Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Logfile mal überprüfen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.05.2013, 09:36   #1
Farang
 
Logfile mal überprüfen - Standard

Logfile mal überprüfen



würde bitte mal jemand mit ahnung drüber schauen und mir sagen ob alles okay mit meiner log ist ? Virus, trojaner oder irgendwas was meine passwörter ausspionieren kann?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:34:25, on 14.05.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

FIREFOX: 20.0.1 (de)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\UMVPFSrv.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Dokumente und Einstellungen\Sith-Lord\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-606747145-1383384898-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 4542 bytes

Alt 14.05.2013, 09:56   #2
Psychotic
/// Malwareteam
 
Logfile mal überprüfen - Standard

Logfile mal überprüfen



http://www.trojaner-board.de/95173-b...es-posten.html
__________________

__________________

Alt 14.05.2013, 12:25   #3
Farang
 
Logfile mal überprüfen - Standard

neue log's auswerten..



hallo ,noch ein versuch hoffe dieses mal alles richtig
könnt mal jemand überprüfen ob ich viren,trojaner oder sowas habe womit man meine passwörter ausspähen kann?

OTL:

OTL logfile created on: 14.05.2013 13:06:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sith-Lord\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 81,06% Memory free
3,85 Gb Paging File | 3,52 Gb Available in Paging File | 91,60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 7,20 Gb Free Space | 36,88% Space Free | Partition Type: NTFS
Drive D: | 92,27 Gb Total Space | 24,57 Gb Free Space | 26,62% Space Free | Partition Type: NTFS

Computer Name: EKKY | User Name: Sith-Lord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.14 13:00:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\OTL.exe
PRC - [2013.05.07 16:11:01 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.29 14:17:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.29 14:17:46 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.29 14:17:45 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.29 12:31:25 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2009.06.23 12:48:12 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2009.04.30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.02.14 17:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.29 12:31:25 | 000,357,224 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll


========== Services (SafeList) ==========

SRV - [2013.04.12 15:37:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 14:17:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.29 14:17:45 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.06 12:04:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.12.29 12:31:25 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.04.30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.02.14 17:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005.03.21 09:13:38 | 000,225,280 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.03.29 14:17:51 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.29 14:17:51 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.29 14:17:51 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.20 06:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.20 06:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.08.19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.09.30 21:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009.06.23 14:38:26 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009.06.23 14:38:16 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009.06.23 14:38:06 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009.06.23 14:37:54 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009.06.23 14:37:32 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009.06.23 14:37:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009.06.23 14:37:10 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009.06.23 14:36:36 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009.06.23 14:36:24 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2009.06.23 14:36:14 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009.06.23 14:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2009.06.23 14:35:04 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009.06.23 14:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2009.06.23 14:34:52 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009.06.23 14:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2009.06.23 14:34:40 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009.06.23 14:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2009.06.23 14:34:30 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009.05.01 01:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009.05.01 01:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.04.30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.benefind.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 15:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

[2013.01.06 12:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sith-Lord\Anwendungsdaten\Mozilla\Extensions
[2013.04.12 15:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 15:37:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2001.08.23 18:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B9A5F67-463B-4193-8ABC-DF787530921A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.06 10:54:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.14 13:05:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\OTL.exe
[2013.05.14 13:00:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\scan
[2013.05.01 17:32:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\p
[2013.04.28 21:20:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sith-Lord\Eigene Dateien\Unwritten Tales
[2013.04.24 20:20:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\mucke
[2013.04.14 18:09:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sith-Lord\Anwendungsdaten\ScummVM
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.14 13:03:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\defogger_reenable
[2013.05.14 13:00:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\OTL.exe
[2013.05.14 13:00:45 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\Defogger.exe
[2013.05.14 12:55:05 | 000,448,726 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.14 12:55:05 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.14 12:55:05 | 000,080,290 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.14 12:55:05 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.14 12:50:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.14 12:50:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013.05.14 12:50:44 | 000,153,066 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2013.05.14 10:44:17 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000006-00001102-00000004-20021102}.rfx
[2013.05.14 10:44:17 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000006-00001102-00000004-20021102}.rfx
[2013.05.14 10:44:17 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000006-00001102-00000004-20021102}.rfx
[2013.05.14 10:44:17 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000006-00001102-00000004-20021102}.rfx
[2013.05.14 10:44:17 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000006-00001102-00000004-20021102}.rfx
[2013.05.14 10:44:08 | 004,932,477 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-20021102}.CDF
[2013.05.14 10:44:08 | 004,932,477 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-20021102}.BAK
[2013.05.11 16:41:55 | 000,070,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.09 22:48:28 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.05.09 16:35:47 | 000,077,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\thomas.jpg.jpg
[2013.05.02 22:18:53 | 000,045,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\monday.jpg
[2013.04.26 09:33:30 | 007,092,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\Black Sun Empire - Arrakis.mp3
[2013.04.24 20:27:46 | 005,330,300 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\Dom And Roland - Adrenalin.mp3
[2013.04.23 14:46:49 | 000,072,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\602407_348142118614880_2009447097_n.jpg
[2013.04.14 17:18:19 | 000,000,549 | ---- | M] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\scummvm.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.14 13:03:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\defogger_reenable
[2013.05.14 13:02:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\Defogger.exe
[2013.05.09 16:35:47 | 000,077,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\thomas.jpg.jpg
[2013.05.02 22:18:52 | 000,045,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\monday.jpg
[2013.04.24 20:21:28 | 005,330,300 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\Dom And Roland - Adrenalin.mp3
[2013.04.24 20:21:05 | 007,092,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\Black Sun Empire - Arrakis.mp3
[2013.04.23 14:46:48 | 000,072,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\602407_348142118614880_2009447097_n.jpg
[2013.04.14 17:18:19 | 000,000,549 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Desktop\scummvm.lnk
[2013.01.23 19:24:47 | 000,070,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.14 11:29:39 | 000,000,032 | R--- | C] () -- C:\WINDOWS\hash.dat
[2013.01.13 14:59:01 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013.01.13 14:59:01 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Sith-Lord\Anwendungsdaten\PnkBstrK.sys
[2013.01.13 14:58:45 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013.01.13 14:58:44 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2013.01.13 14:58:41 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini
[2013.01.07 22:19:31 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2013.01.07 22:01:44 | 000,064,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013.01.06 12:14:18 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013.01.06 12:14:17 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013.01.06 12:14:17 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013.01.06 12:14:16 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013.01.06 12:00:43 | 000,000,612 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2013.01.06 11:55:43 | 001,074,560 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.01.06 11:55:43 | 001,074,560 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.01.06 11:55:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.01.06 11:55:28 | 002,284,064 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013.01.06 11:44:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.01.06 10:57:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.01.06 10:51:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013.01.06 10:44:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.01.06 10:42:52 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2013.01.07 22:00:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2012.10.31 13:33:21 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

