Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
MSN Virus

MSN Virus


Log-Analyse und Auswertung: MSN Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.12.2009, 17:00   #9
kreshnik
 
MSN Virus - Standard

MSN Virus


Otl logfile:

Code:
ATTFilter
OTL logfile created on: 16.12.2009 16:54:07 - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 67,07% Memory free
4,00 Gb Paging File | 3,86 Gb Available in Paging File | 96,44% Paging File free
Paging file location(s): C:\pagefile.sys 3022 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 121,37 Gb Free Space | 81,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUKRI
Current User Name: Shukri Bajgora
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgfws8.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
PRC - C:\WINDOWS\Domino.EXE (Vimicro)
PRC - C:\WINDOWS\VMSnap5.EXE (Vimicro)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\TeamViewer\Version4\TV.dll (TeamViewer GmbH)
MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avg8emc) -- C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws8) -- C:\Programme\AVG\AVG8\avgfws8.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe ()
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (ZSMC0305) Vimicro USB PC Camera (VC0305) -- C:\WINDOWS\system32\drivers\usbVM305.sys (Vimicro Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (viagfx) -- C:\WINDOWS\system32\drivers\vtmini.sys (Copyright (C) VIA/S3 Graphics Co, Ltd.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG8\Firefox [2009.06.17 09:00:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.22 17:37:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.22 17:37:58 | 00,000,000 | ---D | M]
 
