| ObiWanKenobi | 11.02.2013 14:57 |
Trojan.Win32.Yakes.cboa vollständig entfernen.
Hallo Community,
habe mir "Trojan.Win32.Yakes.cboa" eingefangen. Infektionssituation unklar da es beim drucken aus dem Internetexplorer heraus auftrat. Vermutlich durch veraltetes Java.
OS ist Win XP 32bit mit Norton 360.
Als erstes habe ich mit Kasperski Rescue Disk 10 gescant und gelöscht: Code:
Untersuchung von Objekten: wurde abgeschlossen vor 3 Minuten (Ereignis: 10, Objekte: 720766, Zeit: 02:35:29)
11.02.13 09:34 Aufgabe wurde gestartet
11.02.13 09:43 Gefunden: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Anwendungsdaten/skype.dat
11.02.13 09:43 Nicht desinfizierte Objekte: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Anwendungsdaten/skype.dat Zurückgestellt
11.02.13 09:46 Gefunden: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Lokale Einstellungen/Temp/ww18y0csgr39l98hscp493.exe
11.02.13 09:46 Nicht desinfizierte Objekte: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Lokale Einstellungen/Temp/ww18y0csgr39l98hscp493.exe Zurückgestellt
11.02.13 11:44 Gefunden: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Anwendungsdaten/skype.dat
11.02.13 12:09 Gelöscht: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Anwendungsdaten/skype.dat
11.02.13 12:09 Gefunden: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Lokale Einstellungen/Temp/ww18y0csgr39l98hscp493.exe
11.02.13 12:09 Gelöscht: Trojan.Win32.Yakes.cboa C:/Dokumente und Einstellungen/Administrator/Lokale Einstellungen/Temp/ww18y0csgr39l98hscp493.exe
11.02.13 12:09 Aufgabe wurde abgeschlossen
neu gestartet, defogger erfolgreich ausgeführt und anschließend die OTL logfiles gemacht:
-nicht wundern wenn die zeiten der logs nicht übereinstimmen, ich hatte OTL kurz gekillt da ich den Norton noch an hatte.. dann hatte es keine extra.txt mehr erstellt und ich hab die alte genommen.. :stirn:
OTL.txt Code:
OTL logfile created on: 11.02.2013 13:06:23 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 80,94% Memory free
4,07 Gb Paging File | 3,41 Gb Available in Paging File | 83,83% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,07 Gb Total Space | 2,04 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
Drive D: | 35,40 Gb Total Space | 32,98 Gb Free Space | 93,18% Space Free | Partition Type: NTFS
Drive F: | 487,16 Mb Total Space | 205,89 Mb Free Space | 42,26% Space Free | Partition Type: FAT32
Computer Name: BINE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.11 12:49:18 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
PRC - [2013.02.11 12:09:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2013.02.01 16:25:24 | 000,443,392 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Internettransfer\LxTrans.exe
PRC - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.25 15:25:30 | 000,393,944 | ---- | M] (Dell Inc.) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2006.12.07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2006.12.07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2006.12.05 18:09:44 | 000,278,528 | ---- | M] (Dell) -- C:\Programme\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
PRC - [2006.10.31 13:13:02 | 000,077,824 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2006.10.31 13:13:00 | 001,990,656 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2013.02.11 12:49:18 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
MOD - [2013.01.09 16:12:51 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013.01.09 16:12:41 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013.01.09 16:12:29 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\12f94ec43a0160ab9ddd755b0e1be881\System.Windows.Forms.ni.dll
MOD - [2013.01.09 16:12:09 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013.01.09 16:11:36 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013.01.09 16:11:13 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011.01.13 10:44:24 | 000,232,800 | ---- | M] () -- C:\Programme\StarMoney 8.0\ouservice\patchw32.dll
MOD - [2009.10.06 14:36:56 | 000,205,312 | ---- | M] () -- C:\Programme\StarMoney 7.0\ouservice\patchw32.dll
MOD - [2006.12.20 14:27:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\DellFaxPort_x86.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013.02.09 11:47:38 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.10.23 16:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2006.12.07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006.12.07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2006.10.31 13:13:02 | 000,077,824 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2006.10.31 13:13:00 | 001,990,656 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2004.10.22 01:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.01.16 14:21:41 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130210.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.16 14:21:41 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130210.008\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.09.01 01:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130208.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.08.09 08:37:58 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 08:37:58 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.02.10 10:59:26 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.21 02:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI)
