Trojaner / Keylogger ????

Foxx78 · 27.07.2010, 00:29

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.07.2010 01:23:23 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = D:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 100,22 Gb Total Space | 28,40 Gb Free Space | 28,34% Space Free | Partition Type: NTFS
Drive D: | 48,82 Gb Total Space | 26,47 Gb Free Space | 54,21% Space Free | Partition Type: NTFS
Drive E: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AXEL
Current User Name: Axel78
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- 
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme neu\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme neu\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:WoW 3724
"6112:TCP" = 6112:TCP:*:Enabled:WoW 6112
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server
"1119:TCP" = 1119:TCP:*:Enabled:WoW 1119
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme neu\ICQ6\ICQ6.5\ICQ.exe" = C:\Programme neu\ICQ6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Spiele\World of Warcraft\Repair.exe" = C:\Spiele\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)
"C:\Programme\IGDCTRL.EXE" = C:\Programme\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FBOXUPD.EXE" = C:\Programme\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\WebwaIgd.exe" = C:\Programme\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"D:\Programme\Java\jre6\bin\java.exe" = D:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Spiele\World of Warcraft\BackgroundDownloader.exe" = C:\Spiele\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Spiele\World of Warcraft\Launcher.exe" = C:\Spiele\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Spiele\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Spiele\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Spiele\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-deDE-downloader.exe" = C:\Spiele\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Spiele\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe" = C:\Spiele\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = C:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Spiele\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Spiele\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Spiele\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\Spiele\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Programme\EA GAMES\Battlefield 2\BF2.exe" = D:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Programme neu\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme neu\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Programme neu\Keylogger\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Programme neu\Keylogger\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA84E74-64E2-4FD1-8E48-7523225DDCD6}" = Hama WLAN PCI Card
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"B406677FA530D213D0B10B080DCD1080AE866D39" = Windows-Treiberpaket - Ross-Tech USB Driver Package (05/21/2009 2.04.18)
"CCleaner" = CCleaner
"Debut" = Debut Video Capture Software
"DivX Setup.divx.com" = DivX-Setup
"DVDBuilder_is1" = DVDBuilder 4.1
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ExpressBurn" = Express Burn
"FlashLynx" = FlashLynx Video Download Software
"Free Audio Dub_is1" = Free Audio Dub version 1.4
"Free Studio_is1" = Free Studio version 4.1
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStage" = PhotoStage Slideshow Producer
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video Converter
"Spyware Terminator_is1" = Spyware Terminator
"Switch" = Switch Sound File Converter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VCDS MFT" = VCDS MFT 908
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft MPEG to DVD Converter" = Xilisoft MPEG to DVD Converter
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.07.2010 14:32:27 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:32:55 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:33:30 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:33:33 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:33:54 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:34:10 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:34:15 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:41:36 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:56:03 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 15:03:48 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Application Events ]
Error - 24.07.2010 14:32:27 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:32:55 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:33:30 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:33:33 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:33:54 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:34:10 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:34:15 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:41:36 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 14:56:03 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 24.07.2010 15:03:48 | Computer Name = AXEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.46.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 26.07.2010 08:25:20 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:20 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:20 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:20 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:20 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:20 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:20 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:21 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:21 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.07.2010 08:25:21 | Computer Name = AXEL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.07.2010 01:23:23 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = D:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 100,22 Gb Total Space | 28,40 Gb Free Space | 28,34% Space Free | Partition Type: NTFS
Drive D: | 48,82 Gb Total Space | 26,47 Gb Free Space | 54,21% Space Free | Partition Type: NTFS
Drive E: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AXEL
Current User Name: Axel78
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme neu\Keylogger\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme neu\Keylogger\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Programme neu\Keylogger\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - D:\Programme\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - D:\Programme\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\IGDCTRL.EXE (AVM Berlin)
PRC - D:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - D:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- D:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- D:\WINDOWS\System32\appmgmts.dll File not found
SRV - (ACDaemon) -- D:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (sp_rssrv) -- C:\Programme neu\Keylogger\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (TuneUp.Defrag) -- D:\Programme\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- D:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- D:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (IGDCTRL) -- C:\Programme\IGDCTRL.EXE (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PLCMPR5) -- D:\WINDOWS\System32\PLCMPR5.SYS File not found
DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found
DRV - (sp_rsdrv2) -- D:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (PnkBstrK) -- D:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (MBAMSwissArmy) -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- D:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tmcomm) -- D:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ssmdrv) -- D:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- D:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nv) -- D:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (phmcd) -- D:\WINDOWS\system32\DRIVERS\phmcd.sys (Phantombility, Inc)
DRV - (NwlnkIpx) -- D:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- D:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- D:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (hwdatacard) -- D:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (fwlanusbn) -- D:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- D:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (FWLANUSB) -- D:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- D:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (RT61) -- D:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (nvata) -- D:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- D:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- D:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (AmdK8) -- D:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (atirage3) -- D:\WINDOWS\system32\drivers\atimpae.sys (ATI Technologies Inc.)
DRV - (MODEMCSA) -- D:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Crawler.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..keyword.URL: "hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.25 12:06:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.25 12:06:14 | 000,000,000 | ---D | M]
 
