youarel.com - trojaner? über MSN

CrazyUnited · 21.05.2010, 19:38

Hey

meine schwester und ihre freundin haben über msn einen link bekommen, der im normalfall trojaner auf den pc schickt.
nun hab sie mit meiner hilfe Malwarebytes und OTL durchlaufen lassen.

von der schwester sind die folgenden logs :

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4124

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

21.05.2010 20:17:27
mbam-log-2010-05-21 (20-17-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 195405
Laufzeit: 31 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe (Worm.Bot.Gen) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Worm.Bot.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Temp\atb.exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Temp\dzh.exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Temporary Internet Files\Content.IE5\24BT6AD3\pt[1].exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.

Code:

ATTFilter

OTL Extras logfile created on: 21.05.2010 20:31:06 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 153,38 Gb Total Space | 70,77 Gb Free Space | 46,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-6R4N9TLVP
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- File not found
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Programme\Steam\SteamApps\sascha115\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\sascha115\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabledbiggrin ie Schlacht um Mittelerde (tm) -- ()
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe" = C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe:*:Enabled:Windows System Guard -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{1FF12BFD-84AC-4E81-9A8F-496E5C2DDA79}_is1" = Didi V3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Bewerbung um eine Ausbildungsstelle 2006/2007" = Bewerbung um eine Ausbildungsstelle 2006/2007
"Call of Duty" = Call of Duty
"CCleaner" = CCleaner (remove only)
"Clean Virus MSN_is1" = Clean Virus MSN
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.12
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Harry der Höhlenmensch" = Harry der Höhlenmensch
"hp deskjet 3420 series" = hp deskjet 3420 series (nur entfernen)
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"Little Shop - City Lights Deluxe" = Little Shop - City Lights Deluxe
"Little Shop - Road Trip Deluxe" = Little Shop - Road Trip Deluxe
"Little Shop of Treasures 2 Deluxe" = Little Shop of Treasures 2 Deluxe
"Little Shop of Treasures Deluxe" = Little Shop of Treasures Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NVIDIA Drivers" = NVIDIA Drivers
"Paradise Beach Deluxe" = Paradise Beach Deluxe
"PhotoScape" = PhotoScape
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SprayR" = SprayR 1.0 RC7
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaMizer" = VistaMizer 3.1.0.0
"VLC media player" = VLC media player 1.0.3
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YRefresher_is1" = Yrefresher 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.05.2010 09:56:12 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003dd11.

Error - 18.05.2010 09:56:18 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.

Error - 18.05.2010 09:57:07 | Computer Name = SARAH-6R4N9TLVP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.2180, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 18.05.2010 09:58:55 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003dd11.

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:01:44 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003dd11.

[ System Events ]
Error - 19.05.2010 05:47:03 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 19.05.2010 05:59:43 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 19.05.2010 07:54:24 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 19.05.2010 11:40:35 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 01:08:10 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 08:08:53 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 10:32:12 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 13:09:35 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 21.05.2010 10:02:55 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 21.05.2010 14:20:34 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt


< End of report >

Code:

ATTFilter

OTL logfile created on: 21.05.2010 20:31:06 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 153,38 Gb Total Space | 70,77 Gb Free Space | 46,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-6R4N9TLVP
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.live.com/sphome.aspx
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.jappy.de/user/Twinkie"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="


FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.01 21:01:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.01 21:01:27 | 000,000,000 | ---D | M]

