Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   windows - Delayed Write Failed (https://www.trojaner-board.de/109599-windows-delayed-write-failed.html)

luk70 10.02.2012 23:01
windows - Delayed Write Failed
 
Guten Abend zusammen

Heute aben, mitten in einem Facebook Chat wurde mein Desktop schwarz

Ein Fenster hat sich geöffnet und sich sehr schnell kopiert

der Titel ist Windows - Delayed Write Failed

der Text im Fenster ist

Failed to save all the components for the file \\System 32\\000074b5 The file is currupted or unreadable. This error may e caused by a pc hardware problem


dazu geht ein fenster von einem "antivirenprogramm" auf, welches am Schluss eine Kaufoption hat.

Ich gehe mal davon aus, dass das nicht die Lösung seine kann.

Da System ist XP professional Antivir habe ich gestern aktualisiert

Ich bin reiner user und habe ausser Anwendungsprogrammen nicht viel Ahnung von Compis

Für Hilfe bin ich dankbar.

lg luk

Chris4You 10.02.2012 23:58
Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris

luk70 11.02.2012 16:16
danke, dass Du mir hilfst, hier die FilesOTL Logfile:
Code:
OTL logfile created on: 11.02.2012 16:00:34 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.61% Memory free
4.77 Gb Paging File | 3.83 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.08 Gb Total Space | 255.85 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.74 Gb Free Space | 92.44% Space Free | Partition Type: FAT
 
Computer Name: HBSPC01 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\WINDOWS\Temp\miibvw\setup.exe (Tomasz Pawlak)
PRC - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA.exe ()
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe ()
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Programme\AVG\AVG9\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe ()
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICZE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Addon\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA.exe ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe ()
MOD - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtNetwork4.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtCore4.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\mingwm10.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TomTomHOMEService) --  File not found
SRV - (HWDeviceService.exe) --  File not found
SRV - (getPlusHelper) getPlus(R) --  File not found
SRV - (AMService) -- C:\WINDOWS\TEMP\miibvw\setup.exe (Tomasz Pawlak)
SRV - (vToolbarUpdater) -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (Mobile Partner. RunOuc) -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (se26unic) -- C:\WINDOWS\system32\trioservice.dll (Oak Technology Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (FJGSDisk) -- C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (LVUVC) WebCam(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
DRV - (BtnHnd) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (FUJ02E3) -- C:\WINDOWS\system32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.live.com/sphome.aspx
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2011.09.13 19:04:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.10 22:40:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\10.0.0.7\ [2012.01.19 14:29:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.04 22:57:08 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.09 11:25:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.26 19:15:45 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2009.11.23 07:59:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2009.11.23 07:59:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.01.31 09:36:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\extensions
[2011.01.27 22:29:24 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.31 09:36:45 | 000,000,000 | -H-D | M] (MovaviDE Community Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\extensions\{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}
[2009.09.17 08:28:44 | 000,002,171 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\searchplugins\bing.xml
[2011.12.04 10:35:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.04 10:35:42 | 000,000,000 | -H-D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.04 22:57:08 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.04 22:57:04 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.19 14:28:56 | 000,003,766 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.04 22:57:04 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.04 22:57:04 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.04 22:57:04 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.04 22:57:04 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.04 22:57:04 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (MovaviDE Toolbar) - {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MovaviDE Toolbar) - {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MovaviDE Toolbar) - {A1137E37-CECC-4CBB-BA8F-E598748D4BD3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [PydcCCBGCsduGr.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Programme\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSUtility] C:\Addon\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TvOutSwitch] C:\Addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [EPSON B-300] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [TomTomHOME.exe] "F:\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKCU..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - c:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C38D4EB7-E0A3-4A88-B3D7-2C6E9F7CDF4C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.24 19:56:16 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4425dfe2-de2c-11e0-accc-00216a4279fc}\Shell - "" = AutoRun
O33 - MountPoints2\{4425dfe2-de2c-11e0-accc-00216a4279fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4425dfe2-de2c-11e0-accc-00216a4279fc}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{bc33a382-9850-11de-9b19-00216a4279fc}\Shell - "" = AutoRun
O33 - MountPoints2\{bc33a382-9850-11de-9b19-00216a4279fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bc33a382-9850-11de-9b19-00216a4279fc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cbe2eaac-2660-11e1-ad27-00216a4279fc}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe2eaac-2660-11e1-ad27-00216a4279fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbe2eaac-2660-11e1-ad27-00216a4279fc}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{dd7813db-d7f9-11de-9b58-0023265e845a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.11 15:59:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.02.11 15:50:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent
[2012.02.10 21:50:46 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\System Check
[2012.02.09 22:55:37 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook
[2012.02.09 10:48:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AVG Secure Search
[2012.02.09 10:45:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\pss
[2012.01.26 19:15:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2012.01.26 19:15:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird
[2012.01.26 19:15:43 | 000,000,000 | -H-D | C] -- C:\Programme\Mozilla Thunderbird
[2012.01.19 14:29:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\cache
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.11 15:58:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.02.11 15:50:50 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.11 15:50:41 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA
[2012.02.11 15:50:34 | 000,350,208 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA.exe
[2012.02.11 15:50:10 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.11 15:50:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012.02.11 15:49:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.11 15:49:55 | 3149,684,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.10 23:10:04 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.10 23:00:03 | 000,001,018 | -H-- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005UA.job
[2012.02.10 23:00:01 | 000,000,996 | -H-- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005Core.job
[2012.02.10 21:50:47 | 000,000,851 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\System Check.lnk
[2012.02.10 21:50:42 | 000,000,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hQTY2BuQJeRyUy
[2012.02.10 21:41:13 | 000,441,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe
[2012.02.10 18:54:42 | 092,728,301 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012.02.09 09:16:58 | 000,002,461 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Microsoft Office Word 2007.lnk
[2012.02.05 00:22:16 | 000,000,156 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.01.22 20:45:49 | 000,034,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.19 20:55:02 | 000,006,296 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2012.01.19 20:54:37 | 000,000,088 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\.gtk-bookmarks
[2012.01.12 18:35:44 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.11 15:50:41 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA
[2012.02.11 15:50:34 | 000,350,208 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA.exe
[2012.02.10 22:07:04 | 3149,684,736 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.10 21:50:47 | 000,000,851 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\System Check.lnk
[2012.02.10 21:50:42 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hQTY2BuQJeRyUy
[2012.02.10 21:42:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012.02.10 21:41:14 | 000,441,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe
[2012.02.09 22:55:38 | 000,001,018 | -H-- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005UA.job
[2012.02.09 22:55:38 | 000,000,996 | -H-- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005Core.job
[2012.01.19 20:55:02 | 000,006,296 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2012.01.19 20:54:37 | 000,000,088 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\.gtk-bookmarks
[2011.09.25 17:00:28 | 000,004,873 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qjaxlkio.dss
[2011.04.04 05:59:14 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.18 11:28:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009.10.21 06:54:33 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.10.16 06:47:33 | 000,000,156 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.18 12:34:12 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\CDEB300EURO.ini
[2009.09.09 07:05:45 | 000,002,653 | -H-- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2009.09.04 06:42:21 | 000,048,338 | -H-- | C] () -- C:\WINDOWS\hpiins01.dat
[2009.09.04 06:42:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpimdl01.dat
[2009.08.20 12:48:07 | 000,034,304 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.13 10:29:55 | 000,000,432 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.08.13 10:29:55 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2009.08.04 12:56:57 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.08.04 12:56:57 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009.08.03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009.07.27 16:02:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.07.27 15:23:54 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.07.27 15:12:47 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.27 15:12:00 | 000,050,127 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.07.27 15:11:53 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2009.07.27 15:11:52 | 001,991,464 | -H-- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009.07.27 15:11:52 | 000,432,400 | -H-- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008.06.24 20:46:41 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.06.24 20:45:36 | 000,274,968 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.06.24 20:20:23 | 000,000,849 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2008.06.24 20:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.06.24 19:52:44 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.06.24 19:38:48 | 000,001,052 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.06.24 19:38:31 | 000,464,866 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.06.24 19:38:31 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.06.24 19:38:31 | 000,087,052 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.06.24 19:38:31 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.06.24 19:38:11 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.06.24 19:38:08 | 000,446,152 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.06.24 19:38:08 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.06.24 19:38:08 | 000,073,358 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.06.24 19:38:08 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.06.24 19:38:06 | 000,004,711 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.06.24 19:38:05 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.06.24 19:38:03 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.06.24 19:37:55 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.06.24 19:37:55 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.06.24 19:37:46 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.06.24 19:37:36 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.12.21 16:46:32 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:18 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.07.13 01:00:14 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\brmsl06f.bin

