|
Log-Analyse und Auswertung: Problem mit dem PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.04.2011, 18:54 | #1 |
| Problem mit dem PC Hallo leute , Und zawr gibt es ein Problem mit meinem Laptop . Es fing damit an , dass sich der Internetexplorer autmotisch öffnete und seiten von Reisebüros und ähnliches öffnete . Nun hat dies aufgehört aber die leiste unten , die eigentlich blau ist , wird plötzlich wie bei dem alten windows 98 grau , das symbol start ändert sich ebenso in die alte art , alle programme minimieren sich .Gestern abend lief eine altklassiche Musik im hintergrund ohne das ein program lief . Nun habe ich eben mal unter systemsteuerung programme geguckt und habe gesehen das ich mir " Spyware Doctor " eingefangen habe . Es gab ein Forum wo es beschrieben war wie man es beseitigt . Dieses Programm ist nicht mehr in der software liste , nachdem ich es hoffe ich deinstalliert habe . Immer wenn der pc anfängt zu spinnen öffnet sich follgender Prozess im taskmanger 3-5 mal gliechzeitig : IFn823rT.exe hoffe man kann mir helfen ! OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.04.2011 15:10:07 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = c:\Documents and Settings\Wetering\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 3840 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 58,51 Gb Free Space | 78,51% Space Free | Partition Type: NTFS Drive D: | 522,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 74,53 Gb Total Space | 58,51 Gb Free Space | 78,51% Space Free | Partition Type: *NT5CSC Computer Name: DE-DO-130178 | User Name: Wetering | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.29 14:17:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Wetering\Desktop\OTL.exe PRC - [2011.04.27 23:52:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.10.22 03:28:54 | 011,937,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Lync\communicator.exe PRC - [2009.06.02 13:53:52 | 000,531,968 | ---- | M] () -- C:\WINDOWS\system32\LocalKHSAdmin\LocalKHSAdmin_Srv.exe PRC - [2008.04.14 04:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\proquota.exe PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.12.26 17:08:48 | 000,053,248 | ---- | M] () -- C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (SafeList) ========== MOD - [2011.04.29 14:17:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Wetering\Desktop\OTL.exe MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010.01.29 16:36:33 | 000,195,072 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll ========== Win32 Services (SafeList) ========== SRV - [2010.01.29 16:36:22 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2010.01.29 16:36:21 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2010.01.29 16:36:15 | 000,266,240 | ---- | M] (Sophos Plc) [On_Demand | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent) SRV - [2010.01.29 16:36:11 | 000,794,624 | ---- | M] (Sophos Plc) [On_Demand | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router) SRV - [2009.10.22 05:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service) SRV - [2009.10.22 05:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- c:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2009.10.22 05:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2009.10.22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2009.10.12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- c:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2009.07.01 17:23:53 | 000,172,032 | ---- | M] (Sophos Plc) [On_Demand | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2009.06.02 13:53:52 | 000,531,968 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\LocalKHSAdmin\LocalKHSAdmin_Srv.exe -- (LocalKHSAdmin) SRV - [2009.02.08 02:21:08 | 000,188,416 | ---- | M] (CA) [On_Demand | Stopped] -- C:\Program Files\CA\DSM\bin\caf.exe -- (caf) SRV - [2008.12.09 17:34:20 | 000,147,456 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\SC\CAM\bin\cam.exe -- (CA-MessageQueuing) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - [2011.01.21 10:39:25 | 000,025,828 | R--- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\snidmi.sys -- (SniDmi) DRV - [2010.01.29 16:36:34 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2010.01.29 16:36:29 | 000,038,528 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter) DRV - [2010.01.29 16:36:24 | 000,110,848 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl) DRV - [2009.10.22 05:45:06 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2009.10.22 05:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86) DRV - [2009.10.22 05:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci) DRV - [2009.10.22 05:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd) DRV - [2009.10.22 05:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2009.10.22 05:44:06 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport) DRV - [2009.10.22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon) DRV - [2009.10.22 01:13:32 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2009.10.12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- c:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.03.17 22:36:54 | 000,026,128 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rcSmCard.sys -- (rcSmCard) DRV - [2009.03.17 22:36:54 | 000,009,872 