| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Entfernung mehrerer Trojaner funktioniert kein Browser mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.08.2010, 23:40
| #3 |
| |  Nach Entfernung mehrerer Trojaner funktioniert kein Browser mehr Hi -
__________________wow!! Danke für die superschnelle Antwort. OTL ist schon durchgelaufen, hier die Ergebnisse: 1. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.08.2010 00:26:59 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Jane\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 463,00 Mb Available Physical Memory | 45,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,03 Gb Total Space | 16,39 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Drive D: | 43,85 Gb Total Space | 37,11 Gb Free Space | 84,64% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 149,01 Gb Total Space | 107,90 Gb Free Space | 72,41% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JULIANE Current User Name: Jane Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Jane\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\ATK0100\HControl.exe () PRC - C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - c:\Programme\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG) PRC - c:\Programme\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG) PRC - C:\Programme\Asus\Splendid\ACMON.exe (ATK) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\WiFiConnector\NintendoWFCReg.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - c:\Programme\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG) PRC - C:\Programme\Wireless Console 2\wcourier.exe () PRC - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK) PRC - C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Jane\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (PersonalSecureDriveService) -- c:\Programme\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PDNSp50) -- C:\WINDOWS\System32\drivers\PDNSp50.sys File not found DRV - (PDNMp50) -- C:\WINDOWS\System32\drivers\PDNMp50.sys File not found DRV - (nnrphuly) -- C:\WINDOWS\System32\drivers\nnrphuly.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (slabser) -- C:\WINDOWS\system32\drivers\slabser.sys (MCCI Corporation) DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\slabbus.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (SynMini) -- C:\WINDOWS\system32\drivers\SynMini.sys (Syntek America Inc.) DRV - (SynScan) -- C:\WINDOWS\system32\drivers\SynScan.sys (Syntek America Inc.) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\rt25usbap.sys (Ralink Technology Inc.) DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.11 16:41:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.11 16:41:26 | 000,000,000 | ---D | M] [2008.08.31 17:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Mozilla\Extensions [2010.05.23 07:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Mozilla\Firefox\Profiles\jtdp1cuj.default\extensions [2010.04.10 00:36:08 | 000,000,000 | ---D | M] (Screengrab) -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Mozilla\Firefox\Profiles\jtdp1cuj.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2007.02.24 15:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Mozilla\Firefox\Profiles\jtdp1cuj.default\extensions\{051ce736-d132-4374-9d36-eb192ef3110c} [2009.06.25 18:44:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Mozilla\Firefox\Profiles\jtdp1cuj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.04.16 18:38:18 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Mozilla\Firefox\Profiles\jtdp1cuj.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} [2010.05.23 07:06:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.06 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.06 10:00:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.06 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.06 10:00:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.06 10:00:01 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.EXE (ASYSTeK Computer INC.) O4 - HKLM..\Run: [ACMON] C:\Programme\Asus\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Registrierungsprogramm ausführen.lnk = C:\Programme\WiFiConnector\NintendoWFCReg.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167225238562 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxp://www.adultpark.de/vod/dmd/WMDownload.cab (InetDownload Class) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jane\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jane\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.16 13:28:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{61d67368-95b5-11db-9ff5-0018f371f7eb}\Shell\Auto\command - "" = F:\bittorrent.exe -- File not found O33 - MountPoints2\{61d67368-95b5-11db-9ff5-0018f371f7eb}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.15 00:26:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jane\Desktop\OTL.exe [2010.08.14 23:44:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Avira [2010.08.14 23:43:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.08.14 23:43:38 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.08.14 23:43:38 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.08.14 23:43:38 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.08.14 23:43:38 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.08.14 23:43:37 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.14 23:43:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.08.14 21:30:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.08.14 20:36:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.13 15:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jane\Eigene Dateien\Downloads [2010.08.13 12:26:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Malwarebytes [2010.08.13 12:26:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.13 12:26:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.13 12:26:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.13 