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 11.02.2012 16:00:34 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.61% Memory free
4.77 Gb Paging File | 3.83 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.08 Gb Total Space | 255.85 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.74 Gb Free Space | 92.44% Space Free | Partition Type: FAT
 
Computer Name: HBSPC01 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- "C:\Programme\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Office\Office12\OUTLOOK.EXE" = C:\Programme\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}" = Lifebook Application Panel
"{272979FC-6D4A-4C25-B71A-32DD4974A022}" = Fujitsu Hotkey Utility
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}" = Rhinoceros 4.0 SR6
"{6DE39343-0C7E-4b3a-8BDC-A846B7A8CAFE}" = CameraDrivers
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}" = HP Photosmart Kameras 4.5
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AVG9Uninstall" = AVG Free 9.0
"EPSON B-300" = EPSON B-300 Printer Uninstall
"EPSON B-300_B-500DN Benutzerhandbuch" = EPSON B-300_B-500DN Handbuch
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"InstallShield_{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"InstallShield_{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniMagics" = MiniMagics
"Mobile Partner" = Mobile Partner
"Movavi Video Converter 11" = Movavi Video Converter 11
"MovaviDE Toolbar" = MovaviDE Toolbar
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird 10.0 (x86 de)" = Mozilla Thunderbird 10.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"pepakura_viewer3en" = Pepakura Viewer 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZPrint Software 7.6" = ZPrint Software 7.6
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

Chris4You 11.02.2012 16:25
Hi,

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:

:OTL
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA.exe ()
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [PydcCCBGCsduGr.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
[2012.02.10 21:50:47 | 000,000,851 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\System Check.lnk
[2012.02.10 21:50:42 | 000,000,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hQTY2BuQJeRyUy
[2012.02.10 21:41:13 | 000,441,344 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe
[2012.02.10 21:50:42 | 000,000,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hQTY2BuQJeRyUy
[2012.02.10 21:41:14 | 000,441,344 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PydcCCBGCsduGr.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Unhide

Lade Dir unhide von folgender Adresse runter und dann per Doppelklick als Admin ausführen:
http://filepony.de/download-unhide/
Es werden alle versteckten Dateien sichtbar gemacht, ggf. welche die versteckt sein sollten wieder unsichtbar machen (Auswählen im Explorer->Eingenschaften->versteckt)

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

luk70 11.02.2012 16:42
klingt vieleicht lächerlich, aber wie krieg ich diesen inhalt der Codebox ins OTL Fenster? Wenn ich das kopier, dann muss ich es ja einer Datei speichern, um das mit dem Stick auf den andern Rechner zu bringen, und da kann ich ja kein Programm öffnen um da wieder mit copy paste den Text ins Fenster zu kriegen.

luk70 11.02.2012 16:46
sorry für die dumme Frage, habs hingekriegt, Dokumente *.txt kann ich direkt öffnen

luk70 13.02.2012 18:12
So, ich hab das Prozedere am Samstag gemacht. Da nach dem Neustart wieder Warnungen von Malware da waren, hab ich gleich nochmal durchlaufen lassen.




Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: HBSPC01 [Administrator]

Schutz: Aktiviert

11.02.2012 17:00:53
mbam-log-2012-02-11 (17-00-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202936
Laufzeit: 4 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\WINDOWS\system32\trioservice.dll (RootKit.0Access.H) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\WINDOWS\system32\trioservice.dll (RootKit.0Access.H) -> Löschen bei Neustart.

(Ende)

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: HBSPC01 [Administrator]

Schutz: Aktiviert

11.02.2012 17:20:42
mbam-log-2012-02-11 (17-20-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203024
Laufzeit: 7 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: HBSPC01 [Administrator]

Schutz: Aktiviert

12.02.2012 21:54:59
mbam-log-2012-02-12 (21-54-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203295
Laufzeit: 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\WINDOWS\system32\tm_cfw.dll (RootKit.0Access.H) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 25
C:\WINDOWS\system32\tm_cfw.dll (RootKit.0Access.H) -> Löschen bei Neustart.
C:\WINDOWS\system32\aegisp.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\agnwifi.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\citrixxteserver.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\DgiVecp.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\diskeeper.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\HPFECP20.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\jsdaemon.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\mpfservice.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\netsvc.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\nimcdldu.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\ntfs.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\nvidesm.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\pcx1nd5.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\ProcObsrv.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\qbreminderflash.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\rdbss.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\SaiU040B.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\ScFBPNT3.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\sqlagent$soshome22.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\swwd.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\webclient.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\WGX.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\wlluc48.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\ikfilesec.dll (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


luk

Chris4You 13.02.2012 18:18
Hi,

das ist leider nur die halbe Miete:

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Da beim letzten Mal der auch nicht alles geschafft hat:
Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

luk70 13.02.2012 19:28
ich habe die beiden Programme jetzt auch ausgeführt.
Der TDSS Killer hat mich zu einem Neustart aufgefordert. Ich dachte, dass er das Log nachher erstellt, wie das die andern Programme auch gemacht haben. Dieser Log fehlt jetzt leider.

