| |
| |||||||
Log-Analyse und Auswertung: verdacht auf virenbefall bitte um unterstützungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.06.2012, 16:52
| #1 |
| |  verdacht auf virenbefall bitte um unterstützung hallo leute ich wollte wissen ob so weit alles in ordnung ist.OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/2/2012 7:53:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,015.00 Mb Total Physical Memory | 810.00 Mb Available Physical Memory | 80.00% Memory free
903.00 Mb Paging File | 844.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.83 Gb Total Space | 193.98 Gb Free Space | 83.32% Space Free | Partition Type: NTFS
Drive D: | 3.61 Gb Total Space | 3.60 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SPAMfighter Update Service) -- C:\Programme\Fighters\SPAMfighter\sfus.exe (SPAMfighter ApS)
SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (GMSIPCI) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (NETFWDSL) -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS (AVM Berlin)
DRV - (NETDSL) -- C:\WINDOWS\system32\drivers\netdsl.sys (Microsoft Corporation)
DRV - (PAC7311) -- C:\WINDOWS\system32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\MUSTER_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\MUSTER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\MUSTER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:32891
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/"
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?mkt=de-DE&FORM=MICGEP&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\MUSTER\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\MUSTER\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\MUSTER\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/11/23 12:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/04/11 03:37:22 | 000,000,000 | ---D | M]
[2011/11/23 12:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\mozilla\Extensions
[2011/12/12 06:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\mozilla\Firefox\Profiles\pl2vth74.default\extensions
[2011/12/12 06:48:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\mozilla\Firefox\Profiles\pl2vth74.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/17 13:23:39 | 000,001,836 | ---- | M] () -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Mozilla\Firefox\Profiles\pl2vth74.default\searchplugins\live-search.xml
[2011/11/23 12:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2011/11/21 00:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/11/20 21:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/20 21:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/20 21:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/20 21:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/20 21:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/05/30 09:40:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\MUSTER_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\MUSTER_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Programme\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCMService] C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()
O4 - HKLM..\Run: [sfagent] C:\Programme\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKLM..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc.)
O4 - HKU\MUSTER_ON_C..\Run: [Facebook Update] C:\Dokumente und Einstellungen\MUSTER\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\MUSTER_ON_C..\Run: [Power2GoExpress] C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\MUSTER_ON_C..\Run: [ZipGenieTray] C:\Programme\DATA BECKER\ZipGenie\ZTray.exe ()
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DasTelefonbuch Browserlösung.lnk = C:\Dokumente und Einstellungen\Armin\Desktop\EDV\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MioSync.lnk = C:\Dokumente und Einstellungen\MUSTER\Desktop\EDV\MioSync\Navigationsordner\MioSync\mioSync.exe (Mio Technology)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Armin\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\Armin\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\MUSTER_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\MUSTER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\MUSTER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\MUSTER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186483601937 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/07 06:37:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/30 13:54:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MUSTER\Desktop\OTL.exe
[2012/05/30 13:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/30 13:47:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\MUSTER\Recent
[2012/05/30 13:17:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\Cookies
[2012/05/30 10:56:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/30 09:08:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/30 09:04:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/30 09:04:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/30 09:04:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/30 09:04:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/30 09:04:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/30 09:04:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/30 08:09:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2012/05/30 07:53:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2012/05/30 07:49:04 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2012/05/30 07:49:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2012/05/30 05:44:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Malwarebytes
[2012/05/30 05:44:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012/05/29 09:52:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/05/29 06:49:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\IETldCache
[2012/05/27 20:46:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Ukags
[2012/05/27 20:46:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Igsig
[2012/05/27 20:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Iqybop
[2012/05/27 20:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Ekque
[2012/05/11 04:12:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Fighters
[2012/05/11 04:12:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Common Toolkit Suite
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/30 14:04:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/30 14:04:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/30 14:04:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/30 14:03:05 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1637723038-839522115-1005UA.job
[2012/05/30 13:52:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MUSTER\Desktop\OTL.exe