12:26:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.13 11:10:24 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2026.03.10 15:44:22 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C425.lfa [2026.03.09 13:00:55 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C421.lfa [2026.03.09 13:00:55 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C420.lfa [2010.08.15 00:24:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.15 00:23:15 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.15 00:23:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.15 00:23:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.15 00:23:02 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys [2010.08.15 00:21:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jane\Desktop\OTL.exe [2010.08.14 23:47:35 | 006,029,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Jane\NTUSER.DAT [2010.08.14 23:47:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\ntuser.ini [2010.08.14 23:44:01 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.08.14 22:53:47 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.14 22:51:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.14 22:39:06 | 000,000,194 | ---- | M] () -- C:\boot.ini [2010.08.14 20:54:52 | 000,997,796 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.14 20:54:52 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.14 20:54:52 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 20:54:52 | 000,080,306 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.14 20:54:52 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.13 15:52:36 | 000,002,357 | ---- | M] () -- C:\Dokumente und Einstellungen\Jane\Desktop\Google Chrome.lnk [2010.08.13 15:50:30 | 044,153,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Jane\Desktop\avira_antivir_personal_de.exe [2010.08.13 12:29:53 | 000,003,316 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\0200000031384d80922P.manifest [2010.08.13 12:29:41 | 000,000,013 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\0200000031384d80922C.manifest [2010.08.13 12:29:41 | 000,000,011 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\0200000031384d80922S.manifest [2010.08.13 12:29:41 | 000,000,011 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\0200000031384d80922O.manifest [2010.08.13 12:28:24 | 000,003,316 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922P.manifest [2010.08.13 12:28:24 | 000,000,013 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922C.manifest [2010.08.13 12:28:24 | 000,000,011 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922S.manifest [2010.08.13 12:28:24 | 000,000,011 | -HS- | M] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922O.manifest [2010.08.13 12:26:14 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.13 11:51:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\nnrphuly.sys [2010.08.13 10:49:05 | 000,000,047 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2026.03.10 15:44:22 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C425.lfa [2026.03.09 13:00:55 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C421.lfa [2026.03.09 13:00:55 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C420.lfa [2010.08.15 00:23:02 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys [2010.08.14 23:44:01 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.08.14 23:42:28 | 044,153,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Jane\Desktop\avira_antivir_personal_de.exe [2010.08.14 22:39:06 | 000,000,194 | ---- | C] () -- C:\boot.ini [2010.08.13 15:52:36 | 000,002,357 | ---- | C] () -- C:\Dokumente und Einstellungen\Jane\Desktop\Google Chrome.lnk [2010.08.13 12:28:24 | 000,003,316 | -HS- | C] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922P.manifest [2010.08.13 12:28:24 | 000,000,013 | -HS- | C] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922C.manifest [2010.08.13 12:28:24 | 000,000,011 | -HS- | C] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922S.manifest [2010.08.13 12:28:24 | 000,000,011 | -HS- | C] () -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\d0b35ef4922O.manifest [2010.08.13 12:26:14 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.13 10:46:59 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.05.23 12:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\nnrphuly.sys [2009.04.26 14:48:54 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini [2008.11.18 23:08:14 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008.03.20 19:08:12 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini [2007.12.23 18:16:15 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2007.09.16 21:05:34 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.08.12 19:52:48 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.08.12 19:52:47 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.07.23 14:40:08 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2007.03.28 21:06:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini [2006.12.31 15:08:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006.12.31 15:04:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL [2006.12.27 16:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2006.12.27 15:00:54 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.12.25 13:52:09 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll [2006.12.25 10:37:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.10.16 13:32:13 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.10.16 08:58:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\aspolyzt.dll [2006.10.16 08:07:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.17 01:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.03.17 01:16:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.03.17 01:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.03.17 01:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.03.17 01:16:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.01.02 