Der von Combo-Fix ist hier:

Combofix Logfile:
Code:
ComboFix 12-02-13.01 - Admin 13.02.2012  18:56:58.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3004.2630 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Eigene Dateien\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\3H0P2cNf8J3BvA
c:\windows\$NtUninstallKB58459$\2903656777\@
c:\windows\$NtUninstallKB58459$\2903656777\cfg.ini
c:\windows\$NtUninstallKB58459$\2903656777\Desktop.ini
c:\windows\$NtUninstallKB58459$\2903656777\L\mrwngsyf
c:\windows\$NtUninstallKB58459$\2903656777\twl.dll
c:\windows\$NtUninstallKB58459$\2903656777\U\00000001.@
c:\windows\$NtUninstallKB58459$\2903656777\U\00000002.@
c:\windows\$NtUninstallKB58459$\2903656777\U\00000004.@
c:\windows\$NtUninstallKB58459$\2903656777\U\80000000.@
c:\windows\$NtUninstallKB58459$\2903656777\U\80000004.@
c:\windows\$NtUninstallKB58459$\2903656777\U\80000032.@
c:\windows\$NtUninstallKB58459$\2903656777\version
c:\windows\$NtUninstallKB58459$\87413221
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\ec618af52cd76bfa.fb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\FSC__PI__LIFEBOOK E8420__FUJITSU_FJNB1E8__Version 3.03_FSC - 3030000_Version 3.03 .MRK
.
Infizierte Kopie von c:\windows\system32\drivers\serial.sys wurde gefunden und desinfiziert
Kopie von - The cat found it :) wurde wiederhergestellt
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
-------\Service_AMService
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-13 bis 2012-02-13  ))))))))))))))))))))))))))))))
.
.
2012-02-13 18:04 . 2001-08-18 03:35        35913        ----a-w-        c:\windows\system32\drivers\smcirda.sys
2012-02-13 18:04 . 2001-08-18 03:35        35913        ----a-w-        c:\windows\system32\dllcache\smcirda.sys
2012-02-13 18:04 . 2001-08-17 11:13        27165        ----a-w-        c:\windows\system32\drivers\fetnd5.sys
2012-02-13 18:04 . 2001-08-17 11:13        27165        ----a-w-        c:\windows\system32\dllcache\fetnd5.sys
2012-02-13 17:54 . 2008-04-14 12:00        65536        ----a-w-        c:\windows\system32\drivers\serial.sys
2012-02-13 17:27 . 2012-02-13 17:27        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-02-13 16:49 . 2012-02-13 16:49        --------        d-----w-        c:\programme\Gemeinsame Dateien\Skype
2012-02-13 16:49 . 2012-02-13 16:49        --------        d-----r-        c:\programme\Skype
2012-02-11 17:24 . 2012-02-08 20:31        134104        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll
2012-02-11 15:59 . 2012-02-11 15:59        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2012-02-11 15:59 . 2012-02-11 15:59        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-11 15:59 . 2012-02-11 15:59        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-02-11 15:59 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-11 15:48 . 2012-02-11 15:48        --------        d-----w-        C:\_OTL
2012-02-11 15:00 . 2012-02-11 15:00        --------        d-sh--w-        c:\dokumente und einstellungen\NetworkService\IETldCache
2012-02-10 20:42 . 2012-02-13 17:48        0        --sha-w-        c:\windows\system32\dds_trash_log.cmd
2012-02-09 21:55 . 2012-02-09 21:55        --------        d-----w-        c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook
2012-01-26 18:15 . 2012-02-13 06:51        --------        d-----w-        c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Thunderbird
2012-01-26 18:15 . 2012-01-26 18:15        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Thunderbird
2012-01-26 18:15 . 2012-02-11 20:46        --------        d-----w-        c:\programme\Mozilla Thunderbird
2012-01-19 16:02 . 2012-02-08 20:31        45016        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll
2012-01-19 16:02 . 2012-02-08 17:12        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll
2012-01-19 16:02 . 2012-02-08 17:12        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll
2012-01-19 16:02 . 2012-02-08 17:12        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2008-06-24 18:38        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-06-24 18:38        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-06-24 18:38        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-06-24 18:38        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-06-24 18:38        152064        ----a-w-        c:\windows\system32\schannel.dll
2012-02-08 20:31 . 2012-02-11 17:24        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}"= "c:\programme\MovaviDE\prxtbMov0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}]
2011-05-09 09:49        176936        ----a-w-        c:\programme\MovaviDE\prxtbMov0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}"= "c:\programme\MovaviDE\prxtbMov0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1137E37-CECC-4CBB-BA8F-E598748D4BD3}"= "c:\programme\MovaviDE\prxtbMov0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-30 39408]
"Facebook Update"="c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe" [2012-02-09 137536]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 141848]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1040384]
"PSUtility"="c:\addon\Fujitsu\PSUtility\TrayManager.exe" [2008-04-17 118784]
"TvOutSwitch"="c:\addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400]
"LoadFUJ02E3"="c:\programme\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-01-31 88616]
"SSUtility"="c:\addon\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 233472]
"IndicatorUtility"="c:\programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-20 90112]
"LoadFujitsuQuickTouch"="c:\addon\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 353792]
"LoadBtnHnd"="c:\programme\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-07-15 371712]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMwBaAEMAOQAtAEUASwBBAFIAUwAtADYAUgBXAEcAQQAtAEEAQQBUAEMAVQAtAFYAUAA5AEYATgA&inst=NwA3AC0ANAAzADAANgAzADcAOAA5ADYALQBYAEwAKwAxAC0AVAA1AC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAFgATwA5ACsAMQAtAEQARABUACsAMQA4ADMANQA0AC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGADkAMABUAEIAKwAyAA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]
2008-04-17 12:00        32768        ----a-r-        c:\windows\system32\PSUWNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages        REG_MULTI_SZ          msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Dokumente und Einstellungen\\Admin\\Lokale Einstellungen\\Anwendungsdaten\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [27.07.2009 15:22 7168]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -/service --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -/service [?]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.02.2012 16:59 652360]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27.07.2009 15:11 244368]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [27.07.2009 15:11 4864]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [13.09.2011 18:57 73216]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [27.07.2009 15:12 41216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [27.07.2009 15:11 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.02.2012 16:59 20464]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.07.2009 15:12 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [27.07.2009 15:12 41560]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.02.2010 11:50 27632]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [23.06.2010 10:27 136176]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\programme\Mobile Partner\UpdateDog\ouc.exe [16.11.2011 06:46 218624]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [31.01.2012 15:09 158856]
S2 TomTomHOMEService;TomTomHOMEService;f:\tomtom home 2\TomTomHOMEService.exe --> f:\tomtom home 2\TomTomHOMEService.exe [?]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [09.09.2009 07:05 2944]
S3 BrSerWDM;Brother WDM-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [09.09.2009 07:05 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [09.09.2009 07:05 11008]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [09.09.2009 07:05 10368]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [13.09.2011 18:57 102784]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.02.2010 11:50 13224]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [23.06.2010 10:27 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
se26unic
sbcssvc
W8335XP
Intel_MIPMNMP
WscNetDr
mcods
houdinilicenseserver
Rawwan
mcsysmon
msi_wlan_service
MSMQTriggers
useraccess7
papyjoy
dm1service
btwavdt
AsIO
PSI_SVC_2
ccpwdsvc
cmdagent
sscdserd
wmp54gssvc
VX3000
SPFDRV
mqdmserd
hap16v2k
UPATC
monfilt
s3ssavage
LUsbFilt
euq_monitor
DSI_SiUSBXp_3_1
VRADFIL
ndassvc
MailService
ZSMC301b
DCamUSBMke
hidir
lxcgcustomerconnect
dtscsi
maxbackserviceint
pwisvc
MSFWDrv
mps9
hcf_msft
hsxhwazl
imagedrv
qkbfiltr
sandboxu
gagp30kx
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005Core.job
- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2012-02-09 21:55]
.
2012-02-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005UA.job
- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2012-02-09 21:55]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-23 09:27]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-23 09:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\Office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-TomTomHOME.exe - f:\tomtom home 2\TomTomHOMERunner.exe
HKLM-Run-ROC_roc_dec12 - c:\programme\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-TomTom HOME - f:\tomtom home 2\Uninstall TomTom HOME.exe
AddRemove-ZPrint Software 7.6 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-13 19:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\$NtUninstallKB58459$:SummaryInformation 0 bytes hidden from API
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\PSUWNP.dll
.
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe
c:\programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe
c:\programme\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-13  19:08:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-13 18:07
.
Vor Suchlauf: 13 Verzeichnis(se), 278'202'068'992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 278'788'435'968 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 26F3439A21213DD2E112445BAFC11A24
--- --- ---