[2010.05.21 16:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions
[2010.03.08 19:15:11 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.04.10 16:56:33 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.29 21:00:31 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009.04.10 16:56:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.18 18:58:51 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.07.17 11:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.11.07 19:46:22 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\bing.xml
[2010.01.19 06:48:43 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\conduit.xml
[2010.05.19 20:12:37 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\icqplugin.xml
[2010.03.08 21:37:05 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\winamp-search.xml
[2010.05.21 16:12:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.29 19:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.04.10 16:44:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.12.18 00:34:33 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2008.12.18 00:34:33 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2008.12.18 00:34:33 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2008.12.18 00:34:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2008.12.18 00:34:33 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2006.08.24 23:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 23:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2006.11.10 13:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.11 00:32:03 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.04.10 17:14:17 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Programme\YRefresher\YRefresher.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Programme\YRefresher\YRefresher.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.10 14:42:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{4b648804-3511-11df-8053-001d92490b04}\Shell - "" = AutoRun
O33 - MountPoints2\{4b648804-3511-11df-8053-001d92490b04}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{4b648804-3511-11df-8053-001d92490b04}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d62c83db-5cd9-11de-be62-001d92490b04}\Shell - "" = AutoRun
O33 - MountPoints2\{d62c83db-5cd9-11de-be62-001d92490b04}\Shell\1\Command - "" = E:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{d62c83db-5cd9-11de-be62-001d92490b04}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.21 20:29:35 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2010.05.21 19:42:53 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\mbam146-setup.exe
[2010.05.21 19:26:13 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010.05.21 19:25:28 | 004,173,256 | ---- | C] (AxBx ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\setup.exe
[2010.05.21 19:12:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.15 20:12:57 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2010.05.15 20:12:57 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010.05.15 20:12:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2010.05.15 20:12:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2010.05.15 20:12:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71FRA.DLL
[2010.05.15 20:12:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2010.05.15 20:12:57 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2010.05.15 20:12:57 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2010.05.15 20:12:57 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2010.05.15 20:12:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2010.05.15 20:12:57 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2010.05.15 20:12:56 | 000,964,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70u.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70ita.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70fra.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70esp.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70deu.dll
[2010.05.15 20:12:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70enu.dll
[2010.05.15 20:12:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70kor.dll
[2010.05.15 20:12:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70jpn.dll
[2010.05.15 20:12:56 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70cht.dll
[2010.05.15 20:12:56 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70chs.dll
[2010.05.15 20:12:55 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010.05.15 20:12:54 | 000,905,216 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8OB.LLX
[2010.05.15 20:12:54 | 000,369,664 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cm32l800.lng
[2010.05.15 20:12:54 | 000,151,040 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8S.DLL
[2010.05.15 20:12:54 | 000,126,464 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32PR8.DLL
[2010.05.15 20:12:54 | 000,115,712 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32UT8.DLL
[2010.05.15 20:12:54 | 000,079,872 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32MM8.DLL
[2010.05.15 20:12:53 | 001,730,048 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8.DLL
[2010.05.15 20:12:53 | 000,340,992 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32DW8.DLL
[2010.05.15 20:12:52 | 000,505,344 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32CT8.DLL
[2010.05.15 20:12:52 | 000,114,688 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32CR8.DLL
[2010.05.15 20:12:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2010.05.15 20:12:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll
[2010.05.15 20:10:05 | 000,000,000 | ---D | C] -- C:\Programme\Degener
[2010.05.14 13:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Neuer Ordner (2)
[2010.05.14 11:22:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\softonic-de3
[2010.05.01 21:02:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010.05.01 21:01:56 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.05.01 21:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.01 21:01:01 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.01 20:59:52 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.05.01 20:59:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.01 20:58:22 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.05.01 20:43:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\Schule Ausbildung ect
[2010.05.01 20:42:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\Counter-Strike
[2010.05.01 20:19:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\ipod
[2010.04.29 21:00:32 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[2010.04.29 21:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\softonic-de3
[2010.04.29 20:55:40 | 000,000,000 | ---D | C] -- C:\YouTubeDownload
[2010.04.29 20:55:39 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2010.04.29 20:55:28 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010.04.29 20:55:28 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010.04.29 20:55:27 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.04.29 20:55:27 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.04.29 20:55:26 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2010.04.29 20:55:26 | 000,114,688 | ---- | C] (Cucusoft Inc.) -- C:\WINDOWS\System32\PropListCtrl.ocx
[2010.04.29 20:55:25 | 000,000,000 | ---D | C] -- C:\Programme\Cucusoft
[2010.04.23 14:35:56 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.21 20:29:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2010.05.21 20:21:00 | 005,767,168 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\NTUSER.DAT
[2010.05.21 20:19:16 | 000,215,715 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.21 20:19:13 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.05.21 20:18:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.21 20:18:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.21 19:43:41 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 19:43:07 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\mbam146-setup.exe
[2010.05.21 19:26:15 | 000,000,737 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Clean Virus MSN.lnk
[2010.05.21 19:25:38 | 004,173,256 | ---- | M] (AxBx ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\setup.exe
[2010.05.21 19:07:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.20 19:18:56 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.05.20 14:14:49 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sarah\ntuser.ini
[2010.05.19 14:37:05 | 000,074,870 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\mrz_vw.jpg
[2010.05.19 14:32:13 | 000,108,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\flotte.jpg
[2010.05.18 21:35:11 | 000,046,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.17 16:27:17 | 000,006,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\photothumb.db
[2010.05.15 20:12:59 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Didi V3.lnk
[2010.05.14 11:22:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.14 09:28:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.01 21:01:14 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.04.29 21:00:50 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\DVDVideoSoft Free Studio.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.25 19:01:20 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\erste seite.doc
[2010.04.25 18:27:31 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.21 19:43:41 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 19:26:15 | 000,000,737 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Clean Virus MSN.lnk
[2010.05.19 14:37:05 | 000,074,870 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\mrz_vw.jpg
[2010.05.19 14:32:13 | 000,108,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\flotte.jpg
[2010.05.15 20:12:59 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Didi V3.lnk
[2010.05.15 20:12:55 | 001,170,504 | ---- | C] () -- C:\WINDOWS\System32\CMBTL800.HLP
[2010.05.01 21:02:32 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.05.01 21:01:14 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.04.29 21:00:47 | 000,000,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\DVDVideoSoft Free Studio.lnk
[2010.04.29 20:55:28 | 000,092,102 | ---- | C] () -- C:\WINDOWS\System32\HKCU_GNU.reg
[2010.04.29 20:55:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.04.29 20:55:28 | 000,006,700 | ---- | C] () -- C:\WINDOWS\System32\HKLM_GNU.reg
[2010.04.29 20:55:28 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2010.04.29 20:55:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.04.29 20:55:27 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010.04.29 20:55:27 | 000,014,909 | ---- | C] () -- C:\WINDOWS\System32\A_reg.reg
[2010.04.25 19:01:20 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\erste seite.doc
[2010.01.09 14:18:28 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.04.10 20:51:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.10 17:28:24 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.10 17:23:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009.04.10 15:56:32 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009.04.10 15:23:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009.03.27 10:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.03.27 10:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.03.27 10:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.03.27 10:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.11.26 22:28:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
< End of report >

youarel.com - trojaner? über MSN

Plagegeister aller Art und deren Bekämpfung: youarel.com - trojaner? über MSN

youarel.com - trojaner? über MSN

Ähnliche Themen: youarel.com - trojaner? über MSN