Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
OTL Extras logfile created on: 16.09.2010 19:30:36 - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 451,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,99 Gb Free Space | 65,75% Space Free | Partition Type: NTFS
Drive D: | 6,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP-GMELIN
Current User Name: Dr. Ulrich Gmelin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jasp.exe" = C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jasp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
"C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jamp.exe" = C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jamp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{32178A6E-5DE4-443E-AA50-8FFFD7CCC32A}" = Fritz10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{56A20A80-9582-4016-8022-2F103B73A983}" = ASKA SmartMike
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{8F5B91A9-164F-4624-AD17-D8A220562544}" = Fritz10
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth by hp
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A053F79A-9618-46F2-AD41-C33C3FB3B6D8}" = PrintServer Utilities
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{BDE813B0-BF65-11D2-92B4-0060B0686AFB}" = SpeechMike Application
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD815603-AB71-4CFB-B3AC-522298037ACC}" = W83L518D
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"BurnAware Free_is1" = BurnAware Free 2.4.2
"Databuch" = Databuch
"ElsterFormular 11.3.0.4235" = ElsterFormular
"F-Secure Product 444" = F-Secure Internet Security 2010
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 1.49
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PraxisOrganizer" = PraxisOrganizer
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.09.2010 06:18:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 06:18:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 07:35:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 07:35:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 08:13:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 08:13:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 09:14:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 09:14:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 10:10:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 09.09.2010 10:10:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 13.09.2010 12:13:11 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.34.48.32 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.46.87.254 (The DHCP Server
sent a DHCPNACK message).
Error - 14.09.2010 00:42:28 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.46.80.15 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.48.31.254 (The DHCP Server
sent a DHCPNACK message).
Error - 14.09.2010 05:17:55 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.48.24.76 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.2.31.254 (The DHCP Server
sent a DHCPNACK message).
Error - 14.09.2010 06:28:12 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.2.24.80 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.6.63.254 (The DHCP Server
sent a DHCPNACK message).
Error - 14.09.2010 07:55:52 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.6.56.19 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.12.39.254 (The DHCP Server
sent a DHCPNACK message).
Error - 15.09.2010 00:29:45 | Computer Name = LAPTOP-GMELIN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 7 for Windows XP.
Error - 15.09.2010 00:59:33 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.12.32.17 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.62.15.254 (The DHCP Server
sent a DHCPNACK message).
Error - 15.09.2010 12:39:41 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.62.8.55 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.14.71.254 (The DHCP Server
sent a DHCPNACK message).
Error - 15.09.2010 14:56:33 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.14.64.4 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.35.23.254 (The DHCP Server
sent a DHCPNACK message).
Error - 16.09.2010 00:52:50 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.35.16.96 for the Network Card with network
address 00FF0AC17DA8 has been denied by the DHCP server 10.51.23.254 (The DHCP Server
sent a DHCPNACK message).
< End of report >
Zum Thema Trojan.Generic.4060291 entfernen - Extras.txt:
OTL EXTRAS Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
OTL Extras logfile created on: 16.09.2010 19:30:36 - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Dr. - Trojan.Generic.4060291 entfernen...
16.09.2010, 18:43
Baum-Darstellung