Chris4You 13.02.2012 19:45
Hi,

combofix hat was erwischt, brauche unbedingt das log vom killer... prüfe das Verzeichnis wo Du ihn hinkopiert hast auf eine testdatei...
was ist im Verzeichnis "C:\TDSSKiller_Quarantine"... (nichts ausführen!)...

chris

luk70 13.02.2012 19:53
da sind leider nur *.ini und *.dta Dateien drin

Chris4You 13.02.2012 19:58
Hi,

schade... wie verhält sich der Rechner, gibt es noch Umleitungen?
Sonst lassen wir noch einen von der Leine...

chris

luk70 13.02.2012 20:05
als ich von Google auf Trojaner-Board wollte, kam ne Umleitung auf ne andere HP
das hatte ich aber vorher nicht, oder hat mich malware einfach davor geschützt?

Chris4You 13.02.2012 20:15
Hi,

Probieren wir noch was:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Lass bitte noch mal den Killer laufen und poste das Log...

Falls das nicht hilft:
Hitman
Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten.
Downloads - SurfRight

chris

luk70 13.02.2012 21:05
OTL Logfile:
Code:
OTL logfile created on: 13.02.2012 20:26:31 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 74.00% Memory free
4.77 Gb Paging File | 4.16 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.08 Gb Total Space | 259.51 Gb Free Space | 87.06% Space Free | Partition Type: NTFS
 
Computer Name: HBSPC01 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Addon\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\extensions\{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}\components\RadioWMPCoreGecko10.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtNetwork4.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtCore4.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\mingwm10.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WscNetDr) --  File not found
SRV - (VX3000) --  File not found
SRV - (UPATC) --  File not found
SRV - (TomTomHOMEService) --  File not found
SRV - (sscdserd) --  File not found
SRV - (SPFDRV) --  File not found
SRV - (se26unic) --  File not found
SRV - (sbcssvc) --  File not found
SRV - (sandboxu) --  File not found
SRV - (s3ssavage) --  File not found
SRV - (Rawwan) --  File not found
SRV - (qkbfiltr) --  File not found
SRV - (MSFWDrv) --  File not found
SRV - (mqdmserd) --  File not found
SRV - (monfilt) --  File not found
SRV - (mcods) --  File not found
SRV - (LUsbFilt) --  File not found
SRV - (imagedrv) --  File not found
SRV - (HWDeviceService.exe) --  File not found
SRV - (hsxhwazl) --  File not found
SRV - (hcf_msft) --  File not found
SRV - (getPlusHelper) getPlus(R) --  File not found
SRV - (gagp30kx) --  File not found
SRV - (euq_monitor) --  File not found
SRV - (DSI_SiUSBXp_3_1) --  File not found
SRV - (btwavdt) --  File not found
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Mobile Partner. RunOuc) -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (hap16v2k) -- C:\WINDOWS\system32\icollectservice.dll (Oak Technology Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (FJGSDisk) -- C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (LVUVC) WebCam(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
DRV - (BtnHnd) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (FUJ02E3) -- C:\WINDOWS\system32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\..\URLSearchHook: {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.11 18:24:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.09 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.11 21:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2009.11.23 07:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2009.11.23 07:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.01.31 09:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\extensions
[2011.01.27 22:29:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.31 09:36:45 | 000,000,000 | ---D | M] (MovaviDE Community Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\extensions\{a1137e37-cecc-4cbb-ba8f-e598748d4bd3}
[2009.09.17 08:28:44 | 000,002,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\yorhhorz.default\searchplugins\bing.xml
[2012.02.13 09:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.19 14:28:56 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.13 19:04:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (MovaviDE Toolbar) - {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (MovaviDE Toolbar) - {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (MovaviDE Toolbar) - {A1137E37-CECC-4CBB-BA8F-E598748D4BD3} - C:\Programme\MovaviDE\prxtbMov0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSUtility] C:\Addon\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TvOutSwitch] C:\Addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKCU..\Run: [Facebook Update] C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - c:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C38D4EB7-E0A3-4A88-B3D7-2C6E9F7CDF4C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.24 19:56:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.13 19:04:42 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\drivers\smcirda.sys
[2012.02.13 19:04:42 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012.02.13 19:04:35 | 000,027,165 | ---- | C] (VIA Technologies, Inc.              ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012.02.13 18:53:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.02.13 18:50:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.02.13 18:50:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.02.13 18:50:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.02.13 18:50:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.02.13 18:50:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.02.13 18:50:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.13 18:27:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.02.13 17:49:42 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.02.13 17:49:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.02.13 17:49:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012.02.11 16:59:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2012.02.11 16:59:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.02.11 16:59:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.02.11 16:59:06 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.02.11 16:59:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.02.11 16:48:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.11 16:44:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Recent
[2012.02.11 15:59:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.02.10 21:50:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\System Check
[2012.02.09 22:55:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook
[2012.02.09 10:45:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.01.26 19:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2012.01.26 19:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird
[2012.01.26 19:15:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2008.06.24 19:38:17 | 000,005,632 | ---- | C] (Oak Technology Inc.) -- C:\WINDOWS\System32\NWUSBPort.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.13 20:10:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.13 20:00:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005UA.job
[2012.02.13 19:43:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.13 19:43:15 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 19:43:12 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012.02.13 19:43:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.13 19:43:08 | 3149,705,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.13 19:04:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.02.13 18:53:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.02.13 17:58:06 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.02.13 09:05:46 | 000,002,461 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Microsoft Office Word 2007.lnk
[2012.02.12 23:00:01 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005Core.job
[2012.02.11 21:46:49 | 000,001,638 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2012.02.11 21:16:32 | 000,000,156 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.02.11 18:24:12 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.02.11 17:21:07 | 000,465,814 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.11 17:21:07 | 000,446,820 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.11 17:21:07 | 000,087,594 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.11 17:21:07 | 000,073,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.11 16:59:08 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.11 15:58:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.01.22 20:45:49 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.19 20:55:02 | 000,006,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2012.01.19 20:54:37 | 000,000,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\.gtk-bookmarks
 
