Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Wahrscheinlich die Trojaner Zeus oder Spyeye

Wahrscheinlich die Trojaner Zeus oder Spyeye


Log-Analyse und Auswertung: Wahrscheinlich die Trojaner Zeus oder Spyeye

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.06.2011, 15:02   #1
panther4861
 
Wahrscheinlich die Trojaner Zeus oder Spyeye - Standard

Wahrscheinlich die Trojaner Zeus oder Spyeye


Durch meine Bank bin ich darüber informiert worde, dass bei dem Erscheinen eines gewissen Bildes "... die Einstellungen ihres Computers werden gerade überprüft" auf meinem Computer wahrscheinlich Trojaner sind. Nun suche ich Möglichkeiten, wie ich meinen Rechner wieder clean bekommen kann. Danke für die Unterstützung!

Alt 07.06.2011, 15:07   #2
markusg
/// Malware-holic
 
Wahrscheinlich die Trojaner Zeus oder Spyeye - Standard

Wahrscheinlich die Trojaner Zeus oder Spyeye


hiho
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________
Alt 07.06.2011, 15:49   #3
panther4861
 
Wahrscheinlich die Trojaner Zeus oder Spyeye - Standard

Wahrscheinlich die Trojaner Zeus oder Spyeye


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.06.2011 16:45:13 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Dokumente und Einstellungen\schloegler\Eigene Dateien
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
759,43 Mb Total Physical Memory | 324,29 Mb Available Physical Memory | 42,70% Memory free
1,81 Gb Paging File | 1,46 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 23,45 Gb Free Space | 62,94% Space Free | Partition Type: NTFS
Drive D: | 7,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive P: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive S: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive U: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
 
Computer Name: RCK-17368 | User Name: schloegler | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
PRC - [2009.09.08 04:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.05.17 15:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2002.03.12 12:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004.06.15 23:03:32 | 000,417,792 | ---- | M] (Novell, Inc) -- C:\Programme\Novell\ZENworks\NalShell.dll
MOD - [2004.06.15 23:02:52 | 000,995,840 | ---- | M] () -- C:\Programme\Novell\ZENworks\nls\english\NalUIRes.dll
 
 
========== Win32 Services (SafeList) ==========
 
 
========== Driver Services (SafeList) ==========
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Rueckertschule Infos - www.rueckertschule.de
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rueckertschule Infos - www.rueckertschule.de
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 1B C9 D7 25 15 CC 01  [binary data]
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.142.1.254:3128
 
 
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 2
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = 
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.16 16:39:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.07 16:19:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.07 16:35:42 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Desktop\cexfubx6.exe
[2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
[2011.06.07 16:11:31 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2011.06.07 08:05:25 | 000,473,884 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.06.07 08:05:25 | 000,446,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.07 08:05:25 | 000,088,074 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.06.07 08:05:25 | 000,071,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.07 08:01:37 | 000,024,480 | RHS- | M] () -- C:\Dokumente und Einstellungen\schloegler\ntuser.pol
[2011.06.07 08:01:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.07 08:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.12 15:12:56 | 000,050,755 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.07 16:35:41 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Desktop\cexfubx6.exe
[2011.06.07 15:53:57 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2011.05.13 10:34:37 | 000,050,755 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png
[2011.02.18 13:25:58 | 000,129,891 | ---- | C] () -- C:\WINDOWS\hphins28.dat
[2011.02.18 13:25:58 | 000,000,939 | ---- | C] () -- C:\WINDOWS\hphmdl28.dat
[2011.02.17 15:42:27 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.17 14:43:51 | 000,016,040 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2011.02.17 14:43:01 | 000,462,892 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2011.02.17 14:43:01 | 000,084,592 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2011.02.17 13:39:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.17 11:07:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011.02.17 11:06:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2011.02.16 16:42:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.16 16:36:33 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.02.16 16:15:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.16 16:13:51 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.16 09:57:06 | 000,090,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncrecognizer.sys
[2009.12.16 09:57:06 | 000,080,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncfilter.sys
[2009.12.16 09:57:06 | 000,014,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncuncfilter.sys
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.08.27 12:23:52 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2008.08.13 11:10:20 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,473,884 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 14:00:00 | 000,446,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008.04.14 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008.04.14 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008.04.14 14:00:00 | 000,088,074 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 14:00:00 | 000,071,638 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.02.12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006.03.27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.12.18 11:29:12 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2003.03.12 14:39:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000.01.20 10:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999.08.07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[1999.07.22 20:07:38 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[1999.06.30 05:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[1999.01.11 05:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996.05.14 10:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995.08.22 09:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< OTL logfile created on: 07.06.2011 16:20:59 - Run 1 >
 
