Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Antispyware soft erfolgreich entfernt?

Antispyware soft erfolgreich entfernt?


Plagegeister aller Art und deren Bekämpfung: Antispyware soft erfolgreich entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.05.2010, 22:57   #1
Saubua1977
 
Antispyware soft erfolgreich entfernt? - Icon26

Antispyware soft erfolgreich entfernt?


[SIZE="2"]OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.05.2010 23:48:36 - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Documents and Settings\Penner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 1,98 Gb Free Space | 5,07% Space Free | Partition Type: NTFS
Drive D: | 37,62 Gb Total Space | 25,92 Gb Free Space | 68,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 5,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive S: | 465,76 Gb Total Space | 344,32 Gb Free Space | 73,93% Space Free | Partition Type: NTFS
 
Computer Name: ***
Current UserName:***
Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Penner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Penner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (wggufgup) -- C:\WINDOWS\system32\drivers\wggufgup.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BT848) -- C:\WINDOWS\system32\drivers\BT848.sys (Illusion & Hope.)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AF9035BDA) -- C:\WINDOWS\system32\drivers\AF9035BDA.sys (AfaTech                  )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (LVCap138) -- C:\WINDOWS\system32\drivers\tvcap.sys (Philips)
DRV - (lvtuner) -- C:\WINDOWS\system32\drivers\tvtuner.sys (Philips)
DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.30 02:19:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 02:35:25 | 000,000,000 | ---D | M]
 
