove only)
"F-Secure Product 444" = F-Secure Internet Security 2010
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoRescue Wizard PC 2.0.647 Hama Version_is1" = PhotoRescue Wizard PC 2.0.647 Hama Version
"PROSet" = Intel(R) PRO Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-329068152-1547161642-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SmartTools Publishing · Feiertags-Assistent für Outlook" = SmartTools Publishing · Feiertags-Assistent für Outlook
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.08.2010 13:40:58 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 13:41:17 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 15:55:34 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 15:55:48 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 16:37:07 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 16:37:11 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 16:40:50 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 16:41:23 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 03.08.2010 17:05:14 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
Error - 04.08.2010 11:24:09 | Computer Name = BETTINA | Source = F-Secure Anti-Virus | ID = 103
Description =
[ System Events ]
Error - 03.08.2010 16:34:00 | Computer Name = BETTINA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bonjour-Dienst" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 03.08.2010 16:36:13 | Computer Name = BETTINA | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 03.08.2010 16:36:13 | Computer Name = BETTINA | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 03.08.2010 16:36:13 | Computer Name = BETTINA | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 03.08.2010 16:59:40 | Computer Name = BETTINA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bonjour-Dienst" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 03.08.2010 16:59:49 | Computer Name = BETTINA | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 03.08.2010 16:59:54 | Computer Name = BETTINA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 03.08.2010 17:01:56 | Computer Name = BETTINA | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 03.08.2010 17:02:08 | Computer Name = BETTINA | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 04.08.2010 11:11:57 | Computer Name = BETTINA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bonjour-Dienst" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
|
|
04.08.2010, 19:30
| #5 |
| /// Malware-holic | gen:trojan.heur.lp.ju8@aqoltii bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
05.08.2010, 07:59
| #6 |
| | gen:trojan.heur.lp.ju8@aqoltii Hallo Markus, vielen herzlichen Dank für Deine Untertützung! Parallel zu meinen Bereinigungsversuchen hab ich bei F-Secure angefragt und die Datei hochgeladen. Hier die Antwort: Hello, Thank you for your submission. The file you submitted is clean, the detection is a false alarm. A database update will be released to resolve this issue. Ist somit erledigt. Herzlichen Dank noch mal für die schnelle und sehr gut beschriebene Hilfestellung Grüßle Walburga |
|
05.08.2010, 11:57
| #7 |
| /// Malware-holic | gen:trojan.heur.lp.ju8@aqoltii trotz alle dem, sicherheitstipps. dep für alle prozesse: Datenausführungsverhinderung (DEP) • "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:". wenn es zu problemen kommen sollte, kann man hier prozesse entfernen. eingeschrenktes nutzerkonto ist pflicht Benutzerkonten in Windows XP - Teil 1: Neue Benutzerkonten anlegen als admin kann malware alles tun was sie will, als eingeschrenkter nutzer vllt gar nichts, oder zu mindest nicht so viel. um das surfen sicherer zu machen, würde ich Sandboxie empfehlen. http://www.trojaner-board.de/71542-a...sandboxie.html es ist weiterhin zu empfehlen, sich, wenn du mit dem programm auskommst, ne lizenz zu besorgen, die kostet 25 € und ist dein ganzes leben lang gültig, du kannst die weiterhin auf allen pcs in deinem haushalt einsetzen. |
|
| Themen zu gen:trojan.heur.lp.ju8@aqoltii |
| admin, anti-malware, anwendungsdaten, becker, bösartige, canon, datei, dateien, diagnostics, dokumente, drvstore, einstellungen, entfernt, explorer, fontcache, gen, install.exe, melde, meldet, meldung, minute, msiexec.exe, neustart., plug-in, scan, service, skype.exe, system, system32, troja, version, viren, win, win xp, windows, windows internet, windows internet explorer, youtube downloader |
Linear-Darstellung
