| |
| |||||||
Log-Analyse und Auswertung: Funny UST Scandal.avi.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.05.2010, 10:18
| #1 |
 |  Funny UST Scandal.avi.exe Hallo zusammen, ich hatte auf dem Computer einer Bekannten den o.g Virus (Win32:AutoRun_RW) gefunden. Nachdem ich ihn (hoffentlich) entfernt habe und nach den Vorgaben den CCleaner, MAM und RSIT benutzt habe, hier mal das letzte .log File Ich hoffe dass jetzt alles sauber ist und bedanke mich schon mal im Voraus für eure Mühe. RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random) Run by *xxx* at 2010-05-31 11:06:31 Microsoft Windows XP Professional Service Pack 3 System drive C: has 192 GB (82%) free of 234 GB Total RAM: 1022 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:06:36, on 31.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\VM_STI.EXE C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\MioNet\MioNetManager.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Programme\MioNet\jvm\bin\MioNet.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Programme\Brother\Brmfcmon\BrMfcmon.exe C:\Programme\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Monika\Desktop\Viren-Programme\RSIT.exe C:\Programme\trend micro\Monika.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: Shell=explorer.exe, killer.exe O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup -product IncrediMail O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Programme\MioNet\MioNetManager.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7931 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-29 278128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-29 814648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-29 278128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584] "SunJavaUpdateSched"=C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-23 339968] "ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] "Corel Photo Downloader"=C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe [2005-08-31 106496] "BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-06-09 40960] "PPort11reminder"=C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528] "BrMfcWnd"=C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-23 663552] "ControlCenter3"=C:\Programme\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536] "ArcSoft Connection Service"=C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232] "zzz_ImInstaller_IncrediMail"=C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe [2010-03-09 583272] "NWEReboot"= [] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Programme\Skype\\Phone\Skype.exe [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] C:\Programme\ICQLite\ICQLite.exe [2006-07-11 3144800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2005-06-10 249856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-06-10 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Runonce] C:\WINDOWS\smss.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-17 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^dlbcserv.lnk] C:\PROGRA~1\DELLPH~1\dlbcserv.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PHOTOfunSTUDIO -viewer-.lnk] C:\PROGRA~1\PANASO~1\PHOTOF~1\PHAUTO~1.EXE [2007-11-16 40960] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart TrayMin300.exe.lnk - C:\Programme\Philips\SPC 200NC PC Camera\TrayMin200.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= scecli scecli [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console" "C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe"="C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81231810-2b90-11df-9681-00123fb918b7}] shell\Autoplay\command - K:\smss.exe shell\AutoRun\command - K:\smss.exe shell\Explore\command - K:\smss.exe shell\Open\command - K:\smss.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}] shell\Autoplay\command - J:\smss.exe shell\AutoRun\command - J:\smss.exe shell\Explore\command - J:\smss.exe shell\Open\command - J:\smss.exe ======File associations====== .reg - edit - .reg - open - "%1" %* .vbs - edit - .vbs - open - "%1" %* ======List of files/folders created in the last 1 months====== 2010-05-31 10:31:23 ----D---- C:\rsit 2010-05-31 10:14:46 ----D---- C:\Programme\CCleaner 2010-05-31 09:44:58 ----D---- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Malwarebytes 2010-05-31 09:44:44 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-05-31 09:44:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-05-30 13:30:28 ----D---- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Ashampoo 2010-05-30 13:24:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo 2010-05-30 13:24:42 ----D---- C:\Programme\Ashampoo 2010-05-30 12:22:57 ----D---- C:\WINDOWS\system32\en-US 2010-05-30 12:22:46 ----D---- C:\Programme\Microsoft.NET 2010-05-30 12:22:35 ----SHD---- C:\Config.Msi 2010-05-30 11:25:42 ----D---- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\XnView 2010-05-30 11:25:28 ----D---- C:\Programme\XnView 2010-05-30 00:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2010-05-30 00:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2010-05-30 00:10:41 ----D---- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\ArcSoft 2010-05-30 00:01:17 ----D---- C:\WINDOWS\pss 2010-05-29 23:55:15 ----D---- C:\Programme\RegCleaner 2010-05-29 23:54:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage 2010-05-29 23:52:50 ----D---- C:\Programme\Trend Micro 2010-05-29 23:39:37 ----D---- C:\WINDOWS\system32\appmgmt 2010-05-29 23:32:26 ----D---- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\skypePM 2010-05-29 23:31:43 ----D---- C:\Programme\Gemeinsame Dateien\Skype 2010-05-29 23:31:34 ----RD---- C:\Programme\Skype 2010-05-29 23:31:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2010-05-29 22:45:06 ----D---- C:\WINDOWS\Prefetch 2010-05-29 22:42:24 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-05-29 22:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-05-29 22:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-05-29 22:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-05-29 22:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-05-29 22:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-05-29 22:41:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-05-29 22:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-05-29 22:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-05-29 22:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-05-29 22:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$ 2010-05-29 22:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-05-29 22:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-05-29 22:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-05-29 22:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-05-29 22:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-05-29 22:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-05-29 22:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-05-29 22:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-05-29 22:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-05-29 22:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-05-29 22:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-05-29 22:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-05-29 22:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-05-29 22:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2010-05-29 22:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-05-29 22:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-05-29 22:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-05-29 22:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2010-05-29 22:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2010-05-29 22:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2010-05-29 22:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-05-29 22:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-05-29 22:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-05-29 22:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-05-29 22:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-05-29 22:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2010-05-29 22:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-05-29 22:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-05-29 22:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-05-29 22:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2010-05-29 22:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2010-05-29 22:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-05-29 22:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-05-29 22:34:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-05-29 22:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-05-29 22:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2010-05-29 22:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2010-05-29 22:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-05-29 22:33:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2010-05-29 22:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2010-05-29 22:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-05-29 22:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2010-05-29 22:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-05-29 22:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-05-29 22:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-05-29 22:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-05-29 22:31:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$ 2010-05-29 22:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-05-29 22:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$ 2010-05-29 22:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2010-05-29 22:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2010-05-29 22:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-05-29 22:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-05-29 22:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-05-29 22:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-05-29 22:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2010-05-29 22:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-05-29 22:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2010-05-29 22:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-05-29 22:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-05-29 22:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2010-05-29 22:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2010-05-29 22:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-05-29 22:15:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-05-29 21:21:47 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-05-29 21:21:40 ----D---- C:\Programme\Alwil Software 2010-05-29 21:21:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software 2010-05-29 20:47:38 ----D---- C:\log 2010-05-29 20:19:19 ----D---- C:\!KillBox 2010-05-29 19:40:34 ----D---- C:\Programme\Panda Security 2010-05-29 19:25:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-05-29 19:25:33 ----D---- C:\Programme\Security Task Manager 2010-05-29 17:44:54 ----D---- C:\WINDOWS\system32\de 2010-05-29 17:44:54 ----D---- C:\WINDOWS\system32\bits 2010-05-29 17:44:54 ----D---- C:\WINDOWS\l2schemas 2010-05-29 17:41:06 ----D---- C:\WINDOWS\network diagnostic 2010-05-29 17:38:35 ----A---- C:\WINDOWS\system32\qmgr.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\samsrv.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\samlib.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\rshx32.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\rastapi.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\rasman.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\rasdlg.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\rasauto.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\rasapi32.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\printui.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\perfctrs.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\olecnv32.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\oleaut32.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\nwprovau.