[2012/05/30 13:34:29 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-789336058-1637723038-839522115-1005UA.job
[2012/05/30 13:17:42 | 000,000,628 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2012/05/30 13:16:07 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/30 09:40:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/30 09:08:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/30 09:03:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1637723038-839522115-1005Core.job
[2012/05/30 08:03:37 | 000,004,022 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2012/05/30 07:30:03 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-789336058-1637723038-839522115-1005Core.job
[2012/05/30 06:26:32 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81583A31-3C94-461E-9945-7A307CAEE04F}.job
[2012/05/30 06:14:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/27 20:08:10 | 000,000,208 | ---- | M] () -- C:\Dokumente und Einstellungen\MUSTER\Desktop\Google.url
[2012/05/26 04:11:24 | 000,000,029 | ---- | M] () -- C:\WINDOWS\standard.sta
[2012/05/25 20:23:10 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/05/24 15:27:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/11 08:27:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/11 07:25:15 | 000,420,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 05:55:27 | 000,453,132 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/11 05:55:27 | 000,436,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/11 05:55:27 | 000,081,634 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/11 05:55:27 | 000,068,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 04:12:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Fighters
[2012/05/08 04:08:52 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/08 04:08:52 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/30 09:08:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/30 09:08:47 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012/05/30 09:04:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/30 09:04:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/30 09:04:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/30 09:04:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/30 09:04:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/30 08:09:13 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/30 07:55:35 | 000,004,022 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2012/05/30 07:53:46 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/30 07:53:46 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/15 17:23:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/11/12 17:20:43 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Perscopy.INI
[2009/05/11 09:59:40 | 000,000,173 | ---- | C] () -- C:\WINDOWS\user_bmvg5.ini
[2009/05/11 08:41:48 | 000,000,665 | ---- | C] () -- C:\WINDOWS\system32co0100.dat
[2009/05/11 08:38:27 | 000,619,520 | ---- | C] () -- C:\WINDOWS\System32\codtp.dll
[2009/05/11 08:38:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\codib.dll
[2009/05/11 08:38:27 | 000,082,736 | ---- | C] () -- C:\WINDOWS\System32\co_pack.exe
[2009/05/11 08:38:27 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\cofaw.dll
[2009/05/11 08:38:27 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\cocdd.dll
[2009/05/11 08:38:27 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2009/05/11 08:38:27 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\cocsup.dll
[2009/05/11 08:38:27 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\cobsup.dll
[2009/05/11 08:38:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\coclean.exe
[2008/02/06 07:13:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/19 14:39:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/08/12 10:41:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2007/08/11 11:55:49 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2007/08/11 11:55:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2007/08/11 10:52:04 | 000,000,071 | ---- | C] () -- C:\Dokumente und Einstellungen\MUSTER\default.pls
[2007/08/11 10:22:26 | 000,000,055 | ---- | C] () -- C:\WINDOWS\TC.INI
[2007/08/11 09:41:46 | 000,002,429 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2007/08/11 09:41:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/08/11 09:41:08 | 000,000,165 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2007/08/11 09:41:06 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2007/08/11 09:41:06 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2007/08/11 09:22:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2007/08/11 09:21:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/08/11 09:20:11 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/08/11 09:20:11 | 000,000,406 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2007/08/10 18:07:39 | 000,048,640 | ---- | C] () -- C:\Dokumente und Einstellungen\MUSTER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/10 17:41:02 | 000,000,628 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/08/09 07:54:08 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007/08/09 07:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/09 07:07:42 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/08 13:22:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/07 07:29:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/07 07:28:03 | 000,420,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/07 06:44:50 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/07 06:44:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/08/07 06:43:17 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/08/07 06:41:37 | 000,004,706 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/08/07 06:41:36 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/07 06:39:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/07 06:35:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,453,132 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/02/28 08:00:00 | 000,436,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,081,634 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/02/28 08:00:00 | 000,068,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/06/06 12:49:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/11/17 11:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
========== LOP Check ==========
[2012/05/11 04:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Fighters
[2012/05/29 05:46:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Ekque
[2007/08/20 07:25:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\EPSON
[2012/05/11 04:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Fighters
[2012/05/30 14:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\FRITZ!
