| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 am 21.4. leider eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.04.2011, 11:51
| #1 |
 |  TR/Kazy.mekml.1 am 21.4. leider eingefangen Hallo, habe mir gestern leider auch den Trojaner Kazy.mekml.1 eingefangen. Habe gerade die Anleitung befolgt und hier die Log-Files von OTL und gmer. Hoffe ihr könnt mir helfen. Tausend Dank im voraus OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.04.2011 12:13:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Daniel\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 429,00 Mb Available Physical Memory | 42,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 36,14 Gb Total Space | 8,95 Gb Free Space | 24,75% Space Free | Partition Type: NTFS Drive D: | 36,42 Gb Total Space | 31,39 Gb Free Space | 86,17% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.22 12:01:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe PRC - [2011.03.25 16:08:09 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.20 22:23:57 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.28 18:36:42 | 000,526,336 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe PRC - [2011.01.28 18:10:28 | 000,387,072 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2010.10.16 01:40:40 | 000,037,664 | -H-- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.08.02 17:10:02 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.02 17:09:56 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.21 14:12:21 | 000,054,784 | -H-- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE PRC - [2010.01.14 23:11:02 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | -H-- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2006.02.21 10:38:06 | 000,282,722 | -H-- | M] ( ) -- C:\Programme\BenQ\Q-MediaBar\qbar.exe PRC - [2005.12.28 13:00:56 | 000,569,413 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EOUWiz.exe PRC - [2005.12.28 12:56:16 | 000,602,182 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.12.28 12:55:40 | 000,667,718 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005.12.28 12:52:32 | 000,397,381 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005.03.07 16:40:08 | 000,151,552 | -H-- | M] () -- C:\Programme\BenQ\QMusic2\QMAgent.exe PRC - [2004.08.04 21:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003.11.19 14:03:40 | 000,045,056 | -H-- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe PRC - [2001.02.23 11:07:30 | 000,270,336 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (SafeList) ========== MOD - [2011.04.22 12:01:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe MOD - [2004.08.04 21:00:00 | 001,050,624 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004.08.04 21:00:00 | 000,165,376 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll MOD - [2004.08.04 21:00:00 | 000,095,744 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2004.08.04 21:00:00 | 000,044,032 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll MOD - [2003.02.14 11:31:38 | 000,223,904 | -H-- | M] (Autodesk) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcSignCore16.dll MOD - [2003.02.14 11:31:38 | 000,136,352 | -H-- | M] (Autodesk) -- C:\WINDOWS\system32\AcSignIcon.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.03.20 22:23:57 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.28 18:10:28 | 000,387,072 | -H-- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010.10.16 01:40:40 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.08.02 17:10:02 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.02.21 14:12:21 | 000,054,784 | -H-- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2001.02.23 11:07:30 | 000,270,336 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2011.03.20 22:23:58 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.26 16:45:17 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 16:27:24 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 16:27:14 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010.02.21 14:12:23 | 000,012,464 | -H-- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2006.02.03 04:43:24 | 000,561,664 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2006.01.17 11:21:52 | 000,328,061 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006.01.17 11:19:46 | 000,023,271 | -H-- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2006.01.17 11:18:22 | 000,850,474 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.01.17 11:15:36 | 000,030,459 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.01.17 11:14:52 | 000,065,688 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.01.17 11:11:56 | 000,148,900 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2005.12.28 14:22:08 | 000,013,568 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.12.19 19:10:00 | 000,243,328 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2005.12.19 12:13:00 | 000,162,432 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.12.05 01:55:30 | 001,428,096 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2003.12.05 19:46:36 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://WWW.BenQ.COM/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.25 16:08:17 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.25 16:08:17 | 000,000,000 | -H-D | M] [2010.12.19 19:43:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Extensions [2010.02.20 23:30:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2011.04.21 14:59:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\mju7n06i.default\extensions [2011.04.10 21:59:29 | 000,000,000 | -H-D | M] (BitDefender QuickScan) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\mju7n06i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.04.21 