Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wahrscheinlich die Trojaner Zeus oder Spyeye (https://www.trojaner-board.de/100052-wahrscheinlich-trojaner-zeus-spyeye.html)

panther4861 07.06.2011 15:02
Wahrscheinlich die Trojaner Zeus oder Spyeye
 
Durch meine Bank bin ich darüber informiert worde, dass bei dem Erscheinen eines gewissen Bildes "... die Einstellungen ihres Computers werden gerade überprüft" auf meinem Computer wahrscheinlich Trojaner sind. Nun suche ich Möglichkeiten, wie ich meinen Rechner wieder clean bekommen kann. Danke für die Unterstützung!

markusg 07.06.2011 15:07
hiho
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

panther4861 07.06.2011 15:49
OTL Logfile:
Code:
OTL logfile created on: 07.06.2011 16:45:13 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Dokumente und Einstellungen\schloegler\Eigene Dateien
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
759,43 Mb Total Physical Memory | 324,29 Mb Available Physical Memory | 42,70% Memory free
1,81 Gb Paging File | 1,46 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 23,45 Gb Free Space | 62,94% Space Free | Partition Type: NTFS
Drive D: | 7,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive P: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive S: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive U: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
 
Computer Name: RCK-17368 | User Name: schloegler | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
PRC - [2009.09.08 04:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.05.17 15:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2002.03.12 12:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004.06.15 23:03:32 | 000,417,792 | ---- | M] (Novell, Inc) -- C:\Programme\Novell\ZENworks\NalShell.dll
MOD - [2004.06.15 23:02:52 | 000,995,840 | ---- | M] () -- C:\Programme\Novell\ZENworks\nls\english\NalUIRes.dll
 
 
========== Win32 Services (SafeList) ==========
 
 
========== Driver Services (SafeList) ==========
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Rueckertschule Infos - www.rueckertschule.de
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rueckertschule Infos - www.rueckertschule.de
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 1B C9 D7 25 15 CC 01  [binary data]
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.142.1.254:3128
 
 
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 2
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 1
O7 - HKU\S-1-5-21-1659004503-261903793-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.16 16:39:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.07 16:19:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.07 16:35:42 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Desktop\cexfubx6.exe
[2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe
[2011.06.07 16:11:31 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2011.06.07 08:05:25 | 000,473,884 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.06.07 08:05:25 | 000,446,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.07 08:05:25 | 000,088,074 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.06.07 08:05:25 | 000,071,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.07 08:01:37 | 000,024,480 | RHS- | M] () -- C:\Dokumente und Einstellungen\schloegler\ntuser.pol
[2011.06.07 08:01:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.07 08:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.12 15:12:56 | 000,050,755 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.07 16:35:41 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Desktop\cexfubx6.exe
[2011.06.07 15:53:57 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2011.05.13 10:34:37 | 000,050,755 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png
[2011.02.18 13:25:58 | 000,129,891 | ---- | C] () -- C:\WINDOWS\hphins28.dat
[2011.02.18 13:25:58 | 000,000,939 | ---- | C] () -- C:\WINDOWS\hphmdl28.dat
[2011.02.17 15:42:27 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.17 14:43:51 | 000,016,040 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2011.02.17 14:43:01 | 000,462,892 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2011.02.17 14:43:01 | 000,084,592 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2011.02.17 13:39:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.17 11:07:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011.02.17 11:06:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2011.02.16 16:42:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.16 16:36:33 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.02.16 16:15:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.16 16:13:51 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.16 09:57:06 | 000,090,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncrecognizer.sys
[2009.12.16 09:57:06 | 000,080,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncfilter.sys
[2009.12.16 09:57:06 | 000,014,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncuncfilter.sys
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.08.27 12:23:52 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2008.08.13 11:10:20 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,473,884 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 14:00:00 | 000,446,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008.04.14 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008.04.14 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008.04.14 14:00:00 | 000,088,074 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 14:00:00 | 000,071,638 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.02.12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006.03.27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.12.18 11:29:12 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2003.03.12 14:39:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000.01.20 10:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999.08.07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[1999.07.22 20:07:38 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[1999.06.30 05:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[1999.01.11 05:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996.05.14 10:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995.08.22 09:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< OTL logfile created on: 07.06.2011 16:20:59 - Run 1 >
 
