| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.06.2012, 19:41
| #1 |
 |  RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Guten Tag! Heute habe ich mir den Bundestrojaner eingefangen, Mist! Nach vielem Suchen habe ich Eure Anleitung gefunden. Habe als erstes AntiVir laufen lassen, indem ich mich mit andrem User am PC anmelden konnte. 8 Funde, gelöscht. Problem bestand weiter Task Manager: Das hat mir nicht geholfen, da mit Rechtsklick keine Adresse beim Bild sichtbar wurde. Auch war der Task Manager imm nur Bruchteile zu sehen, bevor er wieder dahinter verschwand. Dann habe ich Malewarebytes laufen lassen: 2 Infizierte gefunden, sind noch in Quarantäne. Jetzt taucht nur noch die Fehlermeldung mit dem RunDLL auf, weil da jetzt natürlich was fehlt. Wie bekomme ich das weg, aber, viel wichtiger, wie bekomme ich den PC wieder sicher? Ist da noch was drauf? Neu Aufsetzen - habe ich noch nie gemacht; leider. Habe Vista und wenig Ahnung. Normal läuft Free Av als Antivir bei mir - hat aber nicht geholfen. Habe diesen Thread so erstellt, wie es die Anleitung sagt, daher viel OTL.Txt und Extras.TXT DANKE + bin sehr gespannt! Grüße HelmutOTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2012 20:17:47 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Helmut\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,06 Mb Total Physical Memory | 378,67 Mb Available Physical Memory | 39,52% Memory free 2,12 Gb Paging File | 1,25 Gb Available in Paging File | 59,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,04 Gb Total Space | 69,04 Gb Free Space | 46,95% Space Free | Partition Type: NTFS Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.18 20:16:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe PRC - [2012.05.08 17:45:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:45:46 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 17:45:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:45:46 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.09.01 14:39:54 | 000,966,712 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2011.06.16 14:09:48 | 000,135,168 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2011.06.14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.06.08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.03.28 15:39:26 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe PRC - [2007.02.15 11:04:56 | 000,282,624 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe PRC - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2006.11.02 14:34:59 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ========== Modules (No Company Name) ========== MOD - [2011.09.01 14:38:32 | 000,931,896 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll MOD - [2011.09.01 14:37:50 | 010,837,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll MOD - [2011.09.01 14:37:50 | 000,913,920 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll MOD - [2011.09.01 14:37:50 | 000,416,256 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll MOD - [2011.09.01 14:37:50 | 000,196,608 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll MOD - [2011.09.01 14:37:50 | 000,026,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll MOD - [2011.09.01 14:37:48 | 008,166,912 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll MOD - [2011.09.01 14:37:48 | 002,551,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll MOD - [2011.09.01 14:37:48 | 002,282,496 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll MOD - [2011.09.01 14:37:48 | 002,246,656 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll MOD - [2011.09.01 14:37:48 | 001,288,192 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll MOD - [2011.09.01 14:37:48 | 000,676,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll MOD - [2011.09.01 14:37:48 | 000,340,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll MOD - [2011.09.01 14:37:48 | 000,266,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll MOD - [2011.09.01 14:37:48 | 000,190,464 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll MOD - [2011.09.01 14:08:58 | 000,508,416 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll MOD - [2011.09.01 14:08:56 | 000,109,568 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll MOD - [2011.09.01 14:08:18 | 000,378,880 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QxtCore.dll MOD - [2011.09.01 14:08:18 | 000,159,232 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QxtWeb.dll MOD - [2011.09.01 14:08:16 | 000,089,088 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\qjson.dll MOD - [2011.09.01 14:08:14 | 000,392,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\ssoengine.dll MOD - [2011.09.01 14:08:14 | 000,387,976 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll MOD - [2011.09.01 14:08:14 | 000,058,768 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\securestorage.dll MOD - [2011.09.01 14:07:04 | 000,727,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe MOD - [2005.07.20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 17:45:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 17:45:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.02 23:31:09 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 17:45:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 17:45:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.05.09 17:33:00 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.drehscheibe-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.09.08 20:25:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.09.08 20:25:51 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: drehscheibe-online.