========== Files Created - No Company Name ==========
 
[2012.02.13 18:53:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.02.13 18:53:03 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.02.13 18:50:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.02.13 18:50:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.02.13 18:50:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.02.13 18:50:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.02.13 18:50:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.13 17:49:42 | 000,002,241 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.02.11 21:46:49 | 000,001,644 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Thunderbird.lnk
[2012.02.11 21:46:49 | 000,001,638 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2012.02.11 18:24:12 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.02.11 18:24:12 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.02.11 16:59:08 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.10 22:07:04 | 3149,705,216 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.10 21:42:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012.02.09 22:55:38 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005UA.job
[2012.02.09 22:55:38 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2314300672-2348332469-2437391780-1005Core.job
[2012.01.19 20:55:02 | 000,006,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2012.01.19 20:54:37 | 000,000,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.gtk-bookmarks
[2011.09.25 17:00:28 | 000,004,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qjaxlkio.dss
[2011.04.04 05:59:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.18 11:28:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009.10.21 06:54:33 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.10.16 06:47:33 | 000,000,156 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.18 12:34:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEB300EURO.ini
[2009.09.09 07:05:45 | 000,002,653 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2009.09.04 06:42:21 | 000,048,338 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2009.09.04 06:42:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2009.08.20 12:48:07 | 000,034,304 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.13 10:29:55 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.08.13 10:29:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2009.08.04 12:56:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.08.04 12:56:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009.07.27 16:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.07.27 15:23:54 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.07.27 15:12:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.27 15:12:00 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.07.27 15:11:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2009.07.27 15:11:52 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009.07.27 15:11:52 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008.06.24 20:46:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.06.24 20:45:36 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.06.24 20:20:23 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.06.24 20:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.06.24 19:52:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.06.24 19:38:48 | 000,001,052 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.06.24 19:38:31 | 000,465,814 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.06.24 19:38:31 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.06.24 19:38:31 | 000,087,594 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.06.24 19:38:31 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.06.24 19:38:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.06.24 19:38:08 | 000,446,820 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.06.24 19:38:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.06.24 19:38:08 | 000,073,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.06.24 19:38:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.06.24 19:38:06 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.06.24 19:38:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.06.24 19:38:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.06.24 19:37:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.06.24 19:37:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.06.24 19:37:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.06.24 19:37:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.07.13 01:00:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsl06f.bin

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 13.02.2012 20:26:31 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 74.00% Memory free
4.77 Gb Paging File | 4.16 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.08 Gb Total Space | 259.51 Gb Free Space | 87.06% Space Free | Partition Type: NTFS
 
Computer Name: HBSPC01 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Office\Office12\OUTLOOK.EXE" = C:\Programme\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}" = Lifebook Application Panel
"{272979FC-6D4A-4C25-B71A-32DD4974A022}" = Fujitsu Hotkey Utility
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}" = Rhinoceros 4.0 SR6
"{6DE39343-0C7E-4b3a-8BDC-A846B7A8CAFE}" = CameraDrivers
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}" = HP Photosmart Kameras 4.5
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"EPSON B-300" = EPSON B-300 Printer Uninstall
"EPSON B-300_B-500DN Benutzerhandbuch" = EPSON B-300_B-500DN Handbuch
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"InstallShield_{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility
"InstallShield_{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniMagics" = MiniMagics
"Mobile Partner" = Mobile Partner
"Movavi Video Converter 11" = Movavi Video Converter 11
"MovaviDE Toolbar" = MovaviDE Toolbar
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird 10.0 (x86 de)" = Mozilla Thunderbird 10.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"pepakura_viewer3en" = Pepakura Viewer 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2012 03:44:31 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes
 Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.
 
Error - 13.02.2012 04:00:23 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes
 Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.
 
Error - 13.02.2012 04:00:39 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nmindexstoresvr.exe, Version 3.3.3.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0066325a.
 
Error - 13.02.2012 04:48:18 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes
 Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.
 
Error - 13.02.2012 12:50:34 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes
 Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.
 
Error - 13.02.2012 12:58:15 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes
 Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.
 
Error - 13.02.2012 14:01:24 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 13.02.2012 14:01:24 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 13.02.2012 14:01:24 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 13.02.2012 14:01:28 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
[ OSession Events ]
Error - 20.04.2010 03:58:40 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.04.2010 03:58:54 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.04.2010 03:59:08 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.04.2010 03:52:38 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.04.2010 03:52:57 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.09.2010 05:07:37 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 05:55:54 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 05:56:13 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 05:56:29 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 05:56:53 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst ".netframework" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Db2" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Iwebcal" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Zenos1" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Nimcdfxk" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Dnetc" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TomTomHOMEService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%3
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "MXOPSWD" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Udfreadr_xp" wurde mit folgendem Fehler beendet:  %%126
 
Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sntnlusb" wurde mit folgendem Fehler beendet:  %%126
 
 
< End of report >
--- --- ---

Chris4You 13.02.2012 21:15
Hi,

Du solltest kein Log erstellen, sondern mit dem Fix den DNS-Cache löschen,
bitte noch mal lesen und durchführen....

chris

luk70 13.02.2012 21:20
tschuldigung

Laie am Rande der Möglichkeiten, ich kann zwar alles konstruieren, im CAD, kann dir alles 5-achsig Fräsen, aber wenns hinter die Kulissen des Bedieners geht, ... naja, du siehst es ja.

