Trojaner-Board - Antivir meldet Trojaner TR/Dldr.Agent.cyrd / TR/Dldr.Exchanger.ayn

Hier man die abzuarbeitenden Punkte die im Forum angeboten werden.
Vllt. bekomme ich jetzt eine Antwort.

1. CCleaner durchgeführt

2. Malwarebytes Scan Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4212

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.06.2010 17:58:46
mbam-log-2010-06-18 (17-58-46).txt

Scan type: Quick scan
Objects scanned: 101232
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3. OTL - OTL.txt

OTL Logfile:

Code:

OTL logfile created on: 18.06.2010 18:08:14 - Run 1

OTL by OldTimer - Version 3.2.6.0     Folder = D:\Download

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 80,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 19,53 Gb Total Space | 9,11 Gb Free Space | 46,66% Space Free | Partition Type: NTFS

Drive D: | 56,79 Gb Total Space | 32,77 Gb Free Space | 57,70% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: *****

Current User Name: *****

NOT logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Download\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - D:\Programme\RocketDock\RocketDock.exe ()

PRC - C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

PRC - C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe (adi)

 

 
 ========== Modules (SafeList) ==========

 

MOD - D:\Download\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - D:\Programme\RocketDock\RocketDock.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

 
 ========== Driver Services (SafeList) ==========

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.25 18:49:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.18 01:43:06 | 000,000,000 | ---D | M]

 

[2009.05.31 17:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions

[2010.06.17 19:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions

[2010.05.29 14:48:20 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

[2010.04.27 23:20:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.05.23 12:53:17 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009.06.11 02:50:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2010.03.13 14:20:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009.11.06 14:11:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\coc@ble.pl

[2009.08.14 19:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\fastdial@telega.phpnet.us

[2010.04.14 18:58:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\personas@christopher.beard

[2010.05.29 14:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\83ujphvx.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

[2010.06.15 23:40:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.04.18 01:43:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe (adi)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SetRefresh] C:\Programme\COMPAQ\SetRefresh\\SetRefresh.exe ()

O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()

O4 - HKCU..\Run: [RocketDock] D:\Programme\RocketDock\RocketDock.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.63.118 85.216.127.134

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.05.30 23:07:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.18 17:54:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes

[2010.06.18 17:53:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*****\Recent

[2010.06.18 17:50:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.18 17:50:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.18 17:50:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.06.18 16:13:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\CCleaner

[2010.06.14 21:55:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Amazon

[2010.06.12 21:39:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\spielplan WM 2010

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.18 18:02:22 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\RSIT.exe

[2010.06.18 17:54:03 | 003,670,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\*****\NTUSER.DAT

[2010.06.18 17:50:59 | 000,000,550 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.06.18 17:50:18 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010.06.18 17:35:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.18 17:35:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.18 17:31:28 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\*****\ntuser.ini

[2010.06.17 21:33:09 | 000,032,655 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\iphone-stone-htc-touch-hd.jpg

[2010.06.17 19:19:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.11 18:57:57 | 000,061,440 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\*****.doc

[2010.06.10 18:16:04 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.09 23:29:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.06.09 23:26:01 | 000,997,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.09 23:26:01 | 000,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.09 23:26:01 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.09 23:26:01 | 000,080,108 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.09 23:26:01 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.02 23:17:10 | 000,365,407 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Unbenannt - 2.jpg

[2010.05.30 22:48:50 | 000,017,243 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\*****.odt

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.06.18 18:04:17 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\RSIT.exe

[2010.06.18 17:50:59 | 000,000,550 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.06.17 21:33:09 | 000,032,655 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\iphone-stone-htc-touch-hd.jpg

[2010.06.02 23:17:08 | 000,365,407 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\Unbenannt - 2.jpg

[2010.05.30 22:48:48 | 000,017,243 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\*****.odt

