loaupdt.jpg hat sich bei mir eingenistet

bastler · 14.06.2012, 18:59

Guten Abend,

o.g. Datei wurde auf meinem System enteckt. Nach kurzer Googlesuche bin ich hier gelandet und war sehr erschrocken da ich dachte das mein system mit F-Secure sicher wäre.
Nach dem ich einige Posts gelesen habe, habe ich mit OLT runtergeladen und duchlaufen lassen.Hier die beiten Logs:

extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 14.06.2012 19:41:03 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,24 Gb Total Physical Memory | 0,47 Gb Available Physical Memory | 37,62% Memory free
3,10 Gb Paging File | 2,37 Gb Available in Paging File | 76,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 36,80 Gb Free Space | 75,37% Space Free | Partition Type: NTFS
Drive D: | 100,22 Gb Total Space | 99,10 Gb Free Space | 98,88% Space Free | Partition Type: NTFS
Drive E: | 74,50 Gb Total Space | 72,89 Gb Free Space | 97,85% Space Free | Partition Type: NTFS
Drive F: | 662,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-1CF6627C8 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- D:\Dreamweaver\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Office_XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office_XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
jsfile [open] -- "D:\Dreamweaver\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Dreamweaver\Dreamweaver MX\Dreamweaver.exe" = D:\Dreamweaver\Dreamweaver MX\Dreamweaver.exe:*:Disabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = HiCam USB 2.0 S931P
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CE924D4-E4AB-4730-8367-0F2AEE9D7FE0}" = Samsung PC Studio 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"F-Secure Product 444" = F-Secure Internet Security 2011
"ie8" = Windows Internet Explorer 8
"MAGIX 3D Maker D" = MAGIX 3D Maker 6.0.0.12 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 11.50.1074" = Opera 11.50
"Planung und Ausschreibung 2008 - TROCAL" = Planung und Ausschreibung 2008 - TROCAL
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"VLC media player" = VLC media player 2.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"FileZilla Client" = FileZilla Client 3.5.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 00:20:36 | Computer Name = ADMIN-1CF6627C8 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 13.06.2012 00:20:51 | Computer Name = ADMIN-1CF6627C8 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
 Vorgang nicht ausführen.  .
 
Error - 13.06.2012 00:21:00 | Computer Name = ADMIN-1CF6627C8 | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2012-06-13  06:21:00+02:00    ADMIN-1CF6627C8\Admin  F-Secure Anti-Virus

 Malicious code found in file C:\System Volume Information\_restore{6F80CDED-4658-419B-BE0D-63A122F3FBAD}\RP367\A0053631.exe.
    Infection: Gen:Variant.Graftor.29984    Action: The file was quarantined.     
 
Error - 13.06.2012 01:21:00 | Computer Name = ADMIN-1CF6627C8 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 13.06.2012 01:21:20 | Computer Name = ADMIN-1CF6627C8 | Source = F-Secure Anti-Virus | ID = 103
Description = 2  2012-06-13  07:21:20+02:00    ADMIN-1CF6627C8\Admin  F-Secure Anti-Virus

 Malicious code found in file C:\System Volume Information\_restore{6F80CDED-4658-419B-BE0D-63A122F3FBAD}\RP367\A0053660.exe.
    Infection: Gen:Variant.Graftor.29984    Action: The file was quarantined.     
 
Error - 13.06.2012 01:47:09 | Computer Name = ADMIN-1CF6627C8 | Source = F-Secure Anti-Virus | ID = 103
Description = 3  2012-06-13  07:47:09+02:00    ADMIN-1CF6627C8\Admin  F-Secure Anti-Virus

 Malicious code found in file C:\System Volume Information\_restore{6F80CDED-4658-419B-BE0D-63A122F3FBAD}\RP367\A0053670.exe.
    Infection: Gen:Variant.Graftor.29984    Action: The file was quarantined.     
 
Error - 14.06.2012 12:17:49 | Computer Name = ADMIN-1CF6627C8 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 14.06.2012 12:18:15 | Computer Name = ADMIN-1CF6627C8 | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2012-06-14  18:18:15+02:00    ADMIN-1CF6627C8\Admin  F-Secure Anti-Virus

 Malicious code found in file C:\System Volume Information\_restore{6F80CDED-4658-419B-BE0D-63A122F3FBAD}\RP367\A0054673.exe.
    Infection: Gen:Variant.Kazy.76408    Action: The file was quarantined.     
 