EXTRAS

OTL Extras logfile created on: 14.05.2013 13:06:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sith-Lord\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 81,06% Memory free
3,85 Gb Paging File | 3,52 Gb Available in Paging File | 91,60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 7,20 Gb Free Space | 36,88% Space Free | Partition Type: NTFS
Drive D: | 92,27 Gb Total Space | 24,57 Gb Free Space | 26,62% Space Free | Partition Type: NTFS

Computer Name: EKKY | User Name: Sith-Lord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"D:\Games\Steam\SteamApps\farangnarak\team fortress 2\hl2.exe" = D:\Games\Steam\SteamApps\farangnarak\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"D:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"D:\Games\Steam\Steam.exe" = D:\Games\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Games\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe" = D:\Games\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe:*:Enabled:FTL: Faster Than Light -- ()
"D:\Games\Steam\SteamApps\common\Torchlight II\Torchlight2.exe" = D:\Games\Steam\SteamApps\common\Torchlight II\Torchlight2.exe:*:Enabled:Torchlight II -- (Runic Games, Inc.)
"D:\Games\Steam\SteamApps\common\alien swarm\swarm.exe" = D:\Games\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"D:\Games\Steam\SteamApps\common\alien swarm\srcds.exe" = D:\Games\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1267\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1267\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1637\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1637\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Games\Steam\SteamApps\common\Torchlight II\ModLauncher.exe" = D:\Games\Steam\SteamApps\common\Torchlight II\ModLauncher.exe:*:Enabled:Torchlight II -- (Runic Games, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira Free Antivirus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"PolyView" = PolyView 4.44
"Steam App 200710" = Torchlight II
"Steam App 212680" = FTL: Faster Than Light
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 630" = Alien Swarm
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xp-AntiSpy" = xp-AntiSpy 3.97-5
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 24.04.2013 14:38:20 | Computer Name = EKKY | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007048f.


< End of report >

Gmer.txt

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-14 13:23:07
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_SP1213C rev.SV100-34 111,82GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\SITH-L~1\LOKALE~1\Temp\pxtdapob.sys


---- System - GMER 2.1 ----

SSDT B875034C ZwClose
SSDT B8750306 ZwCreateKey
SSDT B8750356 ZwCreateSection
SSDT B87502FC ZwCreateThread
SSDT B875030B ZwDeleteKey
SSDT B8750315 ZwDeleteValueKey
SSDT B8750347 ZwDuplicateObject
SSDT B875031A ZwLoadKey
SSDT B87502E8 ZwOpenProcess
SSDT B87502ED ZwOpenThread
SSDT B875036F ZwQueryValueKey
SSDT B8750324 ZwReplaceKey
SSDT B8750360 ZwRequestWaitReplyPort
SSDT B875031F ZwRestoreKey
SSDT B875035B ZwSetContextThread
SSDT B8750365 ZwSetSecurityObject
SSDT B8750310 ZwSetValueKey
SSDT B875036A ZwSystemDebugControl
SSDT B87502F7 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2564 80501DB4 4 Bytes [E8, 02, 75, B8]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB335E3C0, 0x706FCA, 0xE8000020]