Error: Unable to interpret <OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 13.02.2012 20:26:31 - Run 3> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Admin\Desktop> in the current context!
Error: Unable to interpret <Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.6001.18702)> in the current context!
Error: Unable to interpret <Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <2.93 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 74.00% Memory free> in the current context!
Error: Unable to interpret <4.77 Gb Paging File | 4.16 Gb Available in Paging File | 87.20% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme> in the current context!
Error: Unable to interpret <Drive C: | 298.08 Gb Total Space | 259.51 Gb Free Space | 87.06% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: HBSPC01 | User Name: Admin | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== File Associations ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*> in the current context!
Error: Unable to interpret <.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]> in the current context!
Error: Unable to interpret <.html [@ = htmlfile] -- Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Shell Spawning ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!
Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*> in the current context!
Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <htmlfile [edit] -- "C:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)> in the current context!
Error: Unable to interpret <InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l> in the current context!
Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!
Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!
Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!
Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!
Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!
Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!
Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Security Center Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!
Error: Unable to interpret <"FirstRunDisabled" = 0> in the current context!
Error: Unable to interpret <"AntiVirusDisableNotify" = 0> in the current context!
Error: Unable to interpret <"FirewallDisableNotify" = 0> in the current context!
Error: Unable to interpret <"UpdatesDisableNotify" = 0> in the current context!
Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!
Error: Unable to interpret <"FirewallOverride" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== System Restore Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]> in the current context!
Error: Unable to interpret <"DisableSR" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]> in the current context!
Error: Unable to interpret <"Start" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]> in the current context!
Error: Unable to interpret <"Start" = 2> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Firewall Settings ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]> in the current context!
Error: Unable to interpret <"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004> in the current context!
Error: Unable to interpret <"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005> in the current context!
Error: Unable to interpret <"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001> in the current context!
Error: Unable to interpret <"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!
Error: Unable to interpret <"EnableFirewall" = 1> in the current context!
Error: Unable to interpret <"DoNotAllowExceptions" = 0> in the current context!
Error: Unable to interpret <"DisableNotifications" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]> in the current context!
Error: Unable to interpret <"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007> in the current context!
Error: Unable to interpret <"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008> in the current context!
Error: Unable to interpret <"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004> in the current context!
Error: Unable to interpret <"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005> in the current context!
Error: Unable to interpret <"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001> in the current context!
Error: Unable to interpret <"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]> in the current context!
Error: Unable to interpret <"C:\Programme\Office\Office12\OUTLOOK.EXE" = C:\Programme\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)> in the current context!
Error: Unable to interpret <"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)> in the current context!
Error: Unable to interpret <"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!
Error: Unable to interpret <"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant> in the current context!
Error: Unable to interpret <"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer> in the current context!
Error: Unable to interpret <"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare> in the current context!
Error: Unable to interpret <"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool> in the current context!
Error: Unable to interpret <"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp> in the current context!
Error: Unable to interpret <"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer> in the current context!
Error: Unable to interpret <"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1> in the current context!
Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22> in the current context!
Error: Unable to interpret <"{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}" = Lifebook Application Panel> in the current context!
Error: Unable to interpret <"{272979FC-6D4A-4C25-B71A-32DD4974A022}" = Fujitsu Hotkey Utility> in the current context!
Error: Unable to interpret <"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload> in the current context!
Error: Unable to interpret <"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs> in the current context!
Error: Unable to interpret <"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP> in the current context!
Error: Unable to interpret <"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour> in the current context!
Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context!
Error: Unable to interpret <"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack> in the current context!
Error: Unable to interpret <"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml> in the current context!
Error: Unable to interpret <"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3> in the current context!
Error: Unable to interpret <"{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager> in the current context!
Error: Unable to interpret <"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns> in the current context!
Error: Unable to interpret <"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth> in the current context!
Error: Unable to interpret <"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0> in the current context!
Error: Unable to interpret <"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone> in the current context!
Error: Unable to interpret <"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1> in the current context!
Error: Unable to interpret <"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects> in the current context!
Error: Unable to interpret <"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery> in the current context!
Error: Unable to interpret <"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update> in the current context!
Error: Unable to interpret <"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites> in the current context!
Error: Unable to interpret <"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations> in the current context!
Error: Unable to interpret <"{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}" = Rhinoceros 4.0 SR6> in the current context!
Error: Unable to interpret <"{6DE39343-0C7E-4b3a-8BDC-A846B7A8CAFE}" = CameraDrivers> in the current context!
Error: Unable to interpret <"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm> in the current context!
Error: Unable to interpret <"{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility> in the current context!
Error: Unable to interpret <"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync> in the current context!
Error: Unable to interpret <"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053> in the current context!
Error: Unable to interpret <"{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}" = HP Photosmart Kameras 4.5> in the current context!
Error: Unable to interpret <"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics> in the current context!
Error: Unable to interpret <"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page> in the current context!
Error: Unable to interpret <"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1> in the current context!
Error: Unable to interpret <"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder> in the current context!
Error: Unable to interpret <"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight> in the current context!
Error: Unable to interpret <"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules> in the current context!
Error: Unable to interpret <"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12> in the current context!
Error: Unable to interpret <"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007> in the current context!
Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007> in the current context!
Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In> in the current context!
Error: Unable to interpret <"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager> in the current context!
Error: Unable to interpret <"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007> in the current context!
Error: Unable to interpret <"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context!
Error: Unable to interpret <"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context!
Error: Unable to interpret <"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector> in the current context!
Error: Unable to interpret <"{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor> in the current context!
Error: Unable to interpret <"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2> in the current context!
Error: Unable to interpret <"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0> in the current context!
Error: Unable to interpret <"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch> in the current context!
Error: Unable to interpret <"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9> in the current context!
Error: Unable to interpret <"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0> in the current context!
Error: Unable to interpret <"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director> in the current context!
Error: Unable to interpret <"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2> in the current context!
Error: Unable to interpret <"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1> in the current context!
Error: Unable to interpret <"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg> in the current context!
Error: Unable to interpret <"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba> in the current context!
Error: Unable to interpret <"{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility> in the current context!
Error: Unable to interpret <"{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials> in the current context!
Error: Unable to interpret <"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack> in the current context!
Error: Unable to interpret <"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility> in the current context!
Error: Unable to interpret <"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8> in the current context!
Error: Unable to interpret <"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219> in the current context!
Error: Unable to interpret <"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard> in the current context!
Error: Unable to interpret <"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver> in the current context!
Error: Unable to interpret <"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates> in the current context!
Error: Unable to interpret <"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites> in the current context!
Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX> in the current context!
Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin> in the current context!
Error: Unable to interpret <"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0> in the current context!
Error: Unable to interpret <"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53> in the current context!
Error: Unable to interpret <"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts> in the current context!
Error: Unable to interpret <"EPSON B-300" = EPSON B-300 Printer Uninstall> in the current context!
Error: Unable to interpret <"EPSON B-300_B-500DN Benutzerhandbuch" = EPSON B-300_B-500DN Handbuch> in the current context!
Error: Unable to interpret <"FreePDF_XP" = FreePDF (Remove only)> in the current context!
Error: Unable to interpret <"Google Chrome" = Google Chrome> in the current context!
Error: Unable to interpret <"HDMI" = Intel(R) Graphics Media Accelerator Driver> in the current context!
Error: Unable to interpret <"HP Photo & Imaging" = HP Image Zone 4.5> in the current context!
Error: Unable to interpret <"ie8" = Windows Internet Explorer 8> in the current context!
Error: Unable to interpret <"InstallShield_{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager> in the current context!
Error: Unable to interpret <"InstallShield_{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility> in the current context!
Error: Unable to interpret <"InstallShield_{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility> in the current context!
Error: Unable to interpret <"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility> in the current context!
Error: Unable to interpret <"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1> in the current context!
Error: Unable to interpret <"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1> in the current context!
Error: Unable to interpret <"MiniMagics" = MiniMagics> in the current context!
Error: Unable to interpret <"Mobile Partner" = Mobile Partner> in the current context!
Error: Unable to interpret <"Movavi Video Converter 11" = Movavi Video Converter 11> in the current context!
Error: Unable to interpret <"MovaviDE Toolbar" = MovaviDE Toolbar> in the current context!
Error: Unable to interpret <"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)> in the current context!
Error: Unable to interpret <"Mozilla Thunderbird 10.0 (x86 de)" = Mozilla Thunderbird 10.0 (x86 de)> in the current context!
Error: Unable to interpret <"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP> in the current context!
Error: Unable to interpret <"pepakura_viewer3en" = Pepakura Viewer 3> in the current context!
Error: Unable to interpret <"PROHYBRIDR" = 2007 Microsoft Office system> in the current context!
Error: Unable to interpret <"Redirection Port Monitor" = RedMon - Redirection Port Monitor> in the current context!
Error: Unable to interpret <"SynTPDeinstKey" = Synaptics Pointing Device Driver> in the current context!
Error: Unable to interpret <"VLC media player" = VLC media player 1.1.11> in the current context!
Error: Unable to interpret <"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7> in the current context!
Error: Unable to interpret <"Windows Media Format Runtime" = Windows Media Format 11 runtime> in the current context!
Error: Unable to interpret <"Windows Media Player" = Windows Media Player 11> in the current context!
Error: Unable to interpret <"WinGimp-2.0_is1" = GIMP 2.6.7> in the current context!
Error: Unable to interpret <"WinRAR archiver" = WinRAR> in the current context!
Error: Unable to interpret <"WMFDist11" = Windows Media Format 11 runtime> in the current context!
Error: Unable to interpret <"wmp11" = Windows Media Player 11> in the current context!
Error: Unable to interpret <"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Last 10 Event Log Errors ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ Application Events ]> in the current context!
Error: Unable to interpret <Error - 13.02.2012 03:44:31 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000> in the current context!
Error: Unable to interpret <Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes> in the current context!
Error: Unable to interpret < Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 04:00:23 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000> in the current context!
Error: Unable to interpret <Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes> in the current context!
Error: Unable to interpret < Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 04:00:39 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000> in the current context!
Error: Unable to interpret <Description = Fehlgeschlagene Anwendung nmindexstoresvr.exe, Version 3.3.3.0, fehlgeschlagenes> in the current context!
Error: Unable to interpret < Modul unknown, Version 0.0.0.0, Fehleradresse 0x0066325a.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 04:48:18 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000> in the current context!
Error: Unable to interpret <Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes> in the current context!
Error: Unable to interpret < Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 12:50:34 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000> in the current context!
Error: Unable to interpret <Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes> in the current context!
Error: Unable to interpret < Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 12:58:15 | Computer Name = HBSPC01 | Source = Application Error | ID = 1000> in the current context!
Error: Unable to interpret <Description = Fehlgeschlagene Anwendung skype.exe, Version 5.8.0.154, fehlgeschlagenes> in the current context!
Error: Unable to interpret < Modul skype.exe, Version 5.8.0.154, Fehleradresse 0x001e4187.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:01:24 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131083> in the current context!
Error: Unable to interpret <Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen> in the current context!
Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>> in the current context!
Error: Unable to interpret < ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich > in the current context!
Error: Unable to interpret <nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel> in the current context!
Error: Unable to interpret < in der signierten Datei.  .> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:01:24 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131083> in the current context!
Error: Unable to interpret <Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen> in the current context!
Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>> in the current context!
Error: Unable to interpret < ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich > in the current context!
Error: Unable to interpret <nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel> in the current context!
Error: Unable to interpret < in der signierten Datei.  .> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:01:24 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131083> in the current context!
Error: Unable to interpret <Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen> in the current context!
Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>> in the current context!
Error: Unable to interpret < ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich > in the current context!
Error: Unable to interpret <nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel> in the current context!
Error: Unable to interpret < in der signierten Datei.  .> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:01:28 | Computer Name = HBSPC01 | Source = crypt32 | ID = 131080> in the current context!
Error: Unable to interpret <Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer> in the current context!
Error: Unable to interpret < von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>> in the current context!
Error: Unable to interpret < ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ OSession Events ]> in the current context!
Error: Unable to interpret <Error - 20.04.2010 03:58:40 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 20.04.2010 03:58:54 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 20.04.2010 03:59:08 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 22.04.2010 03:52:38 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 22.04.2010 03:52:57 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 27.09.2010 05:07:37 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 17.11.2010 05:55:54 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 17.11.2010 05:56:13 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 17.11.2010 05:56:29 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 17.11.2010 05:56:53 | Computer Name = HBSPC01 | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context!
Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context!
Error: Unable to interpret < 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16> in the current context!
Error: Unable to interpret < seconds with 0 seconds of active time.  This session ended with a crash.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[ System Events ]> in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst ".netframework" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Db2" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Iwebcal" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Zenos1" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Nimcdfxk" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Dnetc" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7000> in the current context!
Error: Unable to interpret <Description = Der Dienst "TomTomHOMEService" wurde aufgrund folgenden Fehlers nicht> in the current context!
Error: Unable to interpret < gestartet:  %%3> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "MXOPSWD" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Udfreadr_xp" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Error - 13.02.2012 14:43:36 | Computer Name = HBSPC01 | Source = Service Control Manager | ID = 7023> in the current context!
Error: Unable to interpret <Description = Der Dienst "Sntnlusb" wurde mit folgendem Fehler beendet:  %%126> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << End of report >
--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_211753

