| |
| |||||||
Log-Analyse und Auswertung: Hatte Backddor Trojaner. Jetzt wieder clean?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2010, 01:20
| #1 |
 |  Hatte Backddor Trojaner. Jetzt wieder clean? Nach dem Besuch einer eventuell unseriösen Website, hatte ich füer eine knappe Stunde einen Backdoor Trojaner auf dem Rechner. Dieser äußerte sich in einigen Werbe Popups. Kritische Kennwörter habe ich in dieser Zeit aber keine eingegeben. Auf dem Rechner sind auch keine Kennwörter gespeichert. Habe den Trojaner dann manuell aus der Registry gelöscht und per Systemwiederherstellung mein Vista um 2 Tage zurückgesetzt. Nun scheint alles ok zu sein. Avira meldet auch nach Vollscan keine Auffälligkeiten. Rechner verhält sich unauffällig. Windows-Defender kann auch nichts finden. Zur Sicherheit mal mein hijack Logfile. Bitte mal durchsehen - Danke! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:02:50, on 20.05.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\T-Online\T-Online_Software_6\eMail\Mail.exe C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Michael\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: E-Mail - Verknüpfung.lnk = ? O4 - Startup: Internet - Verknüpfung.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted Zone: hxxp://*.comdirect.de O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} - hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 6352 bytes |
|
20.05.2010, 11:13
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hatte Backddor Trojaner. Jetzt wieder clean? Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
20.05.2010, 12:32
| #3 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? Anbei das Logfile:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4119 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 20.05.2010 13:31:08 mbam-log-2010-05-20 (13-31-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 261520 Laufzeit: 53 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
20.05.2010, 12:38
| #4 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? OTL Logfile Nr. 1: Code:
ATTFilter OTL logfile created on: 20.05.2010 13:35:14 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Michael\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 124,45 Gb Free Space | 41,03% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MICHAEL-PC Current User Name: Michael Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Modules (SafeList) ========== MOD - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.20 02:48:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.20 02:48:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.20 02:48:58 | 000,000,000 | ---D | M] [2009.06.11 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2010.01.09 12:53:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions [2010.01.09 12:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.11 19:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2008.11.03 01:25:00 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com [2009.06.11 12:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009.06.11 12:08:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.06.11 12:08:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.06.11 12:08:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.06.11 12:08:56 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.06.11 12:08:56 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk = File not found O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet - Verknüpfung.lnk = File not found O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([]http in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([brokerage] https in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: luderworld.de ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: salsa-munich.de ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: vcn-online.de ([www] http in Trusted sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{36afcb9c-d0ce-11dd-8d3a-00192148f31e}\Shell\AutoRun\command - "" = L:\Menu.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.20 13:33:35 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2010.05.20 12:36:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes [2010.05.20 12:36:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.20 12:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.20 12:36:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.20 12:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.20 12:33:46 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michael\mbam-setup.exe [2010.05.20 01:00:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Michael\HiJackThis204.exe [9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.20 13:35:34 | 004,718,592 | -HS- | M] () -- C:\Users\Michael\ntuser.dat [2010.05.20 13:33:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2010.05.20 12:39:20 