22:16:32 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini [2005.09.02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2005.07.06 12:59:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\asdrawli.dll [2005.07.04 15:17:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ASDRAWMA.DLL [2005.02.17 11:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004.09.07 17:34:59 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004.09.07 17:34:59 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.08.17 17:34:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AS_SORT.DLL [2004.07.20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2003.05.22 12:31:44 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\ASDRAW32.DLL [2002.07.12 16:29:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AS_MDB32.DLL [2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll [2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll [2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll ========== LOP Check ========== [2008.06.23 21:33:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2008.06.23 21:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2006.10.16 14:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Infineon [2009.01.07 10:42:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2009.05.03 14:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2009.02.07 23:46:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2006.12.25 13:31:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.11.09 00:12:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.05.09 11:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Amazon [2008.01.06 01:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Ankh - Heart of Osiris [2009.04.05 12:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\ASCON Installer [2009.04.05 12:11:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\ASCON Programme [2008.06.24 20:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Haufe [2006.10.16 14:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Infineon [2009.05.03 14:18:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Lexware [2009.06.05 00:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\phonostar-Player [2009.03.11 23:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\TeamViewer [2007.12.27 12:29:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Tobit [2007.01.17 17:05:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\Toshiba [2006.12.25 13:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jane\Anwendungsdaten\TuneUp Software [2010.01.01 18:15:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A9364E30 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.08.2010 00:26:59 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Jane\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 463,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 66,03 Gb Total Space | 16,39 Gb Free Space | 24,83% Space Free | Partition Type: NTFS
Drive D: | 43,85 Gb Total Space | 37,11 Gb Free Space | 84,64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 149,01 Gb Total Space | 107,90 Gb Free Space | 72,41% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JULIANE
Current User Name: Jane
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Jane\Eigene Dateien\ComBOTS\juwi@web.de\combotsClient\ComBOTSClient.exe" = C:\Dokumente und Einstellungen\Jane\Eigene Dateien\ComBOTS\juwi@web.de\combotsClient\ComBOTSClient.exe:*:Enabled:ComBOTS Communication Service -- File not found
"C:\Dokumente und Einstellungen\Jane\Eigene Dateien\ComBOTS\juwi@web.de\combotsClient\ComBOTSCom.exe" = C:\Dokumente und Einstellungen\Jane\Eigene Dateien\ComBOTS\juwi@web.de\combotsClient\ComBOTSCom.exe:*:Enabled:ComBOTS Communication Service -- File not found
"C:\Programme\WiFiConnector\NintendoWFCReg.exe" = C:\Programme\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Programme\IncrediMail\bin\IMApp.exe" = C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\ImLc.exe" = C:\Programme\IncrediMail\bin\ImLc.exe:*:Enabled:Letter Creator -- File not found
"D:\Software\incredimail_install.exe" = D:\Software\incredimail_install.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc. Player -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A8CF485-5A4D-4C7D-8ACF-4AB98914D529}" = Infineon TPM Professional Package
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5E8C42DD-7E43-462C-84CC-99E5BBE3E101}" = Steuer 2007
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2FEBD11-E587-4C41-AD33-0CD90D26A964}" = Client für die Windows-Rechteverwaltung mit Service Pack 2
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ASUS WebCam, 1.3M, USB2.0, FF" = ASUS WebCam, 1.3M, USB2.0, FF
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LastFM_is1" = Last.fm 1.5.2.38918
"Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren
"M3" = Asus MiVo Messenger
"M4P MP3 Converter_is1" = M4P MP3 Converter 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"ProInst" = Intel(R) PROSet/Wireless Software
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"PuTTY_is1" = PuTTY version 0.59
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TheLastRipper" = TheLastRipper 1.3.0
"VLC media player" = VideoLAN VLC media player 0.8.6i
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YDKJG3" = YOU DON'T KNOW JACK® 3 - Abwärts!
"YOU DON'T KNOW JACK® 2" = YOU DON'T KNOW JACK® 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Die Logfiles zum zweiten Schritt folgen. Danke und Grüße Jane Geändert von jane1 (14.08.2010 um 23:53 Uhr) |
| Themen zu Nach Entfernung mehrerer Trojaner funktioniert kein Browser mehr |
| .dll, antivir, blockiert, browser, dateien, einstellungen, explorer, home, icq, infizierte, infizierte dateien, internet, log, lsass.exe, malwarebytes, microsoft, modifikation, programme, scan, software, starten, tan, temp, trojan.agent.ge, trojan.fraudpack.gen, trojaner, updates, windows, winlogon |
Baum-Darstellung