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: privatbahnforum.de ([www] http in Vertrauenswürdige Sites) O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E45CACCA-FE12-4220-A739-E4ECD74A176F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe () O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 20:16:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.06.18 18:48:48 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes [2012.06.18 18:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.18 18:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.18 18:48:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.18 18:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.18 14:52:54 | 000,000,000 | ---D | C] -- C:\T-Online ========== Files - Modified Within 30 Days ========== [2012.06.18 20:16:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.06.18 20:14:08 | 000,000,000 | ---- | M] () -- C:\Users\Helmut\defogger_reenable [2012.06.18 19:54:06 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 19:54:06 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 19:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 19:53:49 | 1005,244,416 | -HS- | M] () -- C:\hiberfil.sys [2012.06.18 18:48:40 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 18:31:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.06.18 16:06:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\explorer.exe [2012.06.18 15:42:51 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.18 15:42:51 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.18 15:42:51 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.18 15:42:51 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.18 15:30:07 | 000,000,680 | ---- | M] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2012.06.18 13:39:09 | 000,001,722 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ========== Files Created - No Company Name ========== [2012.06.18 20:14:08 | 000,000,000 | ---- | C] () -- C:\Users\Helmut\defogger_reenable [2012.06.18 18:48:40 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 18:28:44 | 1005,244,416 | -HS- | C] () -- C:\hiberfil.sys [2012.06.18 16:04:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\explorer.exe [2012.06.18 13:43:00 | 000,000,680 | ---- | C] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2012.06.18 13:39:09 | 000,001,722 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.18 13:39:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2010.10.01 20:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2009.05.28 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Canon [2008.01.01 20:43:47 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\DataDesign [2009.11.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\gtk-2.0 [2009.07.12 19:50:24 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Lasersoft Imaging [2009.08.25 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\NewSoft [2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia [2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia Ovi Suite [2009.05.28 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Opera [2011.10.15 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Packnet [2011.09.08 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\PC Suite [2009.05.28 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ScanSoft [2008.01.01 19:52:30 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\T-Online [2009.01.11 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Vso [2009.05.11 19:50:41 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Zoner [2012.06.18 19:52:56 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.06.2012 20:17:47 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Helmut\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
958,06 Mb Total Physical Memory | 378,67 Mb Available Physical Memory | 39,52% Memory free
2,12 Gb Paging File | 1,25 Gb Available in Paging File | 59,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,04 Gb Total Space | 69,04 Gb Free Space | 46,95% Space Free | Partition Type: NTFS
Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG, T-Com)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A371F44-792A-439E-9E0B-A391E6CD6A1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{77C13F83-6FF3-47F2-B325-C688DFBDFBC9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8885869C-42A7-410F-BC0D-532C3FEE3383}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{9E941BEA-09B3-4787-82E3-7EA94A29048D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{71A41B21-5852-40F5-98ED-EEDB530D2A67}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{856FCBCE-0457-46F2-8BF5-40A7EDDC4B29}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{87EB2EE6-7515-4BEB-B4E8-A8A00A93CFF4}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional 2003 MRT
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9336255-6BBB-4B38-9F98-E85988BF99CA}" = DDBAC
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"SilverFast CanonSDK-SE" = SilverFast CanonSDK-SE 6.5.5r2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"ZonerPhotoStudio10_GER_is1" = Zoner Photo Studio 10
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.05.2012 13:33:41 | Computer Name = Helmut-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0x745461bc] Bitte Avira informieren
und die obige Datei übersenden!