< OTL by OldTimer - Version 3.2.23.0     Folder = C:\Dokumente und Einstellungen\schloegler\Eigene Dateien >
 
< Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.6001.18702) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 759,43 Mb Total Physical Memory | 296,66 Mb Available Physical Memory | 39,06% Memory free >
 
< 1,81 Gb Paging File | 1,44 Gb Available in Paging File | 79,19% Paging File free >
 
< Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme >
 
< Drive C: | 37,26 Gb Total Space | 23,45 Gb Free Space | 62,95% Space Free | Partition Type: NTFS >
 
< Drive D: | 7,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF >
 
< Drive G: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
< Drive P: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
< Drive S: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
< Drive U: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
<   >
 
< Computer Name: RCK-17368 | User Name: schloegler | NOT logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user | Quick Scan >
 
< Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< PRC - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< PRC - [2011.06.07 16:16:39 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MCWVFYSY\Defogger[1].exe >
 
< PRC - [2009.09.08 04:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe >
 
< PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe >
 
< PRC - [2004.05.17 15:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe >
 
< PRC - [2003.07.30 10:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMTray.exe >
 
< PRC - [2002.03.12 12:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe >
 
<   >
 
<   >
 
< ========== Modules (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< MOD - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll >
 
<   >
 
<   >
 
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Rueckertschule Infos - www.rueckertschule.de >
Invalid Switch: Rueckertschule Infos - www.rueckertschule.de

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rueckertschule Infos - www.rueckertschule.de >
Invalid Switch: Rueckertschule Infos - www.rueckertschule.de

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN >
Invalid Switch: ?ocid=iehp

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 1B C9 D7 25 15 CC 01  [binary data] >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.142.1.254:3128 >
 
<   >
 
<   >
 
<   >
 
< O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1       localhost >
 
< O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) >
 
< O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) >
 
< O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) >
 
< O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.) >
 
< O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.) >
 
< O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) >
 
< O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.) >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 2 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =  >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1 >
 
< O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.) >
 
< O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) >
Invalid Switch: swflash.cab (Shockwave Flash Object)

 
< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)

 
< O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) >
Invalid Switch: xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

 
< O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.) >
 
< O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.) >
 
< O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home >
 
< O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp >
 
< O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp >
 
< O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc) >
 
< O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.) >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2011.02.16 16:39:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] >
 
< O34 - HKLM BootExecute: (autocheck autochk *) -  File not found >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
<   >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]

 
<   >
 
< [2011.06.07 16:19:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll >
 
< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
 
< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
 
<   >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]

 
<   >
 
< [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< [2011.06.07 16:11:31 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache >
 
< [2011.06.07 08:05:25 | 000,473,884 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat >
 
< [2011.06.07 08:05:25 | 000,446,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat >
 
< [2011.06.07 08:05:25 | 000,088,074 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat >
 
< [2011.06.07 08:05:25 | 000,071,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat >
 
< [2011.06.07 08:01:37 | 000,024,480 | RHS- | M] () -- C:\Dokumente und Einstellungen\schloegler\ntuser.pol >
 
< [2011.06.07 08:01:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl >
 
< [2011.06.07 08:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat >
 
< [2011.05.12 15:12:56 | 000,050,755 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png >
 
< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
 
< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
 
<   >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]

 
<   >
 
< [2011.06.07 15:53:57 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache >
 
< [2011.05.13 10:34:37 | 000,050,755 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png >
 
< [2011.02.18 13:25:58 | 000,129,891 | ---- | C] () -- C:\WINDOWS\hphins28.dat >
 
< [2011.02.18 13:25:58 | 000,000,939 | ---- | C] () -- C:\WINDOWS\hphmdl28.dat >
 
< [2011.02.17 15:42:27 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2011.02.17 14:43:51 | 000,016,040 | ---- | C] () -- C:\WINDOWS\cfgall.ini >
 
< [2011.02.17 14:43:01 | 000,462,892 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat >
 
< [2011.02.17 14:43:01 | 000,084,592 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat >
 
< [2011.02.17 13:39:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI >
 
< [2011.02.17 11:07:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll >
 
< [2011.02.17 11:06:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll >
 
< [2011.02.16 16:42:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat >
 
< [2011.02.16 16:36:33 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat >
 
< [2011.02.16 16:15:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI >
 
< [2011.02.16 16:13:51 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT >
 
< [2009.12.16 09:57:06 | 000,090,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncrecognizer.sys >
 
< [2009.12.16 09:57:06 | 000,080,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncfilter.sys >
 
< [2009.12.16 09:57:06 | 000,014,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncuncfilter.sys >
 
< [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll >
 
< [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll >
 
< [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll >
 
< [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll >
 
< [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll >
 
< [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll >
 
< [2008.08.27 12:23:52 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll >
 
< [2008.08.13 11:10:20 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll >
 
< [2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin >
 
< [2008.04.14 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll >
 
< [2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat >
 
< [2008.04.14 14:00:00 | 000,473,884 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat >
 
< [2008.04.14 14:00:00 | 000,446,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat >
 
< [2008.04.14 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll >
 
< [2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat >
 
< [2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat >
 
< [2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat >
 
< [2008.04.14 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll >
 
< [2008.04.14 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll >
 
< [2008.04.14 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll >
 
< [2008.04.14 14:00:00 | 000,088,074 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat >
 
< [2008.04.14 14:00:00 | 000,071,638 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat >
 
< [2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin >
 
< [2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat >
 
< [2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat >
 
< [2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat >
 
< [2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat >
 
< [2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin >
 
< [2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat >
 
< [2007.02.12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll >
 
< [2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe >
 
< [2006.03.27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll >
 
< [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll >
 
< [2003.12.18 11:29:12 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe >
 
< [2003.03.12 14:39:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL >
 
< [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI >
 
< [2000.01.20 10:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll >
 
< [1999.08.07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL >
 
< [1999.07.22 20:07:38 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe >
 
< [1999.06.30 05:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll >
 
< [1999.01.11 05:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini >
 
< [1996.05.14 10:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll >
 
< [1995.08.22 09:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll >
 
<   >
 
< ========== LOP Check ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Purity Check ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
<  >
 
< < End of report >

--- --- ---
>

< End of report >OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.06.2011 16:45:13 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Dokumente und Einstellungen\schloegler\Eigene Dateien
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
759,43 Mb Total Physical Memory | 324,29 Mb Available Physical Memory | 42,70% Memory free
1,81 Gb Paging File | 1,46 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 23,45 Gb Free Space | 62,94% Space Free | Partition Type: NTFS
Drive D: | 7,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive P: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive S: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive U: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
 
Computer Name: RCK-17368 | User Name: schloegler | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"30854:TCP" = 30854:TCP:*:Enabled:Trend Micro OfficeScan Listener
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E37765E-45AE-4830-A12C-E5DADD758472}" = HP Photosmart D5400 Printer Driver 12.0 Rel .3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5E122A0-09A8-4B9D-A010-9B20F5348C09}" = ZENworks Desktop Management Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E192A201-E9B4-406A-82D5-7886F3BB63D5}" = PS_SF_03_D5400_Software_Min
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom NetXtreme Ethernet Controller
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Novell Client for Windows" = Novell Client für Windows
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
--- --- ---
__________________
Alt 07.06.2011, 15:56   #4
markusg
/// Malware-holic
 