Error - 14.06.2012 12:55:57 | Computer Name = ADMIN-1CF6627C8 | Source = F-Secure Anti-Virus | ID = 103
Description = 2  2012-06-14  18:55:57+02:00    ADMIN-1CF6627C8\Admin  F-Secure Anti-Virus

 Malicious code found in file C:\WINDOWS\SYSTEM32\APPCONF32.EXE.    Infection: Suspicious:W32/Malware.a7b5ff!Online
     
 
Error - 14.06.2012 13:36:52 | Computer Name = ADMIN-1CF6627C8 | Source = F-Secure Anti-Virus | ID = 103
Description = 3  2012-06-14  19:36:52+02:00    ADMIN-1CF6627C8\Admin  F-Secure Anti-Virus

 Malicious code found in file C:\System Volume Information\_restore{6F80CDED-4658-419B-BE0D-63A122F3FBAD}\RP368\A0055701.exe.
    Infection: Gen:Variant.Kazy.76408    Action: The file was quarantined.     
 
[ System Events ]
Error - 13.06.2012 22:22:19 | Computer Name = ADMIN-1CF6627C8 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 13.06.2012 22:22:20 | Computer Name = ADMIN-1CF6627C8 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
 nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.  
 
Error - 13.06.2012 22:22:21 | Computer Name = ADMIN-1CF6627C8 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 13.06.2012 22:22:23 | Computer Name = ADMIN-1CF6627C8 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
 nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.  
 
Error - 13.06.2012 22:22:23 | Computer Name = ADMIN-1CF6627C8 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 13.06.2012 22:22:33 | Computer Name = ADMIN-1CF6627C8 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
 nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.  
 
Error - 13.06.2012 22:22:34 | Computer Name = ADMIN-1CF6627C8 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 13.06.2012 22:22:45 | Computer Name = ADMIN-1CF6627C8 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
 nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.  
 
Error - 13.06.2012 22:22:46 | Computer Name = ADMIN-1CF6627C8 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 13.06.2012 22:22:48 | Computer Name = ADMIN-1CF6627C8 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
 nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.  
 
 
< End of report >

Hier die OLT.txt

Code:

ATTFilter

OTL logfile created on: 14.06.2012 19:41:03 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,24 Gb Total Physical Memory | 0,47 Gb Available Physical Memory | 37,62% Memory free
3,10 Gb Paging File | 2,37 Gb Available in Paging File | 76,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 36,80 Gb Free Space | 75,37% Space Free | Partition Type: NTFS
Drive D: | 100,22 Gb Total Space | 99,10 Gb Free Space | 98,88% Space Free | Partition Type: NTFS
Drive E: | 74,50 Gb Total Space | 72,89 Gb Free Space | 97,85% Space Free | Partition Type: NTFS
Drive F: | 662,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-1CF6627C8 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - D:\pdf24_converter\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\xampp\xampplite\mysql\bin\mysqld.exe (MySQL AB)
PRC - D:\xampp\xampplite\xampp-control.exe (Apache Friends)
PRC - D:\xampp\xampplite\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SQ931STI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\13005\components\AcroFF005.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - D:\Filezilla\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\Spam Control\fsas.dll ()
MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - C:\Programme\F-Secure\FSGUI\about.dll ()
MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - C:\Programme\F-Secure\FSPC\fspcfsm.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\SQ931STI.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (MySQL) -- D:\xampp\xampplite\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- D:\xampp\xampplite\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZDNDIS5) -- C:\WINDOWS\system32\ZDNDIS5.SYS File not found
DRV - (ZD1201U) ZyAIR B-220 IEEE 802.11b Wireless LAN Driver (USB) -- system32\DRIVERS\zd1201u.sys File not found
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found
DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found
DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found
DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- system32\DRIVERS\k750bus.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (huawei_ext_ctrl) -- system32\DRIVERS\ew_juextctrl.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (huawei_cdcecm) -- system32\DRIVERS\ew_jucdcecm.sys File not found
DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found
DRV - (filtertdidriver) -- system32\drivers\ewfiltertdidriver.sys File not found
DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (SQ931) -- C:\WINDOWS\system32\drivers\Capt931a.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (FA312) -- C:\WINDOWS\system32\drivers\FA312nd5.sys (NETGEAR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.06.05 04:39:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\13005 [2012.06.14 04:22:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.08 08:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.14 19:57:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\13005 [2012.06.14 04:22:35 | 000,000,000 | ---D | M]
 