[2009.06.04 15:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Penner\Application Data\Mozilla\Extensions
[2010.04.24 15:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Penner\Application Data\Mozilla\Firefox\Profiles\kqc598wa.default\extensions
[2010.01.27 05:38:01 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Penner\Application Data\Mozilla\Firefox\Profiles\kqc598wa.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.04.16 01:43:06 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Documents and Settings\Penner\Application Data\Mozilla\Firefox\Profiles\kqc598wa.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.01.27 05:35:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Penner\Application Data\Mozilla\Firefox\Profiles\kqc598wa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.24 15:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Penner\Application Data\Mozilla\Firefox\Profiles\kqc598wa.default\extensions\firefox@tvunetworks.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Penner\Application Data\Mozilla\Firefox\Profiles\kqc598wa.default\searchplugins\conduit.xml
[2010.04.24 15:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.23 08:34:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.23 08:34:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.23 08:34:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.23 08:34:26 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.09.23 08:34:26 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (moigh Object) - {15D85275-5ED8-4985-9CA4-B86C94DA6F43} - C:\WINDOWS\system32\sqaticxi.dll ()
O2 - BHO: (voguecash browser enhancer) - {4E87C27C-4BDE-98F5-1F99-482D1CE17DAA} - C:\WINDOWS\System32\jlvbkzbqgw.dll File not found
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGam1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [GEST]  File not found
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\goebfbjd.exe ()
O4 - HKLM..\Run: [skb]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\Penner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Penner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Penner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.26 01:14:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.05.15 06:19:35 | 000,000,063 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.09.03 06:34:51 | 000,218,440 | R--- | M] () - H:\autorun_PES2008.exe -- [ UDF ]
O33 - MountPoints2\{7ee03a50-498f-11de-909c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7ee03a50-498f-11de-909c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ee03a50-498f-11de-909c-806d6172696f}\Shell\AutoRun\command - "" = H:\autorun_PES2008.exe -- [2007.09.03 06:34:51 | 000,218,440 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun_PES2008.exe -- [2007.09.03 06:34:51 | 000,218,440 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.30 23:46:29 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Penner\Desktop\OTL.exe
[2010.05.30 10:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Penner\Application Data\Malwarebytes
[2010.05.30 10:25:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.30 10:25:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.30 10:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.30 10:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.05.30 10:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.05.30 10:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.05.30 08:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Penner\Application Data\Street-Ads
[2010.05.30 08:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Penner\Application Data\Sky-Banners
[2010.05.30 08:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Penner\Local Settings\Application Data\wbedsgorq
[2010.05.30 08:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2010.05.02 18:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010.05.01 14:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010.05.01 12:49:30 | 000,464,416 | ---- | C] (KRÜGER Softwareentwicklung) -- C:\WINDOWS\System32\Ksowl25f.dll
[2010.05.01 12:49:30 | 000,380,928 | ---- | C] (KSE Software) -- C:\WINDOWS\System32\ksplz32.dll
[2010.05.01 12:49:30 | 000,176,128 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Cw3215.dll
[2010.05.01 12:49:27 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Richtx32.ocx
[2010.05.01 12:49:27 | 000,049,152 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Bids45f.dll
[2010.05.01 12:49:27 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Rchtxde.dll
[2010.05.01 12:49:26 | 000,823,296 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2010.05.01 12:49:26 | 000,525,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Dbgrid32.ocx
[2010.05.01 12:49:26 | 000,413,696 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\Tx32.dll
[2010.05.01 12:49:26 | 000,339,968 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_word.dll
[2010.05.01 12:49:26 | 000,275,456 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\Tx4ole.ocx
[2010.05.01 12:49:26 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2010.05.01 12:49:26 | 000,126,976 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_htm32.dll
[2010.05.01 12:49:26 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2010.05.01 12:49:26 | 000,098,304 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_rtf32.dll
[2010.05.01 12:49:26 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txtls32.dll
[2010.05.01 12:49:26 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wndtls32.dll
[2010.05.01 12:49:26 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_tif32.flt
[2010.05.01 12:49:26 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_wmf32.flt
[2010.05.01 12:49:26 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_bmp32.flt
[2010.05.01 12:49:26 | 000,030,720 | ---- | C] (DBS GmbH) -- C:\WINDOWS\System32\Pgrul.ocx
[2010.05.01 12:49:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msbind.dll
[2010.05.01 12:49:22 | 000,557,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dao360.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.30 23:44:12 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010.05.30 23:30:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.30 23:13:04 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Penner\Local Settings\Application Data\WebpageIcons.db
[2010.05.30 22:37:49 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Penner\ntuser.dat
[2010.05.30 22:23:11 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.30 22:23:11 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.30 22:23:11 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.30 22:20:25 | 000,000,539 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.30 22:18:14 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.30 22:18:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.30 22:18:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.30 10:49:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Penner\ntuser.ini
[2010.05.30 10:25:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.30 09:59:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.30 09:25:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\wggufgup.sys
[2010.05.30 08:24:50 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\wjxurjwdaattf.exe
[2010.05.30 08:24:30 | 000,124,416 | ---- | M] () -- C:\WINDOWS\Btigaa.exe
[2010.05.30 08:14:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.30 00:24:00 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Penner\Desktop\OTL.exe
[2010.05.28 01:48:39 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Penner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.26 17:28:49 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\TubeBox! starten.lnk
[2010.05.26 02:28:17 | 397,926,864 | ---- | M] () -- D:\My Documents\Lindenstrasse_10.05.25_17-55_ardeinsfestival_30_TVOON_DE.mpg.avi.otrkey
[2010.05.25 20:33:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.05.25 07:38:04 | 000,309,248 | ---- | M] () -- C:\WINDOWS\System32\sqaticxi.dll
[2010.05.24 18:31:20 | 000,040,633 | ---- | M] () -- C:\WINDOWS\System32\goebfbjd.exe
[2010.05.16 10:11:03 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010.05.16 08:57:58 | 731,453,440 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\ubuntu-10.04-desktop-amd64.iso
[2010.05.12 10:51:07 | 001,128,522 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\Folge 86.mp3
[2010.05.06 15:42:59 | 003,174,762 | -H-- | M] () -- C:\Documents and Settings\Penner\Local Settings\Application Data\IconCache.db
[2010.05.03 02:13:46 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\vba.ini
[2010.05.01 19:24:05 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\iSnooker.lnk
[2010.05.01 15:28:56 | 005,279,114 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\SopCast.zip
[2010.05.01 14:47:40 | 011,048,840 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\veetle-0.9.17.exe
[2010.05.01 13:20:27 | 000,025,372 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\Ländercodes im Briefdienst – Wikipedia.html
[2010.05.01 13:20:16 | 000,233,604 | ---- | M] () -- C:\Documents and Settings\Penner\Desktop\Ländercodes im Briefdienst – Wikipedia.webarchive
[2010.05.01 12:49:27 | 000,000,375 | ---- | M] () -- C:\WINDOWS\plzdir21.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.30 10:25:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.30 08:24:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\wggufgup.sys
[2010.05.30 08:24:50 | 000,050,981 | ---- | C] () -- C:\WINDOWS\System32\wjxurjwdaattf.exe
[2010.05.30 08:24:35 | 000,124,416 | ---- | C] () -- C:\WINDOWS\Btigaa.exe
[2010.05.26 02:28:17 | 397,926,864 | ---- | C] () -- D:\My Documents\Lindenstrasse_10.05.25_17-55_ardeinsfestival_30_TVOON_DE.mpg.avi.otrkey
[2010.05.25 20:33:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.05.25 07:38:04 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqaticxi.dll
[2010.05.24 18:31:20 | 000,040,633 | ---- | C] () -- C:\WINDOWS\System32\goebfbjd.exe
[2010.05.16 10:11:03 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010.05.16 08:36:49 | 731,453,440 | ---- | C] () -- C:\Documents and Settings\Penner\Desktop\ubuntu-10.04-desktop-amd64.iso
[2010.05.12 10:51:01 | 001,128,522 | ---- | C] () -- C:\Documents and Settings\Penner\Desktop\Folge 86.mp3
[2010.05.03 02:13:13 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Penner\Desktop\vba.ini
[2010.05.01 23:36:33 | 005,279,114 | ---- | C] () -- C:\Documents and Settings\Penner\Desktop\SopCast.zip
[2010.05.01 14:46:33 | 011,048,840 | ---- | C] () -- C:\Documents and Settings\Penner\Desktop\veetle-0.9.17.exe
[2010.05.01 13:20:27 | 000,025,372 | ---- | C] () -- C:\Documents and Settings\Penner\Desktop\Ländercodes im Briefdienst – Wikipedia.html
[2010.05.01 13:20:16 | 000,233,604 | ---- | C] () -- C:\Documents and Settings\Penner\Desktop\Ländercodes im Briefdienst – Wikipedia.webarchive
[2010.05.01 12:49:27 | 000,000,375 | ---- | C] () -- C:\WINDOWS\plzdir21.ini
[2010.05.01 12:49:26 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\DBGRID32.oca
[2010.05.01 12:49:26 | 000,002,494 | ---- | C] () -- C:\WINDOWS\System32\Comdlg32.dep
[2010.05.01 12:49:26 | 000,002,385 | ---- | C] () -- C:\WINDOWS\System32\Dbgrid32.dep
[2010.05.01 12:49:25 | 000,002,494 | ---- | C] () -- C:\WINDOWS\System32\Mscomctl.dep
[2010.05.01 12:49:25 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\Msbind.dep
[2010.04.27 03:07:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iSnooker.INI
[2010.01.24 04:36:49 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.01.13 20:29:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.01.13 20:29:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.01.13 20:29:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.01.13 20:29:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.01.13 20:29:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.01.13 20:29:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.01.13 11:07:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\DevCap.ini
[2009.12.31 04:22:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.12.31 04:21:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE D78DEFGIPS.ini
[2009.11.19 18:06:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009.11.19 18:06:33 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009.11.19 18:06:33 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009.11.14 04:23:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.09.20 13:29:04 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2009.07.16 07:22:39 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.06.21 18:03:37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8BE05FA
< End of report >
--- --- ---