Error - 08.05.2012 11:48:23 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 08.05.2012 11:48:23 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.05.2012 15:17:24 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 12.3.0.15 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: f08 Anfangszeit: 01cd2eda5fda12cc Zeitpunkt der Beendigung:
0
Error - 12.05.2012 18:16:37 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.17037 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: fdc Anfangszeit: 01cd308b00f1e85b Zeitpunkt
der Beendigung: 62
Error - 31.05.2012 08:46:38 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.17037 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: e04 Anfangszeit: 01cd3f2aea6590db Zeitpunkt
der Beendigung: 788
Error - 11.06.2012 14:29:47 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.17037 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: e90 Anfangszeit: 01cd47fe891aa8f9 Zeitpunkt
der Beendigung: 137
Error - 11.06.2012 14:40:41 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.17037 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 11f0 Anfangszeit: 01cd4800bccfe509 Zeitpunkt
der Beendigung: 91
Error - 18.06.2012 10:03:10 | Computer Name = Helmut-PC | Source = EventSystem | ID = 4609
Description =
Error - 18.06.2012 14:12:54 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16771 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 4b0 Anfangszeit: 01cd4d7b60505413 Zeitpunkt
der Beendigung: 0
[ System Events ]
Error - 18.06.2012 10:03:45 | Computer Name = Helmut-PC | Source = DCOM | ID = 10005
Description =
Error - 18.06.2012 10:03:46 | Computer Name = Helmut-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 18.06.2012 12:28:33 | Computer Name = Helmut-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.06.2012 12:28:33 | Computer Name = Helmut-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
3, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.06.2012 12:28:41 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description =
Error - 18.06.2012 12:32:23 | Computer Name = Helmut-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.06.2012 12:32:23 | Computer Name = Helmut-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
3, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.06.2012 12:32:32 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description =
Error - 18.06.2012 13:53:36 | Computer Name = Helmut-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.06.2012 13:53:36 | Computer Name = Helmut-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
3, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report >
Edit: Gmer.txt ist: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-18 21:33:14
Windows 6.0.6000 Harddisk0\DR0 -> \Device\00000047 WDC_WD16 rev.05.0
Running: vnwfey1h.exe; Driver: C:\Users\Helmut\AppData\Local\Temp\pwlyrpoc.sys
---- System - GMER 1.0.15 ----
SSDT 89FAFCE4 ZwClose
SSDT 89FAFCEE ZwCreateSection
SSDT 89FAFCDF ZwDuplicateObject
SSDT 89FAFC80 ZwOpenProcess
SSDT 89FAFC85 ZwOpenThread
SSDT 89FAFCF8 ZwRequestWaitReplyPort
SSDT 89FAFCF3 ZwSetContextThread
SSDT 89FAFCFD ZwSetSecurityObject
SSDT 89FAFD02 ZwSystemDebugControl
SSDT 89FAFC8F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 368 81C80874 4 Bytes [E4, FC, FA, 89]
.text ntkrnlpa.exe!ZwCallbackReturn + 3D4 81C808E0 4 Bytes [EE, FC, FA, 89]
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 81C80C48 4 Bytes [F3, FC, FA, 89]
? System32\drivers\rexocp.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x895C8340, 0x28B977, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamW 75F314EA 5 Bytes JMP 6FB32046 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExA 75F4570D 5 Bytes JMP 6FB31F8D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamA 75F465BF 5 Bytes JMP 6FB3200B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectW 75F4F1B3 5 Bytes JMP 6F9E17EA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamW 75F5129F 5 Bytes JMP 6F9BF4B9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamA 75F729C9 5 Bytes JMP 6FB32081 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectA 75F7FACF 5 Bytes JMP 6FB31FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExW 75F7FBC9 5 Bytes JMP 6FB31F53 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3872] ole32.dll!OleLoadFromStream 764908B2 5 Bytes JMP 6FB32243 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\SearchProtocolHost.exe[2652] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6928D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2652] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6928D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2652] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6928D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2652] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [6928D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747BFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7478B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7477A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7477CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74778AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7478CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74777D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74777CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74776A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7480C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74797F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747790CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74782179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747821A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74787F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74787D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[6116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747B83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01570.log 131072 bytes
---- EOF - GMER 1.0.15 ----
Geändert von 012 055-0 (18.06.2012 um 20:36 Uhr) Grund: Gmer eingefügt |
| Themen zu RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? |
| antivir, autorun, avira, bho, browser.exe, bundestrojaner eingefangen, computer, converter, downloader, error, excel, firefox, flash player, format, google, home, iexplore.exe, install.exe, logfile, mp3, plug-in, registry, rundll, scan, searchscopes, security, sicherheit, software, udp, vista |
Baum-Darstellung