[2009.11.22 17:35:40 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\Mozilla\Extensions
[2009.12.15 20:26:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\Mozilla\Firefox\Profiles\guqxbs4i.default\extensions
[2009.11.06 19:56:24 | 00,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\Mozilla\Firefox\Profiles\guqxbs4i.default\searchplugins\bing.xml
[2009.11.22 17:35:42 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.03.04 19:16:08 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007.11.20 16:52:00 | 02,884,992 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll
[2009.11.22 17:37:53 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.22 17:37:53 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.22 17:37:53 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.22 17:37:53 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.22 17:37:53 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE (Vimicro)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204655321579 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.16 01:44:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.12.15 23:11:01 | 00,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9f4d0f56-cc74-11de-831d-0016ece2e5b3}\Shell\AutoRun\command - "" = E:\v1cbvsmq.exe -- File not found
O33 - MountPoints2\{9f4d0f56-cc74-11de-831d-0016ece2e5b3}\Shell\open\Command - "" = E:\v1cbvsmq.exe -- File not found
O33 - MountPoints2\{a66a13fc-b053-11de-82ce-0016ece2e5b3}\Shell\AutoRun\command - "" = E:\sp1jensi.exe -- File not found
O33 - MountPoints2\{a66a13fc-b053-11de-82ce-0016ece2e5b3}\Shell\open\Command - "" = E:\sp1jensi.exe -- File not found
O33 - MountPoints2\{ac382dd4-dc48-11de-8341-0016ece2e5b3}\Shell\AutoRun\command - "" = E:\q3kku.exe -- File not found
O33 - MountPoints2\{ac382dd4-dc48-11de-8341-0016ece2e5b3}\Shell\open\Command - "" = E:\q3kku.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.12.16 16:53:13 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\OTL.exe
[2009.12.16 16:11:03 | 00,000,000 | ---D | C] -- C:\Avenger
[2009.12.15 23:12:34 | 00,000,000 | ---D | C] -- C:\Programme\trend micro
[2009.12.15 23:12:33 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.15 21:53:40 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\Malwarebytes
[2009.12.15 21:53:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.12.15 21:53:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.12.15 21:53:32 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.12.15 21:53:32 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009.12.15 21:48:38 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Recent
[2009.12.15 21:42:59 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.12.15 19:46:04 | 00,000,000 | ---D | C] -- C:\Programme\TrendMicro
[2009.12.12 13:37:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\Neuer Ordner
[2009.12.11 23:02:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Lokale Einstellungen\Anwendungsdaten\FullTiltPoker
[2009.12.11 23:01:15 | 00,000,000 | ---D | C] -- C:\Programme\Full Tilt Poker
[2009.12.11 22:55:18 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Lokale Einstellungen\Anwendungsdaten\FullTiltPoker.NET
[2009.12.11 22:53:32 | 00,000,000 | ---D | C] -- C:\Programme\Full Tilt Poker.Net
[2009.12.08 21:45:06 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\kerri
[2009.11.28 19:07:00 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\TransFO
[2009.11.28 19:06:43 | 00,000,000 | RHSD | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\transfremes
[2009.11.22 19:20:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\Downloads
[2009.11.22 17:54:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindowsLiveInstaller
[2009.11.22 17:54:30 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
[2009.07.23 14:15:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.01.30 21:45:47 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2009.01.30 21:45:47 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.01.30 21:45:47 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.07.23 21:54:30 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2008.07.23 21:54:13 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.12.16 16:53:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\OTL.exe
[2009.12.16 16:13:44 | 00,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.16 16:11:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.16 16:11:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.16 16:11:27 | 15,428,36224 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.16 16:10:45 | 05,242,880 | -H-- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\NTUSER.DAT
[2009.12.16 16:09:33 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\ntuser.ini
[2009.12.16 16:03:22 | 00,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\gehweg.exe
[2009.12.16 14:27:58 | 00,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\My Sharing Folders.lnk
[2009.12.15 23:16:37 | 00,014,081 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\logs.rar
[2009.12.15 23:12:18 | 00,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\RSIT.exe
[2009.12.15 23:11:01 | 00,000,053 | RHS- | M] () -- C:\autorun.inf
[2009.12.15 21:53:37 | 00,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.15 21:49:46 | 00,001,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\cc_20091215_214929.reg
[2009.12.15 21:49:13 | 00,120,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\cc_20091215_214908.reg
[2009.12.15 21:43:01 | 00,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\CCleaner.lnk
[2009.12.15 19:46:16 | 00,002,443 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\HiJackThis.lnk
[2009.12.15 16:21:02 | 00,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\spider.sav
[2009.12.14 20:35:29 | 00,001,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\wklnhst.dat
[2009.12.12 00:48:10 | 00,045,763 | -H-- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\mxfilerelatedcache.mxc2
[2009.12.11 12:54:29 | 01,074,602 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.12.11 12:54:29 | 00,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.12.11 12:54:29 | 00,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.12.11 12:54:29 | 00,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.12.11 12:54:29 | 00,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.12.10 17:56:17 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.10 15:08:38 | 00,074,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\Bewrbung Fedex.wps
[2009.12.08 23:08:44 | 00,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.11.22 19:24:25 | 00,094,811 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\PDF_Rechnung_M211090093273323_11-2009.pdf
[2009.11.22 19:21:24 | 00,094,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\PDF_Rechnung_M211090090692686_10-2009.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.12.16 16:03:19 | 00,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\gehweg.exe
[2009.12.15 23:16:37 | 00,014,081 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\logs.rar
[2009.12.15 23:12:18 | 00,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\RSIT.exe
[2009.12.15 21:53:37 | 00,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.15 21:49:31 | 00,001,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\cc_20091215_214929.reg
[2009.12.15 21:49:09 | 00,120,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\cc_20091215_214908.reg
[2009.12.15 21:43:01 | 00,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\CCleaner.lnk
[2009.12.15 19:46:04 | 00,002,443 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\HiJackThis.lnk
[2009.12.12 00:48:03 | 00,045,763 | -H-- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\mxfilerelatedcache.mxc2
[2009.12.10 14:49:19 | 00,074,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\Bewrbung Fedex.wps
[2009.11.22 19:24:24 | 00,094,811 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\PDF_Rechnung_M211090093273323_11-2009.pdf
[2009.11.22 19:21:23 | 00,094,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop\PDF_Rechnung_M211090090692686_10-2009.pdf
[2009.11.22 17:56:36 | 00,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Eigene Dateien\My Sharing Folders.lnk
[2009.10.14 20:11:22 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.08.05 20:23:23 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.08.05 20:23:18 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.08.05 20:23:18 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.08.05 20:23:17 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.05 20:23:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.08.05 20:23:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.05.17 18:34:37 | 00,059,500 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.04.19 18:30:16 | 00,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.04.13 10:27:27 | 00,004,342 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1170610957_PROTOCOL.log
[2008.04.13 10:27:27 | 00,000,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1170610957_API.log
[2008.04.13 10:27:26 | 00,001,286 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1170610957_UI.log
[2008.04.13 10:27:26 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008.03.04 20:51:28 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.03.03 21:47:43 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008.03.03 19:58:13 | 00,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2007.10.11 17:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.02.04 18:33:32 | 00,003,167 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2006.12.16 19:33:28 | 00,001,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Anwendungsdaten\wklnhst.dat
[2006.10.31 20:00:21 | 00,065,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.31 19:27:29 | 00,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\Shukri Bajgora\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.09.16 03:05:01 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.16 02:44:38 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.09.16 02:41:48 | 00,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.09.16 02:41:27 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.09.16 02:33:29 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.09.16 01:48:16 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.09.16 01:41:17 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001.07.06 15:30:00 | 00,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2000.04.04 21:02:10 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
< End of report >
Extras logfile:

Code:
ATTFilter
OTL Extras logfile created on: 16.12.2009 16:54:07 - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 67,07% Memory free
4,00 Gb Paging File | 3,86 Gb Available in Paging File | 96,44% Paging File free
Paging file location(s): C:\pagefile.sys 3022 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 121,37 Gb Free Space | 81,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHUKRI
Current User Name: Shukri Bajgora
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\Alice\Signup\AliceCnn.exe" = C:\Programme\Alice\Signup\AliceCnn.exe:*:Enabled:Alice Einwahlassistent -- File not found
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup -- (Kaspersky Lab)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Programme\AVG\AVG8\avgnsx.exe" = C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BFD2603-0F69-4AAC-9189-60EC466CA348}" = ArcSoft VideoImpression 2
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33F8EAD4-B6EC-498B-B487-696B973D1C0C}" = Windows Live Messenger
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{621AF8B2-75D2-4074-BA44-79178A617255}" = Windows Live installer
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6814036F-EFA8-4D45-B76B-2EDEEAE6C51B}" = WLAN Monitor
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D17044-BF23-4AA5-829C-93E16129EA74}" = Schreibmaschinenkurs 3.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B1271FC1-A638-431F-B7FA-2892F8B3FB53}" = KIKA-ROM 3
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C87E3974-50FD-4CA7-B3DA-DA7A83B2239C}" = Vimicro Cam 2nd Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6FD93C9-F253-4127-B94A-E454B5E07A38}" = KIKA-Karaoke
"{DEA5062A-C2FB-4D0A-B558-5B7C8E2E1BF9}" = Vimicro Cam 2nd Edition
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"InstallShield_{6814036F-EFA8-4D45-B76B-2EDEEAE6C51B}" = WLAN Monitor
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.0 (Full)
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS) 
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"QuickTime" = QuickTime
"Shockwave" = Shockwave
"TeamViewer 4" = TeamViewer 4
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.11.2009 14:11:15 | Computer Name = SHUKRI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wlcomm.exe, Version 14.0.8098.930, fehlgeschlagenes
 Modul cvasds0.dll, Version 0.0.0.0, Fehleradresse 0x00020615.
 
Error - 18.11.2009 16:20:36 | Computer Name = SHUKRI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wlcomm.exe, Version 14.0.8098.930, fehlgeschlagenes
 Modul cvasds0.dll, Version 0.0.0.0, Fehleradresse 0x00020615.
 
Error - 20.11.2009 13:20:34 | Computer Name = SHUKRI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wlcomm.exe, Version 14.0.8098.930, fehlgeschlagenes
 Modul cvasds0.dll, Version 0.0.0.0, Fehleradresse 0x00020615.
 
Error - 20.11.2009 14:04:14 | Computer Name = SHUKRI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wlcomm.exe, Version 14.0.8098.930, fehlgeschlagenes
 Modul cvasds0.dll, Version 0.0.0.0, Fehleradresse 0x00020615.
 
Error - 20.11.2009 17:05:03 | Computer Name = SHUKRI | Source = Windows Live Messenger | ID = 1000
Description = 
 
Error - 22.11.2009 05:36:38 | Computer Name = SHUKRI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wlcomm.exe, Version 14.0.8098.930, fehlgeschlagenes
 Modul cvasds0.dll, Version 0.0.0.0, Fehleradresse 0x00020615.
 
Error - 22.11.2009 10:41:42 | Computer Name = SHUKRI | Source = Windows Live Messenger | ID = 1000
Description = 
 
Error - 22.11.2009 12:32:24 | Computer Name = SHUKRI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wlcomm.exe, Version 14.0.8098.930, fehlgeschlagenes
 Modul cvasds0.dll, Version 0.0.0.0, Fehleradresse 0x00020615.
 
Error - 25.11.2009 08:51:22 | Computer Name = SHUKRI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msnmsgr.exe, Version 8.5.1235.517, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.12.2009 09:48:25 | Computer Name = SHUKRI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

 

Themen zu MSN Virus
adobe, avg, bho, browseui preloader, dateien, e-mail, explorer, firefox, firewall, helper, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, microsoft, monitor, mozilla, pdf, programme, software, system, temp, uleadburninghelper, usb, virus, virus eingefangen, windows, windows xp


« Virus:TR/Crypt.XPACK.Gen -gelöscht! system sauber? | Suchmaschinen Weiterleitung, Virus nach Formatierung »


Ähnliche Themen: MSN Virus


  1. Virus versenden; virus angriff; virus schützen; rache;
    Log-Analyse und Auswertung - 06.12.2010 (10)
  2. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MSN Virus - Otl logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 16.12.2009 16:54:07 - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Dokumente und Einstellungen\Shukri Bajgora\Desktop Windows XP - MSN Virus...
Archiv
Du betrachtest: MSN Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131