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rcVidMpt.sys -- (rcVidCap) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.01.16 20:09:08 | 000,177,152 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fttxr5_O.sys -- (fttxr5_O) DRV - [2007.10.22 11:24:14 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.09.15 05:20:10 | 000,082,768 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aac.sys -- (aac) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.05.09 13:13:00 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi) DRV - [2007.03.20 15:13:38 | 000,300,544 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2007.03.01 12:47:48 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2007.02.10 02:05:00 | 000,104,496 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2007.01.23 16:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006.07.28 14:07:52 | 000,177,536 | ---- | M] (LSI Logic Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\MegaINTL.sys -- (MegaINTL) DRV - [2006.07.06 13:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2006.04.06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2006.03.08 22:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.02.26 18:21:18 | 000,163,277 | ---- | M] (LSI Logic Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\MegaIDE.sys -- (MegaIDE) DRV - [2006.02.26 18:21:18 | 000,045,392 | ---- | M] (Intel) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\raidsrc.sys -- (raidsrc) DRV - [2006.02.26 18:21:16 | 000,044,998 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys -- (hpt3xx) DRV - [2004.12.09 12:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2004.08.24 11:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.27 23:53:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.27 23:53:09 | 000,000,000 | ---D | M] [2011.02.11 22:38:59 | 000,000,000 | ---D | M] (No name found) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Extensions [2011.04.27 23:53:31 | 000,000,000 | ---D | M] (No name found) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Firefox\Profiles\6mxr3sg4.default\extensions [2011.04.18 14:44:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Firefox\Profiles\6mxr3sg4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.27 23:53:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Firefox\Profiles\6mxr3sg4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.18 14:44:50 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Firefox\Profiles\6mxr3sg4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.04.18 14:44:49 | 000,000,000 | ---D | M] (Adblock Plus) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Firefox\Profiles\6mxr3sg4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.18 14:44:52 | 000,000,000 | ---D | M] (Greasemonkey) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Firefox\Profiles\6mxr3sg4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.04.18 14:44:52 | 000,000,000 | ---D | M] (Conduit Engine) -- c:\Documents and Settings\Wetering\Application Data\mozilla\Firefox\Profiles\6mxr3sg4.default\extensions\engine@conduit.com [2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- c:\Documents and Settings\Wetering\Application Data\Mozilla\Firefox\Profiles\6mxr3sg4.default\searchplugins\conduit.xml [2011.04.27 22:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.02.27 20:07:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2011.02.27 20:07:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.04.27 23:52:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.02.27 20:07:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll [2011.04.27 23:53:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.27 23:53:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011.04.27 23:53:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.27 23:53:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.27 23:53:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.27 23:53:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe () O4 - Startup: c:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iolo Macro Magic.lnk = C:\Program Files\Iolo\Macro Magic\Macros.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ProfileQuotaMessage = You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. - Der Speicherplatz für Ihre Profildaten ist ausgeschöpft. Sie müssen einige Daten aus Ihrem Profil löschen, bevor Sie sich abmelden können. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxProfileSize = 30000 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarnUser = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarnUserTimeout = 15 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - c:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - c:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = khswnt01.khs-ag.de O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\CAF: DllName - C:\Program Files\CA\DSM\Bin\cfwlogon.dll - C:\Program Files\CA\DSM\Bin\cfWlogon.dll (CA) O20 - Winlogon\Notify\rcHostExt: DllName - C:\Program Files\CA\DSM\Bin\rcLoginExt.dll - C:\Program Files\CA\DSM\Bin\rcLoginExt.dll (CA) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.19 13:33:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.09.07 23:33:40 | 000,000,146 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\##DE-KL-FS01#Owes\Shell - "" = AutoRun O33 - MountPoints2\##DE-KL-FS01#Owes\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##DE-KL-FS01#Owes\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL enable\autoready.exe O33 - MountPoints2\{4b39622a-296b-11e0-aed3-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{4b39622a-296b-11e0-aed3-005056c00008}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4b39622a-296b-11e0-aed3-005056c00008}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.29 14:17:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- c:\Documents and Settings\Wetering\Desktop\Erunt-setup.exe [2011.04.29 14:17:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- c:\Documents and Settings\Wetering\Desktop\OTL.exe [2011.04.29 14:17:14 | 000,446,464 | ---- | C] (OldTimer Tools) -- c:\Documents and Settings\Wetering\Desktop\TFC.exe [2011.04.28 15:45:48 | 000,000,000 | ---D | C] -- c:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit [2011.04.28 15:45:47 | 000,000,000 | ---D | C] -- c:\Documents and Settings\NetworkService\Application Data\Google [2011.04.28 15:45:42 | 000,000,000 | ---D | C] -- c:\Documents and Settings\NetworkService\Local Settings\Application Data\ConduitEngine [2011.04.28 15:45:40 | 000,000,000 | ---D | C] -- c:\Documents and Settings\NetworkService\Local Settings\Application Data\softonic-de3 [2011.04.28 00:34:30 | 000,000,000 | ---D | C] -- c:\Documents and Settings\Wetering\Application Data\Malwarebytes [2011.04.28 00:34:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.04.28 00:34:20 | 000,000,000 | ---D | C] -- c:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.28 00:34:19 | 000,000,000 | ---D | C] -- c:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.04.28 00:34:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.04.28 00:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.27 21:43:20 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Application Data\Sun [2011.04.27 21:35:25 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Application Data\PriceGong [2011.04.27 21:34:07 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Application Data\Google [2011.04.27 21:34:07 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit [2011.04.27 21:34:05 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Local Settings\Application Data\softonic-de3 [2011.04.27 21:34:05 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Local Settings\Application Data\ConduitEngine [2011.04.27 21:13:54 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Application Data\Macromedia [2011.04.27 21:13:52 | 000,000,000 | ---D | C] -- c:\Documents and Settings\LocalService\Application Data\Adobe [2011.04.27 21:08:33 | 000,000,000 | ---D | C] -- c:\Documents and Settings\NetworkService\Application Data\Macromedia [2011.04.27 21:07:10 | 000,000,000 | ---D | C] -- c:\Documents and Settings\NetworkService\Application Data\Adobe [2011.04.27 20:57:34 | 000,000,000 | ---D | C] -- c:\Documents and Settings\Wetering\Application Data\9337296BC577380F3B07FD66BA600323 [2011.04.22 17:09:27 | 000,000,000 | ---D | C] -- c:\Documents and Settings\All Users\Start Menu\Programs\EA SPORTS [2011.04.22 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS [2011.04.10 13:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sciface [2011.04.05 20:47:32 | 000,000,000 | ---D | C] -- c:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2011.04.05 20:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.01.29 15:03:20 | 003,100,672 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll [2010.01.29 15:03:20 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll [2010.01.29 15:03:20 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll [2010.01.29 15:03:18 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx ========== Files - Modified Within 30 Days ========== [2011.04.29 15:16:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.04.29 15:08:48 | 000,429,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.29 15:08:48 | 000,066,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.29 15:07:13 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.04.29 15:03:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.29 14:17:19 | 000,301,568 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\g2m3e4r.exe [2011.04.29 14:17:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- c:\Documents and Settings\Wetering\Desktop\Erunt-setup.exe [2011.04.29 14:17:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Wetering\Desktop\OTL.exe [2011.04.29 14:17:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Wetering\Desktop\TFC.exe [2011.04.29 14:16:25 | 000,377,260 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\Load.exe [2011.04.29 14:05:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2011.04.29 13:51:01 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 19:05:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2011.04.28 18:00:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2011.04.28 17:05:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2011.04.28 16:09:20 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2011.04.28 15:41:23 | 000,000,112 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\M7663cI7.dat [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2011.04.28 15:41:16 | 000,120,834 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\IFn823rT.exe [2011.04.28 12:50:19 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\Defrag