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.20 12:39:20 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.20 12:36:23 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 12:33:50 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michael\mbam-setup.exe [2010.05.20 09:39:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.20 09:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.20 09:39:15 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2010.05.20 02:58:00 | 002,141,787 | -H-- | M] () -- C:\Users\Michael\AppData\Local\IconCache.db [2010.05.20 02:48:53 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010.05.20 02:48:48 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2010.05.20 02:48:37 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2010.05.20 02:48:37 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2010.05.20 02:48:08 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.05.20 01:00:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Michael\HiJackThis204.exe [2010.05.17 03:51:36 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{870eb090-6153-11df-b2a6-00192148f31e}.TMContainer00000000000000000002.regtrans-ms [2010.05.17 03:51:36 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{870eb090-6153-11df-b2a6-00192148f31e}.TMContainer00000000000000000001.regtrans-ms [2010.05.17 03:51:36 | 000,065,536 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{870eb090-6153-11df-b2a6-00192148f31e}.TM.blf [2010.05.15 21:52:45 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.15 21:52:45 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.15 21:52:45 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.15 21:52:45 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.15 21:52:45 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.13 12:01:53 | 000,027,136 | ---- | M] () -- C:\Users\Michael\Documents\EnEV Anforderungsprofil.doc [2010.05.10 17:19:50 | 000,027,648 | ---- | M] () -- C:\Users\Michael\Documents\Noten kopieren.doc [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.20 12:36:23 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 02:48:53 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010.05.20 01:02:05 | 000,006,353 | ---- | C] () -- C:\Users\Michael\hijackthis.log [2010.05.17 03:45:07 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{870eb090-6153-11df-b2a6-00192148f31e}.TMContainer00000000000000000002.regtrans-ms [2010.05.17 03:45:07 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{870eb090-6153-11df-b2a6-00192148f31e}.TMContainer00000000000000000001.regtrans-ms [2010.05.17 03:45:07 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{870eb090-6153-11df-b2a6-00192148f31e}.TM.blf [2010.05.13 12:01:52 | 000,027,136 | ---- | C] () -- C:\Users\Michael\Documents\EnEV Anforderungsprofil.doc [2010.05.10 17:19:50 | 000,027,648 | ---- | C] () -- C:\Users\Michael\Documents\Noten kopieren.doc [2009.06.29 18:15:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.06.29 02:27:01 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.06.29 02:27:01 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.09.09 00:22:08 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2008.05.03 13:35:56 | 000,000,572 | ---- | C] () -- C:\Windows\maxlink.ini [2008.05.03 13:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\OP70.INI [2008.05.03 13:33:56 | 000,000,160 | ---- | C] () -- C:\Windows\pstudio.ini [2008.05.03 13:33:56 | 000,000,028 | ---- | C] () -- C:\Windows\album.ini [2008.05.03 13:33:56 | 000,000,021 | ---- | C] () -- C:\Windows\Ps_setup.ini [2008.03.14 21:43:33 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll [2008.02.04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2005.01.31 08:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:98E9432CBABA8DDD < End of report > |
|
20.05.2010, 12:39
| #5 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? OTL Logfile Nr. 2: Code:
ATTFilter OTL Extras logfile created on: 20.05.2010 13:35:14 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 124,45 Gb Free Space | 41,03% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICHAEL-PC
Current User Name: Michael
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029C73E0-EB04-4AA9-AF43-0759CB94003C}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D48C752-A55E-4054-B8E7-D0F6BC0BDF7F}" = rport=138 | protocol=17 | dir=out | app=system |
"{545C8EF2-F0AB-4D69-8D19-35D951AF8460}" = rport=5357 | protocol=6 | dir=out | app=system |
"{5655151B-AE77-4881-A6C0-42B52F8DA5BB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6DD992EF-BEEE-4584-8366-2F6D4486BA08}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{71C15CBE-BFC8-4E1E-B80B-9E682571CE50}" = lport=137 | protocol=17 | dir=in | app=system |
"{7224B3A1-C15A-4152-B67A-37C981973177}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C531B7A-7EB1-4137-9101-FDEFC6DBD8D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{88B74FC6-390D-4A05-9A3B-749B21734875}" = lport=5358 | protocol=6 | dir=in | app=system |