14:59:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.11 16:03:00 | 000,000,000 | -H-D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2010.02.20 19:37:20 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.02.11 16:03:00 | 000,000,000 | -H-D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2010.12.24 18:42:52 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.24 18:42:52 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.24 18:42:52 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.24 18:42:52 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.24 18:42:52 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.20 21:15:29 | 000,432,836 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14895 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Q-MediaBar] C:\Programme\BenQ\Q-MediaBar\QBar.exe ( ) O4 - HKLM..\Run: [QMusic2] C:\Programme\BenQ\QMusic2\QMAgent.exe () O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [mscj] File not found O4 - HKCU..\Run: [mscj.exe] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [uvEWQXCeAJwf] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Autostart\UltimateZip Quick Start.lnk = C:\Programme\UltimateZip\uzqkst.exe (SWE von Schleusen) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: czlsibcevumxmskfuyaxTaskMgr = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 12:11:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011.04.22 12:11:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT [2011.04.22 12:11:09 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.22 12:01:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Daniel\Desktop\Erunt-setup.exe [2011.04.22 12:01:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe [2011.04.22 12:01:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\TFC.exe [2011.04.22 11:57:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Daniel\Recent [2011.04.22 11:24:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\test [2011.04.21 18:12:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Windows Recovery [2011.04.10 08:32:50 | 000,000,000 | -H-D | C] -- C:\GISTest [2011.04.05 17:06:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Python 2.5 [2011.04.05 17:06:36 | 002,113,536 | -H-- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python25.dll [2011.04.05 17:05:17 | 000,000,000 | -H-D | C] -- C:\Programme\ESRI [2011.04.05 17:04:52 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\ESRI [2011.04.05 16:53:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ArcGIS [2011.04.05 16:53:01 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\ArcGIS [2011.04.05 16:52:15 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\AnswerWorks 4.0 [2011.04.05 16:51:04 | 000,000,000 | -H-D | C] -- C:\Programme\Leica Geosystems [2011.04.05 16:48:05 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\ESRI [2011.04.05 16:46:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESRI [2011.04.05 16:44:55 | 000,000,000 | -H-D | C] -- C:\Programme\Python [2011.04.05 16:44:55 | 000,000,000 | -H-D | C] -- C:\Programme\ArcGIS ========== Files - Modified Within 30 Days ========== [2011.04.22 12:11:10 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\NTREGOPT.lnk [2011.04.22 12:11:10 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\ERUNT.lnk [2011.04.22 12:08:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.22 12:08:02 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 12:01:34 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\g2m3e4r.exe [2011.04.22 12:01:33 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Daniel\Desktop\Erunt-setup.exe [2011.04.22 12:01:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe [2011.04.22 12:01:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\TFC.exe [2011.04.21 18:12:58 | 000,000,823 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Windows Recovery.lnk [2011.04.21 14:48:31 | 000,043,758 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.04.20 21:15:29 | 000,432,836 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.04.16 16:09:48 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.14 18:03:58 | 000,432,370 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110420-211529.backup [2011.04.12 21:12:19 | 000,000,071 | -H-- | M] () -- C:\WINDOWS\Pex.INI [2011.04.07 20:06:27 | 000,432,370 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110414-180358.backup [2011.04.06 08:08:49 | 000,249,496 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.05 17:23:39 | 000,000,870 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\ArcMap.lnk [2011.04.05 17:12:38 | 000,000,668 | -H-- | M] () -- C:\WINDOWS\ArcView9x.INI [2011.03.31 22:13:38 | 000,011,380 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\gsview32.ini [2011.03.30 13:04:31 | 000,431,610 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110407-200626.backup [2011.03.23 22:14:37 | 000,431,478 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110330-130431.backup ========== Files Created - No Company Name ========== [2011.04.22 12:11:10 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\NTREGOPT.lnk [2011.04.22 12:11:10 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\ERUNT.lnk [2011.04.22 12:01:31 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\g2m3e4r.exe [2011.04.21 18:12:58 | 000,000,823 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Windows Recovery.lnk [2011.04.05 17:23:39 | 000,000,870 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\ArcMap.lnk [2011.04.05 17:12:38 | 000,000,668 | -H-- | C] () -- C:\WINDOWS\ArcView9x.INI [2010.12.17 12:24:33 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.23 