Local Drives.job [2011.04.28 00:34:20 | 000,000,784 | ---- | M] () -- c:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 00:28:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.18 15:42:08 | 000,002,312 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\nadine.rtf [2011.04.17 21:36:36 | 000,079,428 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\MDPlan_Ver.08.04.11.pdf [2011.04.13 14:58:09 | 000,000,104 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\Verknüpfung mit Arbeitsplatz.lnk [2011.04.11 19:37:59 | 000,002,349 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\Imaging Viewer.lnk [2011.04.10 21:14:27 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.06 14:13:12 | 000,000,104 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\Internet.lnk [2011.04.06 14:12:06 | 000,001,633 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\SAPLogon-Pad.lnk [2011.04.06 14:12:03 | 000,001,505 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\KHS Verzeichnisse.lnk [2011.04.06 14:12:03 | 000,001,083 | ---- | M] () -- c:\Documents and Settings\Wetering\Desktop\Homeverzeichnis auf dem NT-Server.lnk [2011.04.05 20:47:32 | 000,001,791 | ---- | M] () -- c:\Documents and Settings\Wetering\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ========== Files Created - No Company Name ========== [2011.04.29 14:17:14 | 000,301,568 | ---- | C] () -- c:\Documents and Settings\Wetering\Desktop\g2m3e4r.exe [2011.04.29 14:17:02 | 000,377,260 | ---- | C] () -- c:\Documents and Settings\Wetering\Desktop\Load.exe [2011.04.28 15:41:23 | 000,000,112 | ---- | C] () -- c:\Documents and Settings\All Users\Application Data\M7663cI7.dat [2011.04.28 15:41:21 | 000,120,834 | ---- | C] () -- c:\Documents and Settings\All Users\Application Data\IFn823rT.exe [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2011.04.28 15:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2011.04.28 00:34:20 | 000,000,784 | ---- | C] () -- c:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.18 15:42:08 | 000,002,312 | ---- | C] () -- c:\Documents and Settings\Wetering\Desktop\nadine.rtf [2011.04.17 21:36:33 | 000,079,428 | ---- | C] () -- c:\Documents and Settings\Wetering\Desktop\MDPlan_Ver.08.04.11.pdf [2011.04.13 14:58:08 | 000,000,104 | ---- | C] () -- c:\Documents and Settings\Wetering\Desktop\Verknüpfung mit Arbeitsplatz.lnk [2011.04.11 19:36:47 | 000,002,349 | ---- | C] () -- c:\Documents and Settings\Wetering\Desktop\Imaging Viewer.lnk [2011.04.05 20:47:32 | 000,001,791 | ---- | C] () -- c:\Documents and Settings\Wetering\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011.03.16 14:58:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.02.17 17:22:51 | 000,003,584 | ---- | C] () -- c:\Documents and Settings\Wetering\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.21 08:36:25 | 000,000,660 | ---- | C] () -- c:\Documents and Settings\Wetering\Application Data\MITGLIED.VON [2010.06.15 07:14:54 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\af15irtbl.bin [2010.06.15 07:11:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2010.06.15 07:00:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010.02.17 10:58:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.02.03 15:11:34 | 000,000,176 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2010.01.29 15:19:00 | 000,000,071 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini [2010.01.29 15:18:41 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\wwiolib.dll [2010.01.29 15:18:36 | 000,013,792 | ---- | C] () -- C:\WINDOWS\System32\wsinit.dll [2010.01.29 15:18:36 | 000,007,623 | ---- | C] () -- C:\WINDOWS\System32\wshelp.dll [2010.01.29 15:18:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\witzsrch.dll [2010.01.29 15:18:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\adssecurity.dll [2010.01.29 15:18:31 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\xcacls.exe [2010.01.29 15:18:25 | 000,051,712 | ---- | C] () -- C:\WINDOWS\CmdX64.exe [2010.01.29 15:18:25 | 000,051,712 | ---- | C] () -- C:\WINDOWS\CmdX32.exe [2010.01.29 15:05:33 | 000,000,307 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.01.29 15:05:10 | 000,005,452 | ---- | C] () -- C:\WINDOWS\SapLogon.ini [2010.01.29 15:05:10 | 000,002,921 | ---- | C] () -- C:\WINDOWS\Sapdoccd.ini [2010.01.29 15:05:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SAPMSG.INI [2010.01.29 15:03:19 | 001,129,984 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt [2010.01.29 15:03:19 | 001,124,864 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt [2010.01.29 15:00:19 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2010.01.29 15:00:19 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2010.01.29 15:00:19 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2010.01.29 15:00:19 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2010.01.29 15:00:18 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2010.01.29 14:59:47 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll [2010.01.29 14:58:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010.01.29 14:58:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2010.01.29 14:53:00 | 000,154,112 | ---- | C] () -- C:\WINDOWS\KCALoc.exe [2010.01.29 14:53:00 | 000,004,771 | ---- | C] () -- C:\WINDOWS\KCALoc.ini [2009.05.13 16:59:56 | 000,124,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008.05.19 14:17:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.05.19 13:35:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.05.19 13:30:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.05.19 13:26:03 | 000,004,325 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.05.19 13:23:45 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.04.14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002.08.29 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.08.