"{90FE3C21-66C1-46FC-9BB8-12D7B8C14E57}" = lport=138 | protocol=17 | dir=in | app=system |
"{94211404-FCD0-4316-AB51-D5DF073FC3AB}" = lport=5357 | protocol=6 | dir=in | app=system |
"{95C5930D-6D6C-461D-9ADA-462867168A3D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A086AD35-2A61-4654-8E44-3D35629F1962}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{CA3AFDCE-B16A-4B3D-B09B-15CA20473A67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D88B1891-3492-4117-BC2D-A3E8EE20AFD3}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED497DA7-71D0-4983-BD78-5B5C5FA1B10B}" = rport=5358 | protocol=6 | dir=out | app=system |
"{F18C3394-4C09-457E-9AEC-49D2EE625648}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F24C1969-7E17-48A0-AD1B-2F2FB67A4E39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F47814-A9D7-46CB-990B-B751C3FCA4B4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{2B2CAE72-64BA-45E7-9C92-A54DD76CB9B4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2FAFB1C4-299A-40D8-9B1D-C698018A4795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46D5B332-2FA1-488D-BB6B-515E107533A6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{497192D2-55CE-45FC-A1F9-4AF514A3F855}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4FB7DDB5-1F28-4A39-9C7B-D7B0172DB88B}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{6CFCFF4A-C6B0-44CB-9853-D6CA48AB495A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7983C994-5B91-4985-B83C-B443751DA2DE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{8810C902-7228-494F-B60E-B9AA3DC918B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F6BC622-ED30-4053-B6FE-742B17381042}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{95B28802-A0D1-4139-A35E-CD98C6FB511C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{98A9008A-7DFD-45C5-B784-9A990F2BE475}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B7377FC-0FC7-47CE-9E6F-A0C2B819301A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B3B276F7-4312-46CF-9937-BBF6461573B2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE0F151C-A43C-4F9E-97CA-E0172786FCF5}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C6B5A410-9A3E-405D-9B23-6443727AFED0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D5C64B03-905B-4B74-B220-F040F33D863B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0A3F9B07-ED9D-4751-82D3-27212A10B296}C:\users\michael\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{2003EDC3-3F06-42F6-BAE0-A559ADE99858}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{26E09624-F905-4CF6-B73E-455DD9E43C12}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{2AB67F5C-1261-4064-9A04-20B50C37D6EB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3D56AC62-682F-44C2-96E8-A3AD04708ED3}C:\program files\telwell\telwell.exe" = protocol=6 | dir=in | app=c:\program files\telwell\telwell.exe |
"TCP Query User{3D80D73D-7EC8-44BD-AC7A-3645E6B0841D}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{9D92F287-1DB0-48A6-B8C7-9A2FA9353377}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{A474514A-3C79-429F-AD73-A4D30AD8706D}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{CAA7A6F0-B93E-4977-B95C-8EAE581CFFF3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F753BB81-4762-4938-B72E-9FED3EE04538}C:\users\michael\desktop\sendetool.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\sendetool.exe |
"UDP Query User{046922C1-ED80-4FCA-8F1A-0F73DC0B4A74}C:\users\michael\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{0EDD9D9E-6141-4C04-97D0-59EF88299339}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2ED56189-D42E-4087-BDB1-BCA1CA4EB178}C:\program files\telwell\telwell.exe" = protocol=17 | dir=in | app=c:\program files\telwell\telwell.exe |
"UDP Query User{30CBDE1F-4E36-4518-8ADB-8157DCA80792}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{3E2E617C-7E7F-46E5-80D8-9E7ED25594FA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{47E4DFDA-E253-4FD5-B33F-ED0CE82B7A47}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{9E0D64FB-B0A9-48A0-9186-E159DD894656}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{D5FD97DB-DB16-4216-8310-0956F9E20332}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F5128493-BAB3-4E8E-B628-FE2BCA3E8756}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{F820D2B3-263C-4F6A-AB66-10C24E31DC4E}C:\users\michael\desktop\sendetool.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\sendetool.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{46380E56-5EBB-4A95-B3CC-6E4A0744AE40}" = TelWell
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"AVIConverter" = AVIConverter 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bauskript Software 2010-3 Standard" = Bauskript Software 2010-3 Standard
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cradle of Rome" = Cradle of Rome (remove only)