00:40:55 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.07.13 19:07:36 | 000,005,880 | -H-- | C] () -- C:\WINDOWS\UEDIT32.INI [2010.06.03 11:23:50 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.03.01 22:13:12 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2010.02.28 10:54:59 | 000,000,071 | -H-- | C] () -- C:\WINDOWS\Pex.INI [2010.02.20 21:31:46 | 000,029,696 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.20 18:41:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2006.02.27 04:21:53 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.02.27 04:21:52 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.02.27 04:21:51 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.02.27 04:21:51 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.02.27 04:21:48 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2006.02.27 04:21:48 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.02.27 04:21:45 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.02.27 04:21:45 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.01.17 11:31:30 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.03.21 18:16:26 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2005.03.21 17:37:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.03.21 17:33:35 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.03.21 17:32:32 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.03.21 17:28:33 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.03.21 17:27:49 | 000,249,496 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.10.27 00:39:05 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2001.11.14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1997.06.25 15:24:16 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\RegObj.dll [1980.01.01 01:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [1980.01.01 01:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [1980.01.01 01:00:00 | 000,318,680 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [1980.01.01 01:00:00 | 000,313,280 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [1980.01.01 01:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [1980.01.01 01:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [1980.01.01 01:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [1980.01.01 01:00:00 | 000,049,424 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [1980.01.01 01:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [1980.01.01 01:00:00 | 000,040,998 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [1980.01.01 01:00:00 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\SMARTDEL.EXE [1980.01.01 01:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [1980.01.01 01:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [1980.01.01 01:00:00 | 000,027,440 | -H-- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [1980.01.01 01:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [1980.01.01 01:00:00 | 000,004,491 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [1980.01.01 01:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin [1980.01.01 01:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [1980.01.01 01:00:00 | 000,000,609 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI ========== LOP Check ========== [2010.02.21 14:10:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2010.07.23 11:00:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2010.03.22 18:47:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.03.08 21:35:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.04.05 16:46:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESRI [2011.04.22 11:24:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\test [2005.03.21 17:48:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2010.10.29 19:05:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.02.21 14:14:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Autodesk [2010.03.08 22:54:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\elsterformular [2011.04.10 08:42:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\ESRI [2010.02.20 20:28:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\ICQ [2010.12.19 21:01:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\MSA [2010.02.20 19:50:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Notepad++ [2010.09.23 00:55:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\pdfforge [2011.04.21 18:22:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\QuickScan [2011.02.11 16:03:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Search Settings [2010.02.28 10:48:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Ulead Systems ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.20 17:25:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen [2005.03.21 17:53:16 | 000,000,000 | -H-D | M] -- C:\DRV [2010.06.16 20:55:33 | 000,000,000 | -H-D | M] -- C:\GAMES [2011.04.10 08:47:17 | 000,000,000 | -H-D | M] -- C:\GISTest [2005.03.21 17:39:34 | 000,000,000 | -H-D | M] -- C:\I386 [2011.04.22 12:11:09 | 000,000,000 | RH-D | M] -- C:\Programme [2003.03.13 08:53:38 | 000,000,000 | -H-D | M] -- C:\QINFO [2010.02.20 17:53:20 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.04.22 10:39:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.02.20 19:47:05 | 000,000,000 | -H-D | M] -- C:\Temp [2011.04.22 12:11:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2004.08.04 21:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2004.08.04 21:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 21:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-15 13:57:49 < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 