[2012/05/28 17:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Igsig
[2007/08/10 18:11:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\InterTrust
[2012/05/30 07:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Iqybop
[2008/04/28 07:01:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Leadertech
[2007/08/13 08:49:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\MSNInstaller
[2010/09/18 11:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\OpenOffice.org
[2007/08/11 10:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\TVG
[2012/05/29 10:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MUSTER\Anwendungsdaten\Ukags
[2012/05/11 04:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2010/03/05 14:31:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
[2012/05/30 07:30:03 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-1637723038-839522115-1005Core.job
[2012/05/30 13:34:29 | 000,001,018 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-1637723038-839522115-1005UA.job
[2012/05/30 06:26:32 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{81583A31-3C94-461E-9945-7A307CAEE04F}.job
========== Purity Check ==========
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 6/2/2012 7:53:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,015.00 Mb Total Physical Memory | 810.00 Mb Available Physical Memory | 80.00% Memory free
903.00 Mb Paging File | 844.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.83 Gb Total Space | 193.98 Gb Free Space | 83.32% Space Free | Partition Type: NTFS
Drive D: | 3.61 Gb Total Space | 3.60 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Dokumente und Einstellungen\MUSTER\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\MUSTER\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{2003F533-7639-4436-8404-CB3DE67F1FFA}" = Mio Transfer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 3.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 3.0
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58D3535B-9556-4DD4-8395-4F203600781C}" = 45.000 Cliparts
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{79FA7C3A-23E9-415B-9D5F-465DBCA59247}" = ADAC RoutenPlaner 2006/2007
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9433E116-D1BF-47FB-BE2C-405322D1BD38}" = SPAMfighter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"{E78FC917-C21B-11D2-99FE-00105A98B681}" = Microsoft Picture It! 2000
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F87DA817-8D53-42CC-AA45-93A100341031}" = Nero 7 Essentials
"7 Wonders II" = 7 Wonders II
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"ComandoDeinstKey" = Commando
"DasTelefonbuch. München 2008" = DasTelefonbuch. München 2008
"DasTelefonbuch. München 2009" = DasTelefonbuch. München 2009
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9FD335C5-0272-4F21-9CDD-08D061650280}" = ACSI Campingführer Deutschland 2008
"InstallShield_{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moorhuhn - Juwel der Finsternis Special" = Moorhuhn - Juwel der Finsternis Special
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SPAMfighter" = SPAMfighter
"Tropical Fish 3D Screensaver_is1" = Tropical Fish 3D Screensaver 1.1
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\MUSTER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
< End of report >
Geändert von dvrn.drmz (03.06.2012 um 17:00 Uhr) |
|
05.06.2012, 16:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | verdacht auf virenbefall bitte um unterstützung Unzureichende Problembeschreibung! Nur ein Verdacht ist mir da zu wenig und genauso unklar ist es warum du gleich mit OTLPE Logs erstellst!
__________________
__________________ |
|
05.06.2012, 19:38
| #3 |
| | verdacht auf virenbefall bitte um unterstützung hallo cosinus
__________________danke erstmal für deine zeit. was das otl log angeht^^ ich dachte das waer hier gang und gebe. gruß dvrn |
|
05.06.2012, 20:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht auf virenbefall bitte um unterstützung OTL ja aber nicht OTLPE bzw OTLPE nur dann wenn Windows nicht mehr normal bootet! Und selbst wenn OTL normal, nur das Log ist keine Problembeschreibung und einfach nur, dass du einen Verdacht ebenfalls nicht
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.06.2012, 20:50
| #5 |
| | verdacht auf virenbefall bitte um unterstützung man lernt nie aus^^ aber jetzt kenne ich die richtige vorgehensweise. waere es vieleicht hilfreich wen ich anhand von OTL ein neues log file erstellen würde oder was würdest du jetzt in meinem fall vorschlagen ? gruß dvrn |
|
06.06.2012, 16:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht auf virenbefall bitte um unterstützung Erstmal will ich eine Beschreibung, warum vermuetest du Virenbefall? Du wachst doch nicht eines morgens auf und hast einen Verdacht?  Nein, irgendein Symptom/Problem hat dich auf diesen Verdacht gebracht und das will ich beschrieben sehen
__________________ --> verdacht auf virenbefall bitte um unterstützung |
|
| Themen zu verdacht auf virenbefall bitte um unterstützung |
| .dll, administrator, adobe, audacity, avira, becker, bho, bingbar, desktop, downloader, dsl, einstellungen, error, explorer, firefox, format, helper, kaspersky, limited.com/facebook, logfile, msvcrt, nodrives, object, opera, photoshop, realtek, registry, scan, software, windows, windows internet, windows xp |
Linear-Darstellung