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{65368D00-464D-44D0-8055-5C72031E0681}\0000@D3D_\x3332\x3331 2089309684
Reg HKLM\SYSTEM\ControlSet003\Control\Video\{65368D00-464D-44D0-8055-5C72031E0681}\0000@D3D_\x3332\x3331 2089309684
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION CEA11B2121F7FDE6C0235486EC8AABD775FCA7FB05175FA9C32BB6E7C645DBE9FC3EADA588E830D0C8DB4DE274638B46890B0351785D20BD504C18A8FEBC9E127BECC74CFEBC9E127BECC7 4CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CA2D97226D213B555A6A0AC4980AC7933C07331D20AB9E72289A6 C11953E4B43240DA07F5DD9A82B5D902B136066365D608E4BA6748F04CCDABDC46233DB9A25D4B5115C299E39429A8100450498551CD5E7124529630E9D789CBD8645EC739830DBA0C9D53 3961495E2DF1CADB6E53C5E353D7F6F39D6CE0664C8B43A5E51CD508AA48908B3D2501DCCCBEF46DABE17D7FFC2508E154A11C48EB56F9065A149E06ED8A7A468441CA4D94167233BE9647 5991BD8FE3657DD0F9EB9416F6E10DBA8E02768D0C97BA381B6184BBE49D2F085E69376907D1965A08C107F7F12C1618741916D1E6F2BAF07742FA1D40348D3BC0920EC55611A82747174F D675DD633C481BD32167098DAB55FB4F35065E38EEF34C9F2BE40F113CCAC9F43C068D4D406121812A20BEA3B6ED84BA77F9EF58C5B20BADF047A9D2AE6EEAE48627C94F4FDB7A52F0AA6B 14F33C875AADE4AD3CF5F8F6DFC5173496ABD0BFED66678F8AAA17A9DFCAA1DD95D702E4AF7193D15649096EC028F3F6A570D24341E152D4C025356526E

---- EOF - GMER 2.1 ----
__________________

Alt 14.05.2013, 13:07   #4
Psychotic
/// Malwareteam
 
Logfile mal überprüfen - Standard

Logfile mal überprüfen



Soweit ich das von hier aus beurteilen kann, ist an dem System nichts auffällig...
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 14.05.2013, 16:09   #5
Farang
 
Logfile mal überprüfen - Standard

Logfile mal überprüfen



danke


Alt 15.05.2013, 06:55   #6
Psychotic
/// Malwareteam
 
Logfile mal überprüfen - Standard

Logfile mal überprüfen



Schön, dass wir helfen konnten!


Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________
--> Logfile mal überprüfen

Antwort

Themen zu Logfile mal überprüfen
adobe flash player, antivir, avg, avira, dateien, desktop, dll, einstellungen, error, explorer, failed, firefox, flash player, format, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, log, logfile, microsoft, monitor, mozilla, nvidia, opera, programme, registry, rundll, scan, security, software, system, temp, trojaner, usb, viren, virus, windows, windows xp




Ähnliche Themen: Logfile mal überprüfen


  1. Logfile überprüfen lassen
    Mülltonne - 27.03.2008 (0)
  2. Bitte mal Logfile überprüfen
    Mülltonne - 20.12.2007 (1)
  3. Bitte das Logfile überprüfen
    Log-Analyse und Auswertung - 18.12.2007 (11)
  4. bitte logfile überprüfen
    Mülltonne - 09.05.2007 (0)
  5. Überprüfen der Logfile
    Log-Analyse und Auswertung - 05.05.2007 (5)
  6. Logfile bitte überprüfen
    Log-Analyse und Auswertung - 10.12.2006 (5)
  7. Logfile Bitte überprüfen!
    Log-Analyse und Auswertung - 03.09.2006 (2)
  8. Logfile bitte überprüfen
    Log-Analyse und Auswertung - 04.07.2006 (6)
  9. Bitte LogFile überprüfen
    Log-Analyse und Auswertung - 18.02.2006 (3)
  10. Logfile überprüfen.
    Log-Analyse und Auswertung - 20.11.2005 (2)
  11. Bitte Logfile überprüfen
    Log-Analyse und Auswertung - 05.10.2005 (4)
  12. Bitte Logfile überprüfen
    Log-Analyse und Auswertung - 26.09.2005 (2)
  13. Bitte Logfile überprüfen
    Log-Analyse und Auswertung - 14.08.2005 (1)
  14. bitte mal logfile überprüfen
    Mülltonne - 08.06.2005 (1)
  15. Bitte Logfile überprüfen
    Log-Analyse und Auswertung - 22.11.2004 (1)
  16. Bitte Logfile überprüfen
    Log-Analyse und Auswertung - 04.09.2004 (4)
  17. Bitte Logfile überprüfen
    Log-Analyse und Auswertung - 28.06.2004 (1)

Zum Thema Logfile mal überprüfen - würde bitte mal jemand mit ahnung drüber schauen und mir sagen ob alles okay mit meiner log ist ? Virus, trojaner oder irgendwas was meine passwörter ausspionieren kann? Logfile of - Logfile mal überprüfen...
Archiv
Du betrachtest: Logfile mal überprüfen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.