[2009.01.20 16:49:14 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Extensions
[2010.07.26 20:25:59 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions
[2010.06.25 11:35:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.08 01:58:38 | 000,000,000 | ---D | M] (PopupMaster) -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010.07.23 01:06:58 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.23 19:31:50 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.04.10 11:14:41 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.14 13:05:57 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2010.02.07 05:31:17 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Mozilla\Firefox\Profiles\rxi6kky8.default\extensions\fr-FR@dictionaries.addons.mozilla.org
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] D:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Programme neu\Keylogger\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Programme neu\Keylogger\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: D:\Dokumente und Einstellungen\Axel78\Startmenü\Programme\Autostart\Verknüpfung mit RaUI.lnk = D:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme neu\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme neu\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\sarah.dll (AVM Berlin)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232383027062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.16 12:36:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.23 01:16:09 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ]
O32 - AutoRun File - [2005.05.23 01:22:41 | 001,187,840 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.05.23 01:22:40 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{40561690-65a0-11de-8da1-0016178ea5e0}\Shell - "" = AutoRun
O33 - MountPoints2\{40561690-65a0-11de-8da1-0016178ea5e0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40561690-65a0-11de-8da1-0016178ea5e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{40561691-65a0-11de-8da1-0016178ea5e0}\Shell - "" = AutoRun
O33 - MountPoints2\{40561691-65a0-11de-8da1-0016178ea5e0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40561691-65a0-11de-8da1-0016178ea5e0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{56e1b878-e3bf-11dd-9da2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{56e1b878-e3bf-11dd-9da2-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{56e1b878-e3bf-11dd-9da2-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [2004.10.22 06:16:58 | 000,118,736 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.26 19:48:32 | 002,031,104 | ---- | C] (Elerion ltd.) -- D:\Dokumente und Einstellungen\Axel78\Desktop\YouTubeDownloader.exe
[2010.07.26 19:41:03 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Axel78\Eigene Dateien\TubeBox!
[2010.07.26 19:40:39 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\TubeBox
[2010.07.26 15:04:44 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Axel78\Lokale Einstellungen\Anwendungsdaten\Help
[2010.07.26 15:04:44 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Help
[2010.07.26 14:37:18 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.07.26 14:36:27 | 000,000,000 | ---D | C] -- D:\Programme\Security Task Manager
[2010.07.25 13:06:48 | 000,079,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\tasklist.exe
[2010.07.24 20:57:24 | 000,000,000 | RH-D | C] -- D:\Dokumente und Einstellungen\Axel78\Recent
[2010.07.24 10:46:09 | 000,000,000 | ---D | C] -- D:\Programme\CCleaner
[2010.07.24 10:24:16 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Malwarebytes
[2010.07.24 10:24:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.24 10:24:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010.07.24 10:24:04 | 000,000,000 | ---D | C] -- D:\Programme\Malwarebytes' Anti-Malware
[2010.07.24 10:24:04 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.23 19:31:57 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\QuickScan
[2010.07.23 15:05:40 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Axel78\Anwendungsdaten\Spyware Terminator
[2010.07.23 15:05:38 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2010.07.23 14:47:42 | 000,665,016 | ---- | C] (Crawler Inc.                                                ) -- D:\Dokumente und Einstellungen\Axel78\Desktop\SpywareTerminator_SFTSetup_2.7.2.125.exe
[2010.07.08 21:59:38 | 000,000,000 | ---D | C] -- D:\Programme\DIFX
[2010.07.01 16:16:18 | 000,000,000 | ---D | C] -- D:\WINDOWS\Prefetch
[2010.06.30 20:04:28 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.30 20:04:28 | 000,000,000 | ---D | C] -- D:\Programme\Gemeinsame Dateien\Java
