|
Plagegeister aller Art und deren Bekämpfung: BKA 1.03 auf XP ProWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.03.2012, 02:58 | #1 |
| BKA 1.03 auf XP Pro Hallo Trojaner-Board Team, ich habe mir gestern Abend vermutlich einen BKA 1.03 Virus eingefangen. Im abgesicherten Modus konnte ich OTL starten. Hier die Logs: |
10.03.2012, 02:59 | #2 |
| BKA 1.03 auf XP Pro OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 10.03.2012 02:55:01 - Run 2 OTL by OldTimer - Version 3.2.36.2 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 90,83% Memory free 5,09 Gb Paging File | 5,01 Gb Available in Paging File | 98,30% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 172,77 Gb Total Space | 50,64 Gb Free Space | 29,31% Space Free | Partition Type: NTFS Drive G: | 7,47 Gb Total Space | 2,10 Gb Free Space | 28,11% Space Free | Partition Type: FAT32 Drive I: | 97,66 Gb Total Space | 65,20 Gb Free Space | 66,76% Space Free | Partition Type: NTFS Drive J: | 97,66 Gb Total Space | 2,75 Gb Free Space | 2,81% Space Free | Partition Type: NTFS Drive K: | 97,66 Gb Total Space | 59,43 Gb Free Space | 60,86% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- Reg Error: Key error. https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.) Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin) "C:\Programme\LeechFTP\Leechftp.exe" = C:\Programme\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- (jan debis) "C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks) "C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios) "C:\Dokumente und Einstellungen\Benutzername\Eigene Dateien\Warcraft III\Warcraft III.exe" = C:\Dokumente und Einstellungen\Benutzername\Eigene Dateien\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment) "C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.) "C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP95 LE -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home "{431AACB6-5773-46DF-89D2-256CC6039E31}" = lqpl Invoice 2010 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45BB7607-083D-4759-873E-41EC0461F8E5}" = MSI Utlility Software Version II 32 bit "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65C043EC-BEB5-4791-8EB3-EF9EDBEDA7DB}" = QuickSteuer Wissens-Center 2009 "{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7242785F-6E89-48C1-A29B-E589FCE30CD4}" = ACDSee 7.0 PowerPack "{729E66B3-1B80-4A3F-8D19-342A89631E0A}_is1" = Wav to Mp3 Converter "{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1 "{7A2F7270-5ECF-4A51-A309-1BCE25B47AF4}" = Helldorado "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006 "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0 "{90120000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime (German) 2007 "{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5FF2837-59C6-425B-8652-8CD385899F3F}" = uMark Professional 1.3 "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update "{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update "{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update "{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update "{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update "{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser "{F7CB56B9-1059-4729-8F2C-5D49E515CBF5}" = Brother MFL-Pro Suite "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Vollversion) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "Audiograbber" = Audiograbber 1.83 SE "avast" = avast! Free Antivirus "AVMFBox" = FRITZ!Box "CCleaner" = CCleaner "CSS-Editor_is1" = CSS-Editor "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DVD Shrink_is1" = DVD Shrink 3.2 "ESET Online Scanner" = ESET Online Scanner v3 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "Google Updater" = Google Updater "Hardcopy(C__Programme_Hardcopy)" = Hardcopy (C:\Programme\Hardcopy) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full) "LeechFTP" = LeechFTP "MailStore Home_universal1" = MailStore Home 5.0.0.6684 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Nvu_is1" = Nvu 1.0 "OpenAL" = OpenAL "Patrizier II Gold_is1" = Patrizier II Gold "Port Royale 2" = Port Royale 2 "Rainlendar2" = Rainlendar2 (remove only) "Sacred_is1" = Sacred "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SpeedFan" = SpeedFan (remove only) "SpellForce" = SpellForce "The KMPlayer" = The KMPlayer (remove only) "TVUPlayer" = TVUPlayer 2.5.2.2 "Uninstall_is1" = Uninstall 1.0.0.1 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "XnView_is1" = XnView 1.95.4 "xp-AntiSpy" = xp-AntiSpy 3.96-5 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Xvid_is1" = Xvid 1.1.2 final uninstall ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10.12.2011 09:40:57 | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung gimp-2.6.exe, Version 0.0.0.0, fehlgeschlagenes Modul gimp-2.6.exe, Version 0.0.0.0, Fehleradresse 0x00081437. Error - 01.03.2012 10:21:56 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb982865, P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 0. Error - 01.03.2012 10:24:13 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983582, P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 0. Error - 01.03.2012 10:24:29 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2416468, P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 0. Error - 01.03.2012 10:24:34 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2418240, P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 0. Error - 01.03.2012 10:27:16 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2478656, P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 0. Error - 01.03.2012 10:29:17 