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Video Converter_is1" = Free Video Converter V 1.4
"GMX SMS-Manager" = GMX SMS-Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTTS 2.10" = HTTS 2.10
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Poker Superstars II" = Poker Superstars II (remove only)
"QuicktimeAlt_is1" = QuickTime Alternative 2.6.0
"RarZilla Free Unrar 2.53" = RarZilla Free Unrar 2.53
"RealPlayer 12.0" = RealPlayer
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TelWell" = TelWell
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Sound Editor
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2010 15:52:45 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
Error - 16.05.2010 15:41:55 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
Error - 16.05.2010 21:48:51 | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = Programm msconfig.exe, Version 6.0.6000.20606 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 9a0 Anfangszeit: 01caf562ff5b7b35 Zeitpunkt
der Beendigung: 0
Error - 17.05.2010 05:46:09 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
Error - 17.05.2010 08:42:47 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
Error - 17.05.2010 17:56:57 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
Error - 18.05.2010 04:44:43 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
Error - 18.05.2010 05:14:37 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Mail.exe, Version 6.5.0.2, Zeitstempel 0x4695155c,
fehlerhaftes Modul html.iec, Version 2017.0.0.17037, Zeitstempel 0x4b966033, Ausnahmecode
0xc0000005, Fehleroffset 0x0004d511, Prozess-ID 0xcfc, Anwendungsstartzeit 01caf65e2fe1a80c.
Error - 19.05.2010 05:11:54 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
Error - 19.05.2010 19:06:05 | Computer Name = Michael-PC | Source = WerSvc | ID = 5007
Description =
[ OSession Events ]
Error - 27.03.2008 15:42:56 | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3144
seconds with 60 seconds of active time. This session ended with a crash.
Error - 24.07.2008 09:48:33 | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2543
seconds with 1680 seconds of active time. This session ended with a crash.
Error - 14.10.2008 08:44:03 | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9472
seconds with 240 seconds of active time. This session ended with a crash.
Error - 20.10.2008 20:37:49 | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6055
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.11.2008 14:58:08 | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30894
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.11.2009 14:51:37 | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2831
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2010 21:25:24 | Computer Name = Michael-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12773
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 21.10.2009 04:55:49 | Computer Name = Michael-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
< End of report >
|
|
20.05.2010, 14:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hatte Backddor Trojaner. Jetzt wieder clean? Sieht unauffällig aus. Lass und aber nochmal mit GMER und OSAM nachsehen. Wenn wir durch sein sollten, musst Du Dich unbedingt um Updates kümmern!! Dein Vista hat noch kein einziges gesehen!
__________________ --> Hatte Backddor Trojaner. Jetzt wieder clean? |
|
21.05.2010, 14:04
| #7 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? Danke für's durchsehen! Allerdings Vista und Microsoft Updates: Ich mache sie ständig, bzw. lasse sie automatisch machen. Hab gerade nochmal die entsprechende Funktion in der Systemsteuerung gecheckt! Da waren um die 100 installierte Updates angezeigt. Ich verstehe daher nicht, wieso ich da noch nichts installiert haben soll. Bitte um Aufklärung, Danke! |
|
21.05.2010, 19:17
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hatte Backddor Trojaner. Jetzt wieder clean?Zitat:
Machst Du noch die Logs mit GMER und OSAM?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.05.2010, 19:47
| #9 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? Hab jetzt schon unzählige Male versucht, mit GMER zu scannen. Leider führt das auf meinem ansonsten sehr stabilem System zu Systemabstürzen mit bluescreen (hab ich bei Vista vorher noch nie erlebt) oder Einfrieren des Systems, ohne noch auf irgendwelche Eigaben zu regieren. Herunterfahren ist dann nicht mehr möglich, muss dann sogar den Stecker ziehen. Beim nächsten Start kommen dann Meldungen die nach MS DOS aussehen und wo man gefragt wird, ob man normal oder im abgesicherten. Ich habe immer alle anderen Programme vor dem Start von GMER beendet. Virenscanner ist deaktiviert. Bildschirmschoner ist deaktiviert, sogar Monitorabschaltung ist deaktiviert. Habe sogar in den Startordnern alles rausgenommen, was man nicht unbedingt braucht (Windows Defender, Sondkartentreiber...), trotzdem gleiches Resultat. GMER friert das System nach ca. 5 Min ein, beim Scannen von Device\FileSystem\cdfs\cdfs SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Perflib\009 Was kann ich nun tun? |