< OTL by OldTimer - Version 3.2.23.0    Folder = C:\Dokumente und Einstellungen\schloegler\Eigene Dateien >
 
< Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.6001.18702) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<  >
 
< 759,43 Mb Total Physical Memory | 296,66 Mb Available Physical Memory | 39,06% Memory free >
 
< 1,81 Gb Paging File | 1,44 Gb Available in Paging File | 79,19% Paging File free >
 
< Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] >
 
<  >
 
< %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme >
 
< Drive C: | 37,26 Gb Total Space | 23,45 Gb Free Space | 62,95% Space Free | Partition Type: NTFS >
 
< Drive D: | 7,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF >
 
< Drive G: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
< Drive P: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
< Drive S: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
< Drive U: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS >
 
<  >
 
< Computer Name: RCK-17368 | User Name: schloegler | NOT logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user | Quick Scan >
 
< Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days >
 
<  >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
< PRC - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< PRC - [2011.06.07 16:16:39 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MCWVFYSY\Defogger[1].exe >
 
< PRC - [2009.09.08 04:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe >
 
< PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe >
 
< PRC - [2004.05.17 15:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe >
 
< PRC - [2003.07.30 10:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMTray.exe >
 
< PRC - [2002.03.12 12:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe >
 
<  >
 
<  >
 
< ========== Modules (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
< MOD - [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll >
 
<  >
 
<  >
 
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Rueckertschule Infos - www.rueckertschule.de >
Invalid Switch: Rueckertschule Infos - www.rueckertschule.de

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rueckertschule Infos - www.rueckertschule.de >
Invalid Switch: Rueckertschule Infos - www.rueckertschule.de

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN >
Invalid Switch: ?ocid=iehp

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 1B C9 D7 25 15 CC 01  [binary data] >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.142.1.254:3128 >
 
<  >
 
<  >
 
<  >
 
< O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1      localhost >
 
< O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) >
 
< O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) >
 
< O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) >
 
< O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.) >
 
< O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.) >
 
< O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) >
 
< O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.) >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 2 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =  >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1 >
 
< O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.) >
 
< O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) >
Invalid Switch: swflash.cab (Shockwave Flash Object)

 
< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)

 
< O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) >
Invalid Switch: xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

 
< O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.) >
 
< O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.) >
 
< O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home >
 
< O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp >
 
< O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp >
 
< O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc) >
 
< O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.) >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2011.02.16 16:39:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] >
 
< O34 - HKLM BootExecute: (autocheck autochk *) -  File not found >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
<  >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]

 
<  >
 
< [2011.06.07 16:19:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll >
 
< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
 
< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
 
<  >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]

 
<  >
 
< [2011.06.07 16:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\OTL.exe >
 
< [2011.06.07 16:11:31 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache >
 
< [2011.06.07 08:05:25 | 000,473,884 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat >
 
< [2011.06.07 08:05:25 | 000,446,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat >
 
< [2011.06.07 08:05:25 | 000,088,074 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat >
 
< [2011.06.07 08:05:25 | 000,071,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat >
 
< [2011.06.07 08:01:37 | 000,024,480 | RHS- | M] () -- C:\Dokumente und Einstellungen\schloegler\ntuser.pol >
 
< [2011.06.07 08:01:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl >
 
< [2011.06.07 08:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat >
 
< [2011.05.12 15:12:56 | 000,050,755 | ---- | M] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png >
 
< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
 
< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
 
<  >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]

 
<  >
 
< [2011.06.07 15:53:57 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache >
 
< [2011.05.13 10:34:37 | 000,050,755 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Eigene Dateien\Kristina Kohles..png >
 
< [2011.02.18 13:25:58 | 000,129,891 | ---- | C] () -- C:\WINDOWS\hphins28.dat >
 
< [2011.02.18 13:25:58 | 000,000,939 | ---- | C] () -- C:\WINDOWS\hphmdl28.dat >
 
< [2011.02.17 15:42:27 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\schloegler\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2011.02.17 14:43:51 | 000,016,040 | ---- | C] () -- C:\WINDOWS\cfgall.ini >
 