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000 Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2530095, P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 0. Error - 01.03.2012 10:36:53 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory Error - 01.03.2012 10:36:53 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 1.1 - Update "{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\DOKUME~1\BENUTZ~1\LOKALE~1\Temp\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log enthalten. Error - 01.03.2012 10:36:53 | Computer Name = COMPUTER | Source = NativeWrapper | ID = 5000 Description = [ OSession Events ] Error - 06.11.2011 10:43:54 | Computer Name = COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = [ System Events ] Error - 09.03.2012 20:33:05 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 09.03.2012 20:33:05 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL Error - 09.03.2012 20:34:00 | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 09.03.2012 20:38:38 | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 09.03.2012 20:38:57 | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 09.03.2012 20:39:32 | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 09.03.2012 21:35:38 | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 09.03.2012 21:36:36 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Aavmker4 aswSnx aswSP aswTdi ElbyCDIO Fips Processor SASDIFSV SASKUTIL Error - 09.03.2012 21:54:00 | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 09.03.2012 21:55:17 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Aavmker4 aswSnx aswSP aswTdi ElbyCDIO Fips Processor SASDIFSV SASKUTIL < End of report > |
10.03.2012, 02:59 | #3 |
| BKA 1.03 auf XP Pro OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 10.03.2012 02:55:01 - Run 2 OTL by OldTimer - Version 3.2.36.2 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 90,83% Memory free 5,09 Gb Paging File | 5,01 Gb Available in Paging File | 98,30% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 172,77 Gb Total Space | 50,64 Gb Free Space | 29,31% Space Free | Partition Type: NTFS Drive G: | 7,47 Gb Total Space | 2,10 Gb Free Space | 28,11% Space Free | Partition Type: FAT32 Drive I: | 97,66 Gb Total Space | 65,20 Gb Free Space | 66,76% Space Free | Partition Type: NTFS Drive J: | 97,66 Gb Total Space | 2,75 Gb Free Space | 2,81% Space Free | Partition Type: NTFS Drive K: | 97,66 Gb Total Space | 59,43 Gb Free Space | 60,86% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\NVIDIA Corporation\nView\nvShell.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (Printer Control) -- C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (w810mdm) -- File not found DRV - (w810mdfl) -- File not found DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- File not found DRV - (TotRec8) -- File not found DRV - (SANDRA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Lavasoft Kernexplorer) -- File not found DRV - (i2omgmt) -- File not found DRV - (cpuz130) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SSHDRV51) -- C:\WINDOWS\system32\drivers\SSHDRV51.sys () DRV - (SSHDRV76) -- C:\WINDOWS\system32\drivers\SSHDRV76.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (PLCND532) -- C:\WINDOWS\system32\drivers\PLCND532.sys (Intellon, Inc.) DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys () DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (UDTT7049A) -- C:\WINDOWS\system32\drivers\UDTT7049A.sys () DRV - (UDTT7049HID) -- C:\WINDOWS\system32\drivers\UDTT7049HID.sys (DTV-DVB) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (a347bus) -- C:\WINDOWS\system32\drivers\a347bus.sys ( ) DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( ) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.) DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5029 [2011.10.01 21:31:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.03.09 07:59:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.18 20:17:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.12 14:54:42 | 000,000,000 | ---D | M] [2012.01.09 12:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.18 20:17:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.02.14 01:02:36 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 01:02:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.14 01:02:36 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 01:02:36 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 01:02:36 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 01:02:36 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.19 01:56:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 773 = C:\DOKUME~1\ALLUSE~1\LOCALS~1\Temp\msdubm.cmd () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\crypt32chain: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\cryptnet: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\cscdll: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\sclgntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\SensLogn: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O20 - Winlogon\Notify\wlballoon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.19 16:59:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.10 02:54:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.03.10 01:40:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.03.10 01:33:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2012.03.10 01:18:52 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.03.09 21:55:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings [2012.03.01 15:36:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe [2012.03.01 15:35:23 