Wahrscheinlich die Trojaner Zeus oder Spyeye - Standard

Wahrscheinlich die Trojaner Zeus oder Spyeye


bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.06.2011, 16:19   #5
panther4861
 
Wahrscheinlich die Trojaner Zeus oder Spyeye - Standard

Wahrscheinlich die Trojaner Zeus oder Spyeye


Danke für Dein Bemühen, aber leider lässt sich das Programm nicht auf meinem Rechner installieren.


Alt 07.06.2011, 17:11   #6
markusg
/// Malware-holic
 
Wahrscheinlich die Trojaner Zeus oder Spyeye - Standard

Wahrscheinlich die Trojaner Zeus oder Spyeye


was heißt das? gib mir fehlermeldungen, mit "lässt sich nicht instalieren" kann man nichts anfangen.
__________________
--> Wahrscheinlich die Trojaner Zeus oder Spyeye

Antwort

Themen zu Wahrscheinlich die Trojaner Zeus oder Spyeye
clean, compu, computers, einstellungen, erscheine, erscheinen, formiert, gen, gewisse, gewissen, möglichkeiten, rechner, spyeye, suche, troja, trojaner, trojaner zeus, unterstützung, wahrscheinlich, überprüft


« bka trojaner | Cycbot.B - mich hats auch erwischt »


Ähnliche Themen: Wahrscheinlich die Trojaner Zeus oder Spyeye


  1. Trojaner oder anderer Virus wahrscheinlich durch download
    Plagegeister aller Art und deren Bekämpfung - 02.01.2015 (17)
  2. Wahrscheinlich Trojaner oder Virus durch JAVA Update
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (15)
  3. Trojaner: Trojan.Spyeye!conf
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (5)
  4. 100 Tan Trojaner (Spyeye)
    Log-Analyse und Auswertung - 06.11.2011 (26)
  5. "BKA" Virus oder Spyeye? Gibt es eine lösung?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2011 (1)
  6. Online Banking Tan Abfrage Trojaner evtl Spyeye
    Log-Analyse und Auswertung - 12.08.2011 (2)
  7. Trojanerbefall bei Win 7 wahrscheinlich SpyEye
    Log-Analyse und Auswertung - 10.08.2011 (12)
  8. Spyeye Trojaner legt Onlinebanking lahm
    Plagegeister aller Art und deren Bekämpfung - 22.07.2011 (3)
  9. Rechner vermutlich mit SPYEYE oder ZEUS 2 befallen
    Log-Analyse und Auswertung - 06.07.2011 (16)
  10. SpyEye Trojaner -timer2Tray- mit Ausführlichem Bericht
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (6)
  11. Trojaner spyeye
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (1)
  12. Spyeye Trojaner hat laut Bank meinen PC infiziert
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (18)
  13. wahrscheinlich spyeye!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2011 (19)
  14. Trojaner SpyEye und Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (11)
  15. ZeuS und SpyEye verkaufen Toolkit zum selberbasteln ab $ 300
    Nachrichten - 24.01.2011 (0)
  16. TR/Spyeye.H.2, DR/Ransom.Losya.I.5, TR/Spy.Spyeye.F und JAVA/OpenConnect.CF
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (13)
  17. Trojaner SPYEYE.H
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Wahrscheinlich die Trojaner Zeus oder Spyeye - Durch meine Bank bin ich darüber informiert worde, dass bei dem Erscheinen eines gewissen Bildes "... die Einstellungen ihres Computers werden gerade überprüft" auf meinem Computer wahrscheinlich Trojaner sind. Nun - Wahrscheinlich die Trojaner Zeus oder Spyeye...
Archiv
Du betrachtest: Wahrscheinlich die Trojaner Zeus oder Spyeye auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55