[2010.05.13 12:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2012.05.18 06:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cvpvzxpu.default\extensions
[2010.07.29 17:38:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cvpvzxpu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.14 00:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.08 18:10:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.18 06:24:08 | 001,335,949 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\CVPVZXPU.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.14 04:22:35 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\WINDOWS\SYSTEM32\13005
[2012.06.08 08:18:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.01 19:32:48 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 19:32:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.01 19:32:48 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 19:32:48 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 19:32:48 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 19:32:48 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Reader Link Helper) - {1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} - C:\WINDOWS\system32\AcroIEHelpe139.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {F99BD4F5-D402-4c21-A8BC-510830B6BE37} - C:\WINDOWS\system32\AcroIEHelpe.dll File not found
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [PDFPrint] D:\pdf24_converter\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ICQ] "D:\ICQ7\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - Startup: C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\XAMPP Control Panel.lnk = D:\xampp\xampplite\xampp-control.exe (Apache Friends)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = D:\Office_XP\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Office_XP\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271183383218 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AE7B9E-16BF-40BE-B799-EB4CAD1155C6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.13 20:23:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{57a7261e-1c45-11e1-b17f-0040f438fff5}\Shell - "" = AutoRun
O33 - MountPoints2\{57a7261e-1c45-11e1-b17f-0040f438fff5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57a7261e-1c45-11e1-b17f-0040f438fff5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{96df55a3-1c29-11e1-b17d-0040f438fff5}\Shell - "" = AutoRun
O33 - MountPoints2\{96df55a3-1c29-11e1-b17d-0040f438fff5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96df55a3-1c29-11e1-b17d-0040f438fff5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ccbcf752-1c28-11e1-b17c-0040f438fff5}\Shell - "" = AutoRun
O33 - MountPoints2\{ccbcf752-1c28-11e1-b17c-0040f438fff5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ccbcf752-1c28-11e1-b17c-0040f438fff5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 18:57:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.06.14 04:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\13005
[2012.06.14 04:17:53 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.06.08 23:12:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012.06.08 23:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\13003
[2012.06.08 23:12:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012.06.08 23:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012.05.29 08:30:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF24
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 19:46:41 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
[2012.06.14 18:58:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-1606980848-1003Core.job
[2012.06.14 18:58:02 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-1606980848-1003UA.job
[2012.06.14 18:57:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2012.06.14 16:50:39 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012.06.14 16:45:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.14 16:45:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.14 16:20:43 | 000,179,168 | ---- | M] () -- C:\WINDOWS\System32\AcroIEHelpe139.dll
[2012.06.14 16:19:54 | 000,167,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 05:03:48 | 000,455,952 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.14 05:03:48 | 000,439,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 05:03:48 | 000,083,764 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.14 05:03:48 | 000,070,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.03 08:39:42 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.29 08:30:21 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk
[2012.05.29 08:30:21 | 000,000,649 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Fax.lnk
[2012.05.26 07:01:30 | 001,240,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Amtsblatt.pdf
[2012.05.23 20:42:49 | 000,096,658 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\1.xps
[2012.05.16 17:07:03 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 16:20:43 | 000,179,168 | ---- | C] () -- C:\WINDOWS\System32\AcroIEHelpe139.dll
[2012.06.08 23:12:47 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012.05.29 08:30:21 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk
[2012.05.29 08:30:21 | 000,000,649 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Fax.lnk
[2012.05.26 07:01:30 | 001,240,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Amtsblatt.pdf
[2012.05.23 21:37:56 | 000,180,704 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.23 20:42:48 | 000,096,658 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\1.xps
[2012.04.06 10:16:44 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2012.04.06 10:15:17 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.02.19 11:05:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2012.02.16 18:26:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.15 18:42:59 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SQCap.exe
[2012.01.15 18:42:59 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SQ931STI.exe
[2012.01.15 18:42:58 | 000,530,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt931a.sys
[2012.01.15 18:42:58 | 000,024,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd931a.sys
[2011.12.04 11:01:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2011.12.04 11:01:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ZDTRLib.DLL
[2011.12.04 11:01:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ZD12APP.dll
[2011.12.04 11:01:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\PassAPP.dll
[2011.12.04 11:01:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\INSAPP.dll
[2011.12.04 11:01:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2011.02.27 13:49:50 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
[2011.01.16 07:29:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.12.26 08:58:40 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.12.26 08:57:50 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010.12.26 07:08:30 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.03 20:58:38 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010.09.26 16:38:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2010.09.26 16:38:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2010.09.26 16:38:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2010.07.01 16:55:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

< End of report >

Ich hoffe Ihr könnt mir helfen.

Achso das wichtigste habe ich ja fast vergessen.F-Secure meldet mir andauert "Systemänderungsversuch". Dadurch bin ich auf den Befall aufmerksam geworden.

Bestendank Bastler

Hallo an alle,

hat keiner eine Ahnung wie diesen Virus wieder los werde.
Seit heute meldet sich F-Secure auch ab und zu mit der Meldung "Virus wurde beseitigt."
Ich denke mal das das alles damit zusammen hängt.

basti

Hallo an alle,

hat keiner eine Ahnung wie diesen Virus wieder los werde.
Seit heute meldet sich F-Secure auch ab und zu mit der Meldung "Virus wurde beseitigt."
Ich denke mal das das alles damit zusammen hängt.

basti

cosinus · 18.06.2012, 11:51

Zitat:

o.g. Datei wurde auf meinem System enteckt.

Schön und wo sind die Virenscanner-Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

loaupdt.jpg hat sich bei mir eingenistet

Plagegeister aller Art und deren Bekämpfung: loaupdt.jpg hat sich bei mir eingenistet

loaupdt.jpg hat sich bei mir eingenistet

loaupdt.jpg hat sich bei mir eingenistet

Ähnliche Themen: loaupdt.jpg hat sich bei mir eingenistet