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll [2012.03.01 15:34:55 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmm.dll [2012.03.01 15:34:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.dll [2012.03.01 15:15:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.10 02:53:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.10 02:39:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.03.10 02:36:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.03.10 02:35:57 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.10 02:31:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.10 01:22:51 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2012.03.09 12:21:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.03.09 07:59:58 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.03.07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.03.07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.03.07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.03.07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.03.07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.03.07 01:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.03.07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.03.07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.03.05 17:58:26 | 000,002,441 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\uMark Professional.lnk [2012.03.04 14:53:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.02 08:31:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.01 17:00:15 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.01 15:42:30 | 000,462,690 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.01 15:42:30 | 000,444,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.01 15:42:30 | 000,086,032 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.01 15:42:30 | 000,072,550 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.02.22 08:34:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.02.10 17:15:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.02.10 16:54:10 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.01 15:42:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.03.01 15:42:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.02.22 14:50:57 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2011.10.19 01:48:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011.10.19 01:48:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011.10.19 01:48:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011.10.19 01:48:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011.10.19 01:48:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011.08.31 22:18:48 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2011.08.31 22:07:22 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2011.08.31 22:07:14 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2011.08.31 22:07:14 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2011.08.31 21:38:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011.08.27 14:23:03 | 000,723,294 | ---- | C] () -- C:\WINDOWS\unins000.exe [2011.08.27 14:23:03 | 000,028,458 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011.08.12 15:25:24 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.08.12 01:29:37 | 006,908,648 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2011.06.08 10:09:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2011.04.09 13:36:56 | 000,087,296 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.01.10 18:19:00 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.01.10 18:18:59 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.01.10 18:18:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.01.03 22:36:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.12.27 22:37:59 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2010.12.21 22:52:52 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.11.15 14:44:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010.09.22 11:54:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alphablending.dll [2010.08.11 15:41:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.08.11 15:41:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.08.11 15:41:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.08.11 15:41:41 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.07.15 14:00:17 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI [2010.05.28 15:46:38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2010.05.28 15:30:57 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2010.05.28 15:25:55 | 000,000,585 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini [2010.05.28 15:25:55 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2010.05.28 15:25:55 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8440def.dat [2010.05.28 15:25:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2010.05.28 15:23:40 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2010.05.28 14:57:52 | 000,002,162 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini [2010.04.30 16:21:53 | 000,000,621 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.04.09 17:23:49 | 000,004,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe ========== Alternate Data Streams ========== @Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences < End of report > |
11.03.2012, 01:48 | #4 |
| BKA 1.03 auf XP Pro Kann mir keiner weiterhelfen? |
11.03.2012, 20:06 | #5 |
| BKA 1.03 auf XP Pro Hat sich erledigt. Der Fall kann geschlossen werden. |
Themen zu BKA 1.03 auf XP Pro |
abend, abgesicherte, abgesicherten, abgesicherten modus, gestern, konnte, modus, starte, troja, trojaner-board, vermutlich, virus |