|
22.05.2010, 21:23
| #10 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? Ich geb's auf mit GMER. Egal was ich noch alles deaktiviere, auch die Maus nicht berühre, das System stürzt immer ab, wenn GMER läuft. Immer wo anders. Und ich muss immer den Stecker ziehen (schon ca. 10 mal) Hoffentlich nimmt mein System keinen Schaden... Das hier war zuletzt aus dem aufgehängten GMER herauszulesen (beim 8. oder 9. Versuch): Code:
ATTFilter GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-22 22:04:54
Windows 6.0.6000
Running: 8urdi648.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uxtiifow.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7206FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7203B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7202A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7202CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72028AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7203CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72027D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72027CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72026A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [720BC1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [72047F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [720290CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72032179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [720321A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72037F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72037D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3300] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [720683D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
22.05.2010, 21:55
| #11 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? Hier der Report von OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 22:54:28 on 22.05.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {E312764E-7706-43F1-8DAB-FCDD2B1E416D} "SearchSettings Class" - "Vendio Services, Inc." - C:\Program Files\Search Settings\kb127\SearchSettings.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {A796D216-2DE1-4EA8-BABB-FE6E7C959098} "HPSDDX Class" - "Hewlett-Packard Company" - C:\Windows\Downloaded Program Files\sdd.dll / hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\Windows\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab {0F7A9297-7268-11D1-B81A-00A076C01B0A} "{0F7A9297-7268-11D1-B81A-00A076C01B0A}" - ? - (File not found | COM-object registry key not found) / hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {E312764E-7706-43F1-8DAB-FCDD2B1E416D} "SearchSettings Class" - "Vendio Services, Inc." - C:\Program Files\Search Settings\kb127\SearchSettings.dll {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll {22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "E-Mail - Verknüpfung.lnk" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk (Shortcut exists | File not found) "Internet - Verknüpfung.lnk" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet - Verknüpfung.lnk (Shortcut exists | File not found) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
23.05.2010, 21:03
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hatte Backddor Trojaner. Jetzt wieder clean? GMER stürzt auf einigen Systemen leider ab  ie Logs sind aber so unauffällig. Noch Probleme mitm Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2010, 13:02
| #13 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? Danke fürs Hinsehen! Rechner macht keine Probleme mehr. Nur wegen Updates: Ich hab da um die 100 Windows Updates installiert. Automatische Aktualisierung ist auch an. Kann es sein, dass ich die ganzen Updates aus den Service Packs 1 + 2 schon drauf habe, weil diese doch nur eine Zusammenfassung aller verfügbaren Updates sind? |
|
24.05.2010, 14:33
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hatte Backddor Trojaner. Jetzt wieder clean?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2010, 16:41
| #15 |
| | Hatte Backddor Trojaner. Jetzt wieder clean? Ich hab nicht mal das SP1 drauf. Als es rauskam, hat es Microsoft erst mal wieder zurückgezogen, weil es angeblich zu viele bugs enthielt. Danach habe ich die Sache aus den Augen verloren. Also jetzt erst mal SP1 installieren? |
|
| Themen zu Hatte Backddor Trojaner. Jetzt wieder clean? |
| adobe, antivir, antivir guard, avg, avira, backdoor, backdoor trojaner, bho, desktop, dll, e-mail, email, explorer, helper, hijack, hijackthis, internet, internet explorer, pdf, plug-in, registry, rundll, senden, sicherheit, software, trojaner, vista, windows-defender, wörter |
Linear-Darstellung