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002.08.29 13:00:00 | 000,429,088 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.08.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002.08.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002.08.29 13:00:00 | 000,066,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.08.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002.08.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002.08.29 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002.08.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.03.13 13:15:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mupkernps11.dll [1995.02.15 01:41:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll ========== LOP Check ========== [2011.01.21 09:24:12 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Applications [2010.01.29 16:34:09 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Autodesk [2010.01.29 16:43:30 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Sophos [2011.04.27 20:57:48 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Wetering\Application Data\9337296BC577380F3B07FD66BA600323 [2010.01.29 14:53:13 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Wetering\Application Data\CA [2011.04.27 21:29:10 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Wetering\Application Data\PriceGong [2010.01.29 15:18:55 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Wetering\Application Data\WinBatch [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2011.04.29 14:05:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2011.04.28 16:09:20 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2011.04.28 17:05:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2011.04.28 18:00:27 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2011.04.28 19:05:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2011.04.28 15:41:22 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2011.04.28 12:50:19 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\Defrag Local Drives.job ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2011 15:11:39 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = c:\Documents and Settings\Wetering\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 3840 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 58,51 Gb Free Space | 78,51% Space Free | Partition Type: NTFS Drive D: | 522,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 74,53 Gb Total Space | 58,51 Gb Free Space | 78,51% Space Free | Partition Type: *NT5CSC Computer Name: DE-DO-130178 | User Name: Wetering | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Lync\UcMapi.exe" = C:\Program Files\Microsoft Lync\UcMapi.exe:*:Enabled:UcMapi -- (Microsoft Corporation) "C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Lync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.) "C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Microsoft Lync 2010 -- (Microsoft Corporation) "C:\Documents and Settings\Wetering\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\Wetering\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "C:\Documents and Settings\Wetering\Desktop\IPCurve100Win32\IPCurve\ipcurve.exe" = C:\Documents and Settings\Wetering\Desktop\IPCurve100Win32\IPCurve\ipcurve.exe:*:Enabled:ipcurve "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{11849FBC-C416-4742-8279-17C3A2C85F72}" = Microsoft Lync 2010 "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22DDEF1F-D631-44FA-AFC4-379DF3C0F5F5}" = Humanist Fonts "{23170F69-40C1-2701-0463-000001000000}" = 7-Zip 4.63 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 C2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5506CAE1-4FB1-43F3-8E6B-FE4AACBF6D3E}" = Image View "{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Driver WXP Ver.1.01.05 "{624FA386-3A39-4EBF-9CB9-C2B484D78B29}" = CA Unicenter DSM Agent + Asset Management Plugin "{62ADA55C-1B98-431F-8618-CDF3CE4CFEEC}" = CA Unicenter DSM Agent + Software Delivery Plugin "{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{84288555-A79E-4ABD-BA53-219C4D2CA20B}" = CA Unicenter DSM Agent + Remote Control Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86) "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD0C8465-10F4-4E6E-AC0F-2102DE55B213}" = Salis "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI "{AE092EBC-CE58-4363-AD76-64FEBFA8D25B}" = Hardcopy "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CD91A011-A0DA-4EB9-AC9D-FF6F4CD0E14D}" = Innosoft Rückmeldung "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEECF731-3F08-4210-8073-7E87F58C01D3}" = Microsoft Lync 2010, MUI "{D3B19D0F-FCB6-4D23-8E0D-38E33D2D7093}" = KHS Configuration "{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}" = FUSSBALL MANAGER 06 "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.0 "{FCDA9FBA-521E-4603-B4E0-C04287129097}" = Innosoft PDF - Printer "{FF11005D-CBC8-45D5-A288-25C7BB304121}" = Sophos Remote Management System "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "AutoHotkey" = AutoHotkey 1.0.48.05 "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "conduitEngine" = Conduit Engine "DWG TrueView 2009" = DWG TrueView 2009 "FreePDF_XP" = FreePDF XP (Remove only) "Google Chrome" = Google Chrome "GPL Ghostscript 8.62" = GPL Ghostscript 8.62 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "IE7-MUI" = Windows Internet Explorer 7 Multilingual User Interface (MUI) "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SAP_EasyDMS_Unicode" = SAP Easy Document Management System (UNICODE) "SAPBI" = SAP Business Explorer "SAPGUI710" = SAP GUI 7.10 "softonic-de3 Toolbar" = softonic-de3 Toolbar "Veetle TV" = Veetle TV 0.9.18 "VMware_Player" = VMware Player "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 24.02.2011 09:02:21 | Computer Name = DE-DO-130178 | Source = Google Update | ID = 20 Description = Error - 24.02.2011 14:42:32 | Computer Name = DE-DO-130178 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 24.02.2011 14:43:42 | Computer Name = DE-DO-130178 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "KHSWNT01\Wetering" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 24.02.2011 15:02:01 | Computer Name = DE-DO-130178 | Source = Google Update | ID = 20 Description = Error - 24.02.2011 16:02:00 | Computer Name = DE-DO-130178 | Source = Google Update | ID = 20 Description = Error - 24.02.2011 17:02:05 | Computer Name = DE-DO-130178 | Source = Google Update | ID = 20 Description = Error - 25.02.2011 09:06:51 | Computer Name = DE-DO-130178 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 25.02.2011 09:07:16 | Computer Name = DE-DO-130178 | Source = UserInit | ID = 1000 Description = Folgendes Skript konnte nicht ausgeführt werden: Startup.bat. Das System kann die angegebene Datei nicht finden. Error - 25.02.2011 09:07:17 | Computer Name = DE-DO-130178 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 25.02.2011 09:10:21 | Computer Name = DE-DO-130178 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. [ System Events ] Error - 29.04.2011 08:56:27 | Computer Name = DE-DO-130178 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "winmgmt" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Error - 29.04.2011 08:56:58 | Computer Name = DE-DO-130178 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "winmgmt" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Error - 29.04.2011 08:57:29 | Computer Name = DE-DO-130178 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "winmgmt" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Error - 29.04.2011 08:58:00 | Computer Name = DE-DO-130178 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "winmgmt" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Error - 29.04.2011 08:58:30 | Computer Name = DE-DO-130178 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "netman" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 29.04.2011 09:04:32 | Computer Name = DE-DO-130178 | Source = NETLOGON | ID = 5719 Description = Es steht kein Domänencontroller für die Domäne KHSWNT01 aus folgendem Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. Error - 29.04.2011 09:04:45 | Computer Name = DE-DO-130178 | Source = W32Time | ID = 39452689 Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer "ntp.khs-resources.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751) Error - 29.04.2011 09:04:45 | Computer Name = DE-DO-130178 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 29.04.2011 09:04:45 | Computer Name = DE-DO-130178 | Source = W32Time | ID = 39452689 Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer "ntp.khs-resources.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751) Error - 29.04.2011 09:04:45 | Computer Name = DE-DO-130178 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. < End of report > habe Malwarebytes durchlaufen lassen und er hat so einiges gelöscht und vieles da in karantäne verschoben . So eben öffnete sich der Komische Prozess IFn823rT.exe 30 mal ! er hat ca 5.245 bytes an kapazität . Neuerdings geht der Ton nicht mehr , das lautstärkesymbol unten links in der ecke ist nicht mehr vorhanden |
06.05.2011, 12:14 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit dem PCZitat:
__________________ |
12.05.2011, 11:06 | #3 |
| Problem mit dem PC sowas war auf dem lapotop doch der ist nun ja ein wenig hinüber . beim starten blinkte die stromanzeige auf und nix tut sich ! hatte gehofft man kann mir so helfen ! der laptop funktionierte zwischendurch einwandfrei doch dann kamen wieder rückfälle
__________________ |
12.05.2011, 11:23 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit dem PC Aber die OTL-Log stammen vom Laptop?
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2011, 19:51 | #5 |
| Problem mit dem PC ja das tun sie ... ich habe mal nach der datei geuscht bzw sie ausfindig gemacht und gelöscht ! er war relativ gut versteckt :=) aber habe ihn vorhin gelöscht bekommen , scheint alles gut zu funzen ! danke trotzem falls jmd es durchgelesen hat ^^ |
25.05.2011, 21:34 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit dem PC Die Logs von MBAM würden mich aber dennoch interessieren...
__________________ --> Problem mit dem PC |