< [2011.02.17 14:43:01 | 000,462,892 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat >
 
< [2011.02.17 14:43:01 | 000,084,592 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat >
 
< [2011.02.17 13:39:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI >
 
< [2011.02.17 11:07:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll >
 
< [2011.02.17 11:06:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll >
 
< [2011.02.16 16:42:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat >
 
< [2011.02.16 16:36:33 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat >
 
< [2011.02.16 16:15:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI >
 
< [2011.02.16 16:13:51 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT >
 
< [2009.12.16 09:57:06 | 000,090,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncrecognizer.sys >
 
< [2009.12.16 09:57:06 | 000,080,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncfilter.sys >
 
< [2009.12.16 09:57:06 | 000,014,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncuncfilter.sys >
 
< [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll >
 
< [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll >
 
< [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll >
 
< [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll >
 
< [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll >
 
< [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll >
 
< [2008.08.27 12:23:52 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll >
 
< [2008.08.13 11:10:20 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll >
 
< [2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin >
 
< [2008.04.14 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll >
 
< [2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat >
 
< [2008.04.14 14:00:00 | 000,473,884 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat >
 
< [2008.04.14 14:00:00 | 000,446,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat >
 
< [2008.04.14 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll >
 
< [2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat >
 
< [2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat >
 
< [2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat >
 
< [2008.04.14 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll >
 
< [2008.04.14 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll >
 
< [2008.04.14 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll >
 
< [2008.04.14 14:00:00 | 000,088,074 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat >
 
< [2008.04.14 14:00:00 | 000,071,638 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat >
 
< [2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin >
 
< [2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat >
 
< [2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat >
 
< [2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat >
 
< [2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat >
 
< [2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin >
 
< [2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat >
 
< [2007.02.12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll >
 
< [2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe >
 
< [2006.03.27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll >
 
< [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll >
 
< [2003.12.18 11:29:12 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe >
 
< [2003.03.12 14:39:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL >
 
< [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI >
 
< [2000.01.20 10:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll >
 
< [1999.08.07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL >
 
< [1999.07.22 20:07:38 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe >
 
< [1999.06.30 05:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll >
 
< [1999.01.11 05:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini >
 
< [1996.05.14 10:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll >
 
< [1995.08.22 09:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll >
 
<  >
 
< ========== LOP Check ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
< ========== Purity Check ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
<  >
 
< < End of report >

--- --- ---
>

< End of report >OTL Logfile:
Code:
OTL Extras logfile created on: 07.06.2011 16:45:13 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Dokumente und Einstellungen\schloegler\Eigene Dateien
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
759,43 Mb Total Physical Memory | 324,29 Mb Available Physical Memory | 42,70% Memory free
1,81 Gb Paging File | 1,46 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 23,45 Gb Free Space | 62,94% Space Free | Partition Type: NTFS
Drive D: | 7,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive P: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive S: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
Drive U: | 488,28 Mb Total Space | 476,23 Mb Free Space | 97,53% Space Free | Partition Type: NWFS
 
Computer Name: RCK-17368 | User Name: schloegler | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"30854:TCP" = 30854:TCP:*:Enabled:Trend Micro OfficeScan Listener
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E37765E-45AE-4830-A12C-E5DADD758472}" = HP Photosmart D5400 Printer Driver 12.0 Rel .3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5E122A0-09A8-4B9D-A010-9B20F5348C09}" = ZENworks Desktop Management Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E192A201-E9B4-406A-82D5-7886F3BB63D5}" = PS_SF_03_D5400_Software_Min
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom NetXtreme Ethernet Controller
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Novell Client for Windows" = Novell Client für Windows
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
--- --- ---

markusg 07.06.2011 15:56
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

panther4861 07.06.2011 16:19
Danke für Dein Bemühen, aber leider lässt sich das Programm nicht auf meinem Rechner installieren.

markusg 07.06.2011 17:11
was heißt das? gib mir fehlermeldungen, mit "lässt sich nicht instalieren" kann man nichts anfangen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:21 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129