DRV - [2011.03.31 04:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011.03.31 04:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011.03.15 03:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011.01.27 07:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011.01.27 06:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2009.02.25 20:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009.02.25 20:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008.05.02 09:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.09.12 16:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.06.26 10:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)
DRV - [2007.03.23 19:01:02 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2005.04.01 16:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.09.17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001.08.17 11:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2001.08.17 11:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-218350734-1337111683-2436795941-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-218350734-1337111683-2436795941-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-218350734-1337111683-2436795941-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-218350734-1337111683-2436795941-500\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=5
IE - HKU\S-1-5-21-218350734-1337111683-2436795941-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013.02.03 11:55:54 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.11 10:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013.02.11 12:16:37 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - c:\Programme\lotus\organize\iehelper.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-218350734-1337111683-2436795941-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DellNSCST_GRNCH] C:\Programme\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe (Dell)
O4 - HKLM..\Run: [DLPSP] C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TransferManager] C:\Programme\Gemeinsame Dateien\Lexware\Internettransfer\LxTrans.exe (Haufe-Lexware GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\Andi\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\Bine neu\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\Bine neu\Startmenü\Programme\Autostart\Lotus Organizer EasyClip.lnk = C:\Programme\lotus\organize\easyclip6.exe (Lotus Development Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\Sabine\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-218350734-1337111683-2436795941-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\Programme\lotus\organize\bandobjs.dll ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {1E69AFBB-58D2-4525-9244-7AC7A4FF3F25} hxxp://172.27.1.39/vmsx.cab (VMSX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348410172187 (MUWebControl Class)
O16 - DPF: {73888E2B-FF04-416C-8847-984D7FC4507F} hxxp://172.27.1.37/RtspVaPgDecNew2.cab (RtspVaPgCtrlNew2 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://172.27.1.40/AxViewer/AxMediaControl.cab (AxMediaControl Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-218350734-1337111683-2436795941-500 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 12:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.11 12:53:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
[2013.02.11 12:35:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.11 12:35:54 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.11 12:35:51 | 031,512,992 | ---- | C] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Administrator\Desktop\jre-7u13-windows-i586.exe
[2013.02.11 12:35:51 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013.02.11 12:35:28 | 239,636,840 | ---- | C] (Emsisoft GmbH ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftAntiMalwareSetup.exe
[2013.02.11 12:35:28 | 005,030,592 | ---- | C] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
[2013.02.11 12:35:27 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ccsetup327.exe
[2013.02.11 09:57:19 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.02.04 17:09:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search
[2013.01.31 18:26:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.31 18:09:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
[2013.01.31 18:09:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2013.01.31 18:08:28 | 000,000,000 | ---D | C] -- C:\Programme\Windows Desktop Search
[2013.01.31 18:08:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013.01.31 18:04:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013.01.31 18:04:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013.01.31 18:03:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Downloads
[2013.01.31 18:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Download Manager
[2013.01.31 18:03:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Download Manager