Chris4You 13.02.2012 21:28
Äh,

ja; Du solltest das hier:
Code:
:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[Reboot]
in die Fix-Box vom OTL kopiern und dann ausführen lassen (Run Fix).

Dann noch mal prüfen ob die Umleitung weg ist...

chris

luk70 13.02.2012 22:17
hey chris
Bin am vierten versuch, der rechner hängt sich jedes mal auf.
Hab jetzt sicher 15 Min gewartet

Killing processes. Do not interrupt

(ich hab jetzt den Rechner gewechselt)

luk70 13.02.2012 22:20
raus komm ich nur mit entfernen des akkus. Task manager wird auch blockiert.

Chris4You 13.02.2012 22:26
Hi,

das sieht so aus, als ob immer noch ein Rootkit aktiv ist. Wenn jetzt der Taskmanager nicht mehr geht, dann ist er wieder abgeschaltet worden...

Probiere jetzt mal Hitmann...

Sonst lassen wir den Rechner von aussen Scannen, das dauert aber die ganze Nacht:
Dr. Web-Live-CD
Lade Dir das Abbild (Dr.Web CureIt! &mdash;) runter (jeweils die neuste Version, z. Z. http://download.geo.drweb.com/pub/dr...livecd-600.iso) und brenne es auf CD/DVD (mit einem Brennprogramm das ISO versteht (Nero, ImageBurn). Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen...
Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt...
Weiter Anweisungen: Dr.Web CureIt! &mdash;

ISO-Datei brennen:
Du mußt das Image mit z.B. mit Imageburn (ImgBurn, Download bei heise) auf die CD brennen... Dabei wird es dann ausgepackt und es entsteht eine boodfähige CD...Nicht einfach das IMAGE als File auf die CD brennen!

chris

luk70 14.02.2012 20:10
Nachdem ich das endlich kapiert hab, wie das mit der Firewall klappt, konnte ich Hitman arbeiten lassen ;-).
Nach dem Booten fand er alllerdings beim erneuten Scan wieder 6 Objekte. Nach einem weiteren durchlauf und Neustart hat er beim Scan nichts mehr gefunden. Bis jetzt meckert auch das Programm Malwarebytes nicht.

Soll ich noch einmal mit dem ersten Schritt anfangen, um das System zu testen?

Grüsse luk

Chris4You 14.02.2012 20:40
Hi,

poste bitte das Log von Hitmann...

