09.04.2010, 09:56
|
#4 |
| |  Mein System ist von einem Trojaner Befallen ( TR/Rootkit.Gen , xintria.sys )
ein extra gabs auch noch :
TEIL 1 Zitat:
OTL Extras logfile created on: 09.04.2010 10:44:16 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,06 Gb Total Space | 21,76 Gb Free Space | 30,19% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 12,70 Gb Free Space | 17,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JANNIK
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"30000:UDP" = 30000:UDP:*:Enabled:winamp
"1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Steam\steamapps\jeepee2004\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\jeepee2004\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Programme\Steam\steamapps\jeepee2004\dedicated server\hlds.exe" = C:\Programme\Steam\steamapps\jeepee2004\dedicated server\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\Programme\ASUS\ASUSUpdate for Eee PC\Update.exe" = C:\Programme\ASUS\ASUSUpdate for Eee PC\Update.exe:*:Enabled:ASUSUpdate -- (ASUSTek Computer Inc.)
"C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe" = C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe:*:Enabled:LiveUpdate -- ()
"C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe" = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe:*:Enabled: SuperHybridEngine -- (ASUSTeK Computer Inc.)
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft)
"C:\Programme\Vypress Tonecast\tonecast.exe" = C:\Programme\Vypress Tonecast\tonecast.exe:*:Enabled:Vypress Tonecast -- (VyPRESS Research, LLC)
"C:\Programme\Vypress Tonecast\receiver.exe" = C:\Programme\Vypress Tonecast\receiver.exe:*:Enabled:Tonecast Receiver -- (VyPRESS Research, LLC)
"C:\Programme\Steam\steamapps\jeepee2004\ricochet\hl.exe" = C:\Programme\Steam\steamapps\jeepee2004\ricochet\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*isabled:VLC media player -- ()
"C:\Programme\Steam\steamapps\jeepee2004\dedicated server\hltv.exe" = C:\Programme\Steam\steamapps\jeepee2004\dedicated server\hltv.exe:*:Enabled:HLTV Launcher -- (Valve)
"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\4000002d500070d45b7622\starcraft.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\4000002d500070d45b7622\starcraft.exe:*:Enabled:starcraft -- File not found
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:enabled:@shell32.dll,-1 -- (Microsoft Corporation)
| und reboot...
|
Baum-Darstellung