[2013.01.31 17:21:36 | 004,940,344 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxMail100.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxBasics100.dll
[2013.01.31 16:05:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office
[2013.01.31 16:04:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2013.01.31 16:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Microsoft
[2013.01.31 16:00:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2013.01.31 16:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013.01.31 15:59:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2013.01.31 15:59:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
[2013.01.31 15:59:19 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.15 16:28:07 | 000,000,000 | ---D | C] -- C:\Programme\Kopie von Lexware
[2013.01.14 16:02:03 | 064,175,744 | ---- | C] (Haufe-Lexware GmbH & Co. KG ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\elster_support_setup13041305.exe
[2013.01.14 15:04:02 | 000,000,000 | ---D | C] -- C:\Zertifikat
[2013.01.14 14:56:51 | 068,756,816 | ---- | C] (Haufe-Lexware GmbH & Co. KG ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\elster_upd.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.11 13:00:00 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2013.02.11 12:54:15 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2013.02.11 12:51:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
[2013.02.11 12:50:24 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\gmer_2.0.18454.exe
[2013.02.11 12:49:18 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2013.02.11 12:47:10 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{871B52E9-7716-4949-A0E8-239B88C8B1F7}.job
[2013.02.11 12:47:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.11 12:34:32 | 005,030,592 | ---- | M] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
[2013.02.11 12:30:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.11 12:26:16 | 239,636,840 | ---- | M] (Emsisoft GmbH ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftAntiMalwareSetup.exe
[2013.02.11 12:25:14 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ccsetup327.exe
[2013.02.11 12:24:58 | 031,512,992 | ---- | M] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Administrator\Desktop\jre-7u13-windows-i586.exe
[2013.02.11 12:22:24 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013.02.11 12:21:48 | 000,587,659 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
[2013.02.11 12:20:44 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.11 12:16:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.11 12:16:13 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.11 12:09:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.09 17:06:22 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini
[2013.02.09 11:47:33 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.09 11:47:33 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.09 11:38:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\DTABegleit.INI
[2013.02.09 11:30:47 | 000,002,345 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware QuickBooks.lnk
[2013.02.09 11:30:01 | 000,002,455 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware lohn+gehalt.lnk
[2013.02.04 17:10:05 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk
[2013.01.31 18:08:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.31 18:08:44 | 000,001,755 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
[2013.01.31 18:08:38 | 000,535,136 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.31 18:08:38 | 000,108,144 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.31 18:03:21 | 000,001,884 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Download Manager.lnk
[2013.01.31 17:21:36 | 004,940,344 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxMail100.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\WINDOWS\System32\LxBasics100.dll
[2013.01.31 16:21:52 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.30 14:41:43 | 000,070,767 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Dell Laser MFP 1815_20130130144129.pdf
[2013.01.15 16:35:08 | 000,239,888 | ---- | M] () -- C:\{1D1FFE87-448C-4257-A1B1-2FEC23278100}
[2013.01.15 16:04:19 | 030,303,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\lxelster_1304.msi
[2013.01.14 16:02:56 | 064,175,744 | ---- | M] (Haufe-Lexware GmbH & Co. KG ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\elster_support_setup13041305.exe
[2013.01.14 14:57:22 | 068,756,816 | ---- | M] (Haufe-Lexware GmbH & Co. KG ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\elster_upd.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.11 12:54:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2013.02.11 12:53:22 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\gmer_2.0.18454.exe
[2013.02.11 12:53:22 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2013.02.11 12:35:27 | 000,587,659 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
[2013.02.09 16:54:35 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini
[2013.01.31 18:23:34 | 000,002,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk
[2013.01.31 18:08:44 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
[2013.01.31 18:08:43 | 000,001,771 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Search.lnk
[2013.01.31 18:03:21 | 000,001,884 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Download Manager.lnk
[2013.01.30 14:41:29 | 000,070,767 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Dell Laser MFP 1815_20130130144129.pdf
[2013.01.16 14:50:18 | 000,002,345 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware QuickBooks.lnk
[2013.01.15 16:35:08 | 000,239,888 | ---- | C] () -- C:\{1D1FFE87-448C-4257-A1B1-2FEC23278100}
[2013.01.15 16:04:02 | 030,303,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\lxelster_1304.msi
[2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012.02.17 15:01:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.05 15:59:15 | 000,000,043 | ---- | C] () -- C:\WINDOWS\FAStdCompany.INI
[2011.09.05 15:59:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\FAFirmAssi.INI
[2011.06.16 08:34:26 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.06.16 08:29:24 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2010.11.23 19:06:45 | 000,002,982 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Oktober2010Lohnsteuer.elfo
[2009.09.16 16:06:10 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.08.13 13:02:49 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2004.08.13 13:02:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009.05.28 15:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign
[2010.11.23 18:57:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2009.05.27 11:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\klickTel
[2011.04.19 14:38:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lexware
[2010.12.31 16:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-Online
[2009.05.28 07:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2013.01.31 18:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2013.02.04 17:09:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search
[2010.09.13 14:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2010.11.23 18:56:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2007.01.08 15:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2006.09.22 13:14:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2013.02.09 11:30:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2007.06.12 12:02:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2010.04.30 14:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2009.08.12 09:04:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
[2012.04.05 17:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0
[2008.06.08 11:27:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.10.07 14:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.05.26 11:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\Lexware
[2006.09.22 12:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine neu\Anwendungsdaten\DataDesign
[2007.03.15 18:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine neu\Anwendungsdaten\F-Secure
[2006.09.22 13:16:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine neu\Anwendungsdaten\Haufe
[2007.08.05 10:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine neu\Anwendungsdaten\klickTel
[2007.08.05 10:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine neu\Anwendungsdaten\Lexware
[2008.09.04 15:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine neu\Anwendungsdaten\SPORE Creature Creator
[2009.03.02 18:18:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine neu\Anwendungsdaten\TuneUp Software
[2009.05.26 11:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Lexware
========== Purity Check ==========
< End of report >
extras.txt Code:
OTL Extras logfile created on: 11.02.2013 12:45:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 78,55% Memory free
4,07 Gb Paging File | 3,42 Gb Available in Paging File | 84,18% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,07 Gb Total Space | 2,01 Gb Free Space | 5,16% Space Free | Partition Type: NTFS
Drive D: | 35,40 Gb Total Space | 32,98 Gb Free Space | 93,18% Space Free | Partition Type: NTFS
Drive F: | 487,16 Mb Total Space | 206,66 Mb Free Space | 42,42% Space Free | Partition Type: FAT32
Computer Name: BINE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" = C:\Programme\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe:*:Enabled:DNSCST Module -- (Dell)
"C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser.exe
"C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe" = C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 7.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\StarMoney 7.0\app\StarMoney.exe" = C:\Programme\StarMoney 7.0\app\StarMoney.exe:*:Enabled:StarMoney 7.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"\\Tobdaten\PUBLIC\Eigene\Downloads\Programme\FREEFTP.EXE" = \\Tobdaten\PUBLIC\Eigene\Downloads\Programme\FREEFTP.EXE:*:Enabled:FreeFTP (Internet File Transfer Program)