[2010.06.30 20:03:52 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010.06.30 20:03:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2010.06.30 20:03:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2010.06.30 20:03:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.27 00:41:31 | 000,211,328 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2010.07.27 00:41:24 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010.07.27 00:41:22 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010.07.26 23:38:42 | 003,670,016 | -H-- | M] () -- D:\Dokumente und Einstellungen\Axel78\NTUSER.DAT
[2010.07.26 19:49:06 | 000,000,079 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\settings.ini
[2010.07.26 19:48:41 | 000,000,278 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\playlist.fpl
[2010.07.26 19:44:22 | 000,002,245 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\TubeBox! starten.lnk
[2010.07.26 15:33:05 | 000,002,511 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\HiJackThis.lnk
[2010.07.26 15:17:30 | 000,000,526 | ---- | M] () -- D:\WINDOWS\win.ini
[2010.07.26 15:09:45 | 000,000,739 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\Verknüpfung mit TaskMan.exe.lnk
[2010.07.25 13:04:32 | 000,036,660 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\tasklist.zip
[2010.07.24 11:02:45 | 000,106,012 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\cc_20100724_110219.reg
[2010.07.24 10:46:11 | 000,000,655 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\CCleaner.lnk
[2010.07.24 10:24:09 | 000,000,677 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.23 19:22:06 | 000,001,414 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\WOW beitrag.rtf
[2010.07.23 15:05:49 | 000,000,754 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator.lnk
[2010.07.23 15:05:40 | 000,142,592 | ---- | M] () -- D:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.07.23 14:48:00 | 000,665,016 | ---- | M] (Crawler Inc.                                                ) -- D:\Dokumente und Einstellungen\Axel78\Desktop\SpywareTerminator_SFTSetup_2.7.2.125.exe
[2010.07.18 12:00:08 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010.07.09 00:57:12 | 000,001,710 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.07.08 22:00:09 | 000,000,560 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\VCDS MFT 908.lnk
[2010.07.07 13:08:31 | 000,000,718 | ---- | M] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\Verknüpfung mit iexplore.lnk
[2010.07.04 17:21:51 | 000,000,361 | ---- | M] () -- D:\Programme\TUProduct.dat
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.26 19:49:06 | 000,000,079 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\settings.ini
[2010.07.26 19:48:41 | 000,000,278 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\playlist.fpl
[2010.07.26 19:40:05 | 000,002,245 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\TubeBox! starten.lnk
[2010.07.26 15:09:45 | 000,000,739 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\Verknüpfung mit TaskMan.exe.lnk
[2010.07.25 13:10:40 | 000,002,511 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\HiJackThis.lnk
[2010.07.25 13:04:31 | 000,036,660 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\tasklist.zip
[2010.07.24 11:02:25 | 000,106,012 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\cc_20100724_110219.reg
[2010.07.24 10:46:11 | 000,000,655 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\CCleaner.lnk
[2010.07.24 10:24:09 | 000,000,677 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.23 19:22:05 | 000,001,414 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\WOW beitrag.rtf
[2010.07.23 15:05:49 | 000,000,754 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator.lnk
[2010.07.23 15:05:41 | 000,142,592 | ---- | C] () -- D:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.07.08 22:00:09 | 000,000,560 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\VCDS MFT 908.lnk
[2010.07.07 13:08:31 | 000,000,718 | ---- | C] () -- D:\Dokumente und Einstellungen\Axel78\Desktop\Verknüpfung mit iexplore.lnk
[2010.05.30 19:43:55 | 000,138,384 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.11.23 20:06:38 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2009.03.03 23:21:06 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\Install6x.dll
[2009.01.16 16:52:48 | 000,135,168 | R--- | C] () -- D:\WINDOWS\System32\RtlCPAPI.dll
[2009.01.16 16:52:45 | 000,000,164 | R--- | C] () -- D:\WINDOWS\avrack.ini
[2009.01.16 16:13:27 | 000,000,258 | ---- | C] () -- D:\WINDOWS\System32\raidmgmt.ini
[2008.12.26 01:08:00 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2008.12.26 01:08:00 | 001,507,328 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2008.12.26 01:08:00 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2008.12.26 01:08:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
< End of report >

--- --- ---

soweit die Logfiles, soweit schonmal vielen Dank das sichder Sache wer annimmt

lg Alex

Trojaner / Keylogger ????

Plagegeister aller Art und deren Bekämpfung: Trojaner / Keylogger ????

Trojaner / Keylogger ????

Ähnliche Themen: Trojaner / Keylogger ????