12:13:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Daniel\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 429,00 Mb Available Physical Memory | 42,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 36,14 Gb Total Space | 8,95 Gb Free Space | 24,75% Space Free | Partition Type: NTFS Drive D: | 36,42 Gb Total Space | 31,39 Gb Free Space | 86,17% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) .scr [@ = AutoCADScriptFile] -- C:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Programme\Maple\bin.win\mserver.exe" = C:\Programme\Maple\bin.win\mserver.exe:*:Enabled:mserver -- () "C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{094C28D2-3FE2-417C-AF0B-425FE891F04A}" = Motorola Phone Tools "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1CF65E18-6463-4D28-A476-7DA10FBCE816}" = ArcGIS Desktop Evaluation Edition "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{27270D6C-6784-40C5-BBD3-F0230D25DEAA}" = Q-MediaBar "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004 "{5CB6B359-CF25-47BE-B332-D222038758A3}" = QMusic 2.6 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer Express "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ArcGIS Desktop Evaluation Edition" = ArcGIS Desktop Evaluation Edition "Autodesk Express Viewer" = Autodesk Express Viewer "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CdaC13Ba" = SafeCast Shared Components "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_152D0753" = Soft Data Fax Modem with SmartCP "ElsterFormular 11.2.0.4074" = ElsterFormular "ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer "eMule" = eMule "ERUNT_is1" = ERUNT 1.1j "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "GSview 4.9" = GSview 4.9 "HeidiWin" = HeidiWin "InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Microsoft Visual C++ 6.0 Dokumentation (deu)" = Microsoft Visual C++ 6.0 Dokumentation (Deutsch) "MiKTeX 2.8" = MiKTeX 2.8 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NeroMultiInstaller!UninstallKey" = Nero Suite "Notepad++" = Notepad++ "numpy-py2.5" = Python 2.5 numpy-1.0.3 "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel(R) PROSet/Wireless Software "Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3 "Python 2.5.1" = Python 2.5.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "UltimateZip_is1" = UltimateZip 2.6 "Visual C++ 6.0 Autoren Edition (deu)" = Microsoft Visual C++ 6.0 Autoren Edition (Deutsch) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WTrans" = WTrans "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.04.2011 15:33:09 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.4095, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.04.2011 12:13:55 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 21.04.2011 12:28:51 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.4095, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.04.2011 12:50:49 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 21.04.2011 13:01:09 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 21.04.2011 13:25:34 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 21.04.2011 15:24:37 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 22.04.2011 02:21:28 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 22.04.2011 02:30:36 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 22.04.2011 04:38:24 | Computer Name = *** | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp2\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 [ System Events ] Error - 22.04.2011 06:01:47 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.04.2011 06:01:47 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Intel(R) PROSet/Wireless Registry Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.04.2011 06:01:47 | Computer Name = *** | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Starten Sie den Dienst neu.. Error - 22.04.2011 06:01:47 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "C-DillaCdaC11BA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.04.2011 06:01:47 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.04.2011 06:01:48 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.04.2011 06:08:21 | Computer Name = *** | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 22.04.2011 06:08:23 | Computer Name = *** | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 Error - 22.04.2011 06:14:26 | Computer Name = *** | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 22.04.2011 06:14:26 | Computer Name = *** | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 < End of report > gmer.txt: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-22 12:35:13
Windows 5.1.2600 Service Pack 2
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\Daniel\LOKALE~1\Temp\uwrdrpob.sys
---- System - GMER 1.0.15 ----
SSDT F7C3C17E ZwCreateKey
SSDT F7C3C174 ZwCreateThread
SSDT F7C3C183 ZwDeleteKey
SSDT F7C3C18D ZwDeleteValueKey
SSDT F7C3C192 ZwLoadKey
SSDT F7C3C160 ZwOpenProcess
SSDT F7C3C165 ZwOpenThread
SSDT F7C3C19C ZwReplaceKey
SSDT F7C3C197 ZwRestoreKey
SSDT F7C3C188 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF67B3380, 0x21641D, 0xE8000020]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF65BAEBF]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
| Themen zu TR/Kazy.mekml.1 am 21.4. leider eingefangen |
| 0x00000001, 78.42.43.62, antivir, avgntflt.sys, avira, bho, bonjour, error, extras.txt, failed, fehler, firefox, flash player, format, helper, home, homepage, limewire, location, logfile, mozilla, oldtimer, otl.txt, pdfforge toolbar, plug-in, registry, rundll, safer networking, saver, scan, searchplugins, security, senden, server, shell32.dll, shortcut, software, spigot, starten, trojaner |
Baum-Darstellung