Lass noch mal den Killer laufen, auch das Log posten...
Schauen wir uns noch den MBR an...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

luk70 14.02.2012 21:06
kannst Du mir bitte sagen, wo ich das Logfile vom Hitman finde?
Ich habe die Datei gesucht im Explorer, sehe da aber nirgends eine *.txt Datei

Chris4You 14.02.2012 21:22
Hi,

wenn dann sollte es eine XML-Datei sein...

chris

luk70 14.02.2012 21:39
- <Quarantine lastId="4">
- <Item type="Malware" malwareName="Trojan" score="111.0" status="PendingDelete" id="1" title="afgmp50.dll" subtitle="c:\windows\system32\" action="Deleted" dt="2012-02-14T19:45:57">
- <Scanners>
<Scanner id="G Data" name="Trojan.Sirefef.BV (Engine A)" />
<Scanner id="Ikarus" name="Trojan.Sirefef!IK" />
</Scanners>
<File path="c:\windows\system32\afgmp50.dll" hash="EEAEB1506D805271B5147CE911DF9C264D63E4D229DE4464EF879A83FB225A40" />
</Item>
- <Item type="Malware" malwareName="Malware" score="153.0" status="PendingDelete" id="2" title="i8042prt.sys" subtitle="C:\WINDOWS\system32\DRIVERS\" action="Deleted" dt="2012-02-14T19:45:57">
- <Scanners>
<Scanner id="G Data" name="Gen:Variant.Sirefef.22 (Engine A)" />
<Scanner id="DrWeb" name="BackDoor.Maxplus.69" />
<Scanner id="Ikarus" name="Trojan-Dropper.Win32.Sirefef!IK" />
</Scanners>
<File path="C:\WINDOWS\system32\DRIVERS\i8042prt.sys" hash="E70CD49110636D9497B5C5CB645F523AFBF2C07FF3B4FA3B8AB98C6D6FE3588C" />
</Item>
- <Item type="Malware" malwareName="Malware" score="153.0" status="PendingDelete" id="3" title="ipsec.sys" subtitle="C:\WINDOWS\system32\DRIVERS\" action="Deleted" dt="2012-02-14T19:51:22">
- <Scanners>
<Scanner id="G Data" name="Gen:Variant.Sirefef.22 (Engine A)" />
<Scanner id="DrWeb" name="BackDoor.Maxplus.69" />
<Scanner id="Ikarus" name="Trojan-Dropper.Win32.Sirefef!IK" />
</Scanners>
<File path="C:\WINDOWS\system32\DRIVERS\ipsec.sys" hash="529A5C385551EB6D35CB726DC7F947A95CB9036A492260C9A2EE13EF12DEB68E" />
</Item>
- <Item type="Malware" malwareName="Trojan" score="111.0" status="PendingDelete" id="4" title="ms_mpu401.dll" subtitle="c:\windows\system32\" action="Deleted" dt="2012-02-14T19:51:22">
- <Scanners>
<Scanner id="G Data" name="Trojan.Sirefef.BV (Engine A)" />
<Scanner id="Ikarus" name="Trojan.Sirefef!IK" />
</Scanners>
<File path="c:\windows\system32\ms_mpu401.dll" hash="EEAEB1506D805271B5147CE911DF9C264D63E4D229DE4464EF879A83FB225A40" />
</Item>
</Quarantine>

Chris4You 14.02.2012 21:45
Hi,

unter anderem ein Backdoor, da solltest Du Dir das Neuaufsetzen nochmal überlegen...

Was sagt der Killer/Mbrcheck...

chris

luk70 14.02.2012 21:55
der report ist zu gross um ihn zu posten, aber ich hab angst, dass der wieder weg ist, wenn ich close drück, speichert der sich irgendwo ab?

Chris4You 14.02.2012 22:02
Hi,

abkopieren, notepad starten und dann reinkopieren, speichern/packen und posten
(der vom Killer?)

chris

luk70 14.02.2012 22:03
aber als Fazit meint Killer das da:



21:49:14.0656 3968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:49:14.0656 3968 ViaIde - ok
21:49:14.0671 3968 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:49:14.0687 3968 VolSnap - ok
21:49:14.0734 3968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:49:14.0734 3968 Wanarp - ok
21:49:14.0796 3968 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:49:14.0796 3968 Wdf01000 - ok
21:49:14.0796 3968 WDICA - ok
21:49:14.0843 3968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:49:14.0859 3968 wdmaud - ok
21:49:14.0890 3968 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:49:14.0906 3968 WpdUsb - ok
21:49:14.0906 3968 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:49:14.0921 3968 WS2IFSL - ok
21:49:14.0953 3968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:49:14.0953 3968 WSTCODEC - ok
21:49:15.0062 3968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:49:15.0062 3968 WudfPf - ok
21:49:15.0125 3968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:49:15.0125 3968 WudfRd - ok
21:49:15.0156 3968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:49:15.0343 3968 \Device\Harddisk0\DR0 - ok
21:49:15.0343 3968 Boot (0x1200) (5d05f5ce6d0bef8c9ffd5317226b9f29) \Device\Harddisk0\DR0\Partition0
21:49:15.0343 3968 \Device\Harddisk0\DR0\Partition0 - ok
21:49:15.0343 3968 ============================================================
21:49:15.0343 3968 Scan finished
21:49:15.0343 3968 ============================================================
21:49:15.0343 2652 Detected object count: 0
21:49:15.0343 2652 Actual detected object count: 0

luk70 14.02.2012 22:08
ich kann die rar datei nicht hochladen

Killer-Report.rar:
Ungültige Datei

Chris4You 14.02.2012 22:10
Hi,

zip sollte gehen...
ich traue dem Frieden noch nicht, da war zuviel drauf...
Hast Du noch seltsame Effekte, Umleitungen etc.?

chris

luk70 14.02.2012 22:19
zip hab ich nicht, muss ich erst noch intallieren

nein, hab keine Meldungen mehr.


Was ist, es fehlen div. Programme im Startmenü. Zuerst dachte ich, ich hätte sie verloren, aber über den Explorer finde ich die Anwendungen, und kann sie auch ausführen.

Chris4You 14.02.2012 22:27
Hi,

ok, die links kannst du ja wieder herstellen...

chris

luk70 14.02.2012 22:32
so, ich hoffe der Report ist dran

luk70 14.02.2012 22:34
Du hast eben empfohlen, den Compi neu aufzusetzen.
Gehe ich ein Risiko ein, wenn ich vorher meine Dokumente auf die externe Festplatte speichere, dass ich da was mitschlepp?

Chris4You 14.02.2012 22:35
Hi,

wenn Du nur Daten sicherst, ist das Risiko gering. Vor dem Einspielen einfach ein paar Scanner drüberjagen...

Log schaue ich mir gleich an und mach dann für heute schluß...

Log ist okay...

chris

luk70 14.02.2012 22:37
ich auch, mir raucht der Kopf ;-)

Vielen herzlichen Dank aber schon mal für Deine Hilfe.
Wie zeigt man sich hier erkenntlich?

Grüsse luk


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131