[2010.03.20 03:04:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010.01.27 19:10:59 | 000,000,701 | ---- | C] () -- C:\WINDOWS\System32\updater.ini

[2010.01.27 19:10:58 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\platform.ini

[2010.01.27 19:10:57 | 000,004,296 | ---- | C] () -- C:\WINDOWS\System32\crashreporter.ini

[2010.01.27 19:10:57 | 000,000,705 | ---- | C] () -- C:\WINDOWS\System32\crashreporter-override.ini

[2010.01.27 19:10:55 | 000,002,126 | ---- | C] () -- C:\WINDOWS\System32\application.ini

[2009.12.16 19:16:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009.12.08 20:28:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI

[2009.12.08 19:58:37 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2009.11.21 20:42:45 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009.08.26 18:41:23 | 000,000,145 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI

[2009.06.14 18:13:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.05.31 19:20:04 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2009.05.31 18:54:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2006.10.22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.10.22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.10.22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.10.22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.10.22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys

[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

 
 ========== LOP Check ==========

 

[2009.08.26 14:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software

[2009.12.29 21:48:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2009.10.18 19:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pictomio

[2009.10.03 18:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2009.07.28 22:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

[2010.06.14 21:55:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Amazon

[2009.11.21 20:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MAGIX

[2010.02.17 21:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mp3tag

[2009.08.26 16:42:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MyPhoneExplorer

[2009.06.03 21:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\OpenOffice.org

[2009.12.04 20:21:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Thunderbird

[2009.08.14 20:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Trillian

[2009.07.28 22:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Ulead Systems

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0

< End of report >

--- --- ---

OTL - Extras.txt
[I]
OTL Logfile:

Code:

OTL Extras logfile created on: 18.06.2010 18:08:14 - Run 1

OTL by OldTimer - Version 3.2.6.0     Folder = D:\Download

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 80,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 19,53 Gb Total Space | 9,11 Gb Free Space | 46,66% Space Free | Partition Type: NTFS

Drive D: | 56,79 Gb Total Space | 32,77 Gb Free Space | 57,70% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: *****

Current User Name: *****

NOT logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Programme\Trillian\trillian.exe" = D:\Programme\Trillian\trillian.exe:*:Disabled:Trillian -- (Cerulean Studios)

"D:\Programme\TrillianAstra\trillian.exe" = D:\Programme\TrillianAstra\trillian.exe:*:Disabled:Trillian -- (Cerulean Studios)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.007.01

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{7DFFB3EF-F6B5-468E-9C8D-C4FD574C2A22}" = MP3-Tag-Editor

"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A9412F1-6587-46F4-9689-01E2E38CE5E0}" = 8169Diag

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM

"{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}" = O&O SafeErase

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F5242227-2051-4158-AC42-0F2BAA3CD3D6}" = HP SetRefresh

"{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam

"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"a-squared Free_is1" = a-squared Free 4.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVS TV Recorder_is1" = AVS TV Recorder 2.0.1

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DVD Flick_is1" = DVD Flick 1.3.0.6

"FormatFactory" = FormatFactory 2.15

"ie8" = Windows Internet Explorer 8

"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2

"InstallShield_{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam

"KaloMa_is1" = KaloMa 4.76

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)

"Mp3tag" = Mp3tag v2.45a

"MPE" = MyPhoneExplorer

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NVIDIA Drivers" = NVIDIA Drivers

"Pictomio" = Pictomio

"Rainlendar2" = Rainlendar2 (remove only)

"*****

"RocketDock_is1" = RocketDock 1.3.5

"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)

"Winamp" = Winamp (nur entfernen)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"Wisdom-soft AutoScreenRecorder 3.0 Free" = Wisdom-soft AutoScreenRecorder 3.0 Free

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"Trillian" = Trillian

 
 ========== Last 10 Event Log Errors ==========

 

Error: Unable to start EventLog service!

 

< End of report >

--- --- ---

Gruß,
fingerling