"C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe" = C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 8.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\StarMoney 8.0\app\StarMoney.exe" = C:\Programme\StarMoney 8.0\app\StarMoney.exe:*:Enabled:StarMoney 8.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0EB319FA-36BB-4C1F-A21F-01DBD8529F96}" = Praxishilfen für die Buchführung
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware
"{11A80E40-621F-489C-A626-58886B60FEAC}" = Dell PC Fax deinstallieren
"{1FE39376-0169-48EE-9EEA-CFEEE6C98EE2}" = Lexware lohnauskunft Grosskunden 2007
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21C289A1-5974-4D13-A13C-D698FA757D82}" = Lexware Abschreibungsrechner
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{266F7DA7-DB01-4055-AD34-DAAEA7F7F129}" = Lexware lohnauskunft 2009
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{2EE66895-2912-4980-82FD-0AF03FB884DC}" = Lexware QuickBooks 2008
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{31CA28D1-CAE0-48EF-BFFF-BA9C81BA055A}" = StarMoney
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{3243F7AF-096D-4870-A39D-4CBAB00DA399}" = Lexware lohn+gehalt 2013
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{40D5BDFB-D6E9-459E-92A8-118DA5AFBF86}" = Lexware online banking 4.20
"{41115DDB-A8D9-48D9-B530-4A0252DFAF20}" = Lexware Zeiterfassung
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB87656-466A-49A5-AFEA-75FA2624AB61}" = Lexware QuickBooks 2013
"{52F73F8A-A7C6-4822-8CFF-1554DE1153E8}" = FloorStyle
"{566DDC8E-5350-4108-BEFA-4EC7B1BE7328}" = StarMoney 8.0
"{5B75C60B-C286-4E46-91D7-44E682F02222}" = Lexware lohnauskunft 2012
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DE161B8-9114-436C-96F3-DCD42651D94B}" = Lexware Elster
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B364EC1-9735-4BD6-9321-6D81C94DF70E}" = Lexware online banking
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7662B295-A3B1-442C-BDCB-1509338A26E9}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{8940A440-4D53-4CCF-B9AE-5D59FB71DDF6}" = Lexware reisekosten 2009
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Labor
"{8DD59B6E-6FC4-4CDC-896D-2FDF19CBE70B}" = DDBAC
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{AF333186-6D71-40A3-87FD-4BB5067D187A}" = Haufe iDesk-Browser
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney
"{B6FA7BE5-6C3F-42AF-B3C1-C1F4536920C5}" = Lexware Abschreibungsrechner
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5BD02EF-36F1-478F-88B2-D3990C62C2CB}" = SQLXML4
"{E7273151-C197-4DB1-B87E-A0D620A564F0}" = Lexware lohnauskunft Grosskunden 2007
"{E757ED52-DA67-4428-B739-5915FD349087}" = StarMoney 7.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9501E1A-10E0-4FD0-8078-3DCB761D8644}" = Lexware lohnauskunft Grosskunden 2007
"{ED70B257-A547-428E-907C-0FA7FF69A78E}" = Lexware lohnauskunft Grosskunden 2007
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F358E676-72D0-40C3-BED7-113DCFAE4F32}" = Lexware QuickBooks PLUS 2007
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{F8EF9F7F-5C73-4908-92F8-4A7F92968520}" = Lexware QuickBooks PLUS 2007
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.9
"Dell Laser MFP 1815" = Dell Laser MFP 1815 Software-Deinstallation
"DFÜ-Optimierer" = DFÜ-Optimierer 1.30
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 3.5 Home Edition
"ElsterFormular 11.5.1.4843" = ElsterFormular
"FBDBServer_2_0_is1" = Firebird 2.0.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Organizer V99.1" = Lotus Organizer 6.0
"QB_BKH" = QuickBooks Business-KnowHow
"sv.net" = sv.net
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2013 13:25:07 | Computer Name = BINE | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
erneut. Kontext: Anwendung, SystemIndex Katalog
Error - 01.02.2013 11:22:39 | Computer Name = BINE | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
erneut. Kontext: Anwendung, SystemIndex Katalog
Error - 11.02.2013 07:46:41 | Computer Name = BINE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 11.02.2013 07:46:48 | Computer Name = BINE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 09.02.2013 10:59:31 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 09.02.2013 11:57:38 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 09.02.2013 11:57:38 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 09.02.2013 11:57:38 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.02.2013 04:27:38 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 11.02.2013 04:27:38 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.02.2013 04:27:38 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.02.2013 07:16:53 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 11.02.2013 07:16:53 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.02.2013 07:16:53 | Computer Name = BINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
neu gestartet und Gmer ohne IAT/EAT und nur auf der Systempartition ausgeführt:
- eingefroren bei C:\Programme\Java\jre1.5.0_06\lib\zi\America\St_Vincent
Ist bei diesem Trojaner zu erwarten das der mehr mitbringt oder nur die Zahlungsaufforderung. Da dies ein Buchhaltungsrechner ist, ist die Frage ob eine komplette Neuinstallation nicht eher angeraten wird? |