Natürlich auch dir und allen anderen hier: Danke, dass ihr uns helft.

Antwort

Themen zu Antispyware soft erfolgreich entfernt?
32 bit, adware.adrotator, adware.ezlife, adware.gamespyarcade, adware.mywebsearch, anti-malware, antispyware, avsuite, bot, browser, cleansweep.exe, data, dateien, entfernt?, explorer, festgestellt, handle, helper, hochfahren, log, mbam, microsoft, neustart, service pack 3, services, soft, software, system, system32, temp, trojan.agent, trojan.downloader, trojan.fakealert, ubuntu


« Ebenfalls Probleme mit Beseitigung von Antimalware Doctor | Firefox öffnet Seiten und avast findet ständig Viren »


Ähnliche Themen: Antispyware soft erfolgreich entfernt?


  1. Antispyware Soft Infektion
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (32)
  2. Antispyware Soft Virus
    Log-Analyse und Auswertung - 15.06.2010 (59)
  3. Antispyware Soft entfernt - kommt aber wieder...
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (17)
  4. Antispyware Soft - Entfernung bei WinXP 32 erfolgreich?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2010 (3)
  5. Problem mit Antispyware Soft
    Log-Analyse und Auswertung - 01.06.2010 (7)
  6. Antispyware Soft Demo
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (4)
  7. Antispyware Soft / Antivirus Soft -- auf einem Benutzerkonto weg / auf dem anderen da
    Log-Analyse und Auswertung - 26.05.2010 (0)
  8. Antispyware Soft
    Log-Analyse und Auswertung - 21.05.2010 (7)
  9. Antispyware Soft nach Anleitung entfernt:weitere Prüfung +Firefox/Google Link Problem
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (6)
  10. Antispyware Soft entdeckt
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (1)
  11. Antispyware soft
    Log-Analyse und Auswertung - 11.05.2010 (7)
  12. Antispyware Soft entfernt, IE funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (10)
  13. Antispyware-Soft ...
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (1)
  14. AntiSpyWare Soft
    Plagegeister aller Art und deren Bekämpfung - 06.05.2010 (23)
  15. was tun bei „Antispyware soft“
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (7)
  16. was tun bei „Antispyware soft“
    Mülltonne - 03.05.2010 (18)
  17. Antispyware Soft entfernen
    Anleitungen, FAQs & Links - 25.04.2010 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Antispyware soft erfolgreich entfernt? - [SIZE="2"]OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 30.05.2010 23:48:36 - Run 1 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\Penner\Desktop Windows XP Professional - Antispyware soft erfolgreich entfernt?...
Archiv
Du betrachtest: Antispyware soft erfolgreich entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131