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\ntvdm.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\ntprint.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\ntlsapi.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\ntdll.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\nslookup.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\msv1_0.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\msgsvc.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\mgmtapi.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\lsasrv.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\locator.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\localspl.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\lmhsvc.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\kernel32.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\imagehlp.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\ftp.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\format.com 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\csrsrv.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\comdlg32.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\comctl32.dll 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\cmd.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\cacls.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\autoconv.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\autochk.exe 2010-05-29 17:38:01 ----A---- C:\WINDOWS\system32\advapi32.dll 2010-05-29 17:38:00 ----A---- C:\WINDOWS\system32\setupapi.dll 2010-05-29 17:38:00 ----A---- C:\WINDOWS\system32\sessmgr.exe 2010-05-29 17:38:00 ----A---- C:\WINDOWS\system32\services.exe 2010-05-29 17:38:00 ----A---- C:\WINDOWS\system32\schannel.dll 2010-05-29 17:38:00 ----A---- C:\WINDOWS\system32\scardsvr.exe 2010-05-29 17:38:00 ----A---- C:\WINDOWS\system32\savedump.exe 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\wkssvc.dll 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\win32spl.dll 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\userinit.exe 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\untfs.dll 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\ulib.dll 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\tcpmonui.dll 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\syssetup.dll 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\srvsvc.dll 2010-05-29 17:37:59 ----A---- C:\WINDOWS\system32\smss.exe 2010-05-29 17:37:58 ----A---- C:\WINDOWS\system32\ntoskrnl.exe 2010-05-29 17:37:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe 2010-05-29 17:37:58 ----A---- C:\WINDOWS\system32\HAL.DLL 2010-05-29 17:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-05-29 17:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978542_0$ ======List of files/folders modified in the last 1 months====== 2010-05-31 10:34:22 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-31 10:24:36 ----D---- C:\WINDOWS\Debug 2010-05-31 10:24:36 ----D---- C:\WINDOWS 2010-05-31 10:24:35 ----D---- C:\WINDOWS\Temp 2010-05-31 10:24:35 ----D---- C:\WINDOWS\Minidump 2010-05-31 10:14:46 ----RD---- C:\Programme 2010-05-31 09:44:46 ----D---- C:\WINDOWS\system32\drivers 2010-05-31 08:55:13 ----D---- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Skype 2010-05-31 08:51:08 ----D---- C:\WINDOWS\Registration 2010-05-30 16:55:45 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-05-30 13:16:10 ----RSD---- C:\WINDOWS\assembly 2010-05-30 13:16:10 ----D---- C:\WINDOWS\Microsoft.NET 2010-05-30 12:29:38 ----SHD---- C:\WINDOWS\Installer 2010-05-30 12:29:37 ----D---- C:\WINDOWS\system32 2010-05-30 12:29:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-30 12:28:52 ----D---- C:\WINDOWS\system32\de-DE 2010-05-30 12:27:50 ----D---- C:\WINDOWS\WinSxS 2010-05-30 00:29:30 ----RASH---- C:\boot.ini 2010-05-30 00:29:30 ----A---- C:\WINDOWS\win.ini 2010-05-30 00:29:30 ----A---- C:\WINDOWS\system.ini 2010-05-30 00:18:36 ----HD---- C:\WINDOWS\inf 2010-05-30 00:18:34 ----RSHD---- C:\WINDOWS\system32\dllcache 2010-05-30 00:17:41 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-30 00:17:41 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-30 00:04:19 ----D---- C:\Programme\MioNet 2010-05-29 23:31:43 ----D---- C:\Programme\Gemeinsame Dateien 2010-05-29 22:44:14 ----D---- C:\WINDOWS\system32\Setup 2010-05-29 22:44:14 ----D---- C:\WINDOWS\AppPatch 2010-05-29 22:44:14 ----D---- C:\Programme\Messenger 2010-05-29 22:44:13 ----D---- C:\WINDOWS\system32\wbem 2010-05-29 22:44:13 ----D---- C:\Programme\Gemeinsame Dateien\System 2010-05-29 22:44:12 ----RSD---- C:\WINDOWS\Fonts 2010-05-29 22:41:32 ----D---- C:\Programme\Outlook Express 2010-05-29 22:40:08 ----D---- C:\Programme\Movie Maker 2010-05-29 22:34:36 ----D---- C:\WINDOWS\security 2010-05-29 22:24:32 ----D---- C:\WINDOWS\system32\inetsrv 2010-05-29 22:24:31 ----D---- C:\WINDOWS\ime 2010-05-29 22:24:31 ----D---- C:\WINDOWS\Help 2010-05-29 22:24:15 ----D---- C:\WINDOWS\system32\usmt 2010-05-29 22:24:14 ----D---- C:\Programme\Internet Explorer 2010-05-29 22:24:13 ----D---- C:\WINDOWS\PeerNet 2010-05-29 22:21:41 ----D---- C:\WINDOWS\ServicePackFiles 2010-05-29 22:21:31 ----D---- C:\WINDOWS\system32\Restore 2010-05-29 22:21:31 ----D---- C:\WINDOWS\system32\npp 2010-05-29 22:21:30 ----D---- C:\WINDOWS\msagent 2010-05-29 22:21:28 ----D---- C:\WINDOWS\srchasst 2010-05-29 22:21:28 ----D---- C:\Programme\NetMeeting 2010-05-29 22:21:27 ----D---- C:\WINDOWS\system32\Com 2010-05-29 22:21:24 ----D---- C:\Programme\Windows NT 2010-05-29 22:21:06 ----D---- C:\WINDOWS\system32\oobe 2010-05-29 22:21:04 ----D---- C:\WINDOWS\system 2010-05-29 22:18:09 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-05-29 22:14:57 ----D---- C:\WINDOWS\ehome 2010-05-29 22:05:26 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-29 21:21:53 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-05-29 18:10:18 ----D---- C:\Temp 2010-05-29 17:48:10 ----SD---- C:\WINDOWS\Tasks 2010-05-29 17:30:51 ----D---- C:\Programme\Mozilla Firefox 2010-05-29 17:28:13 ----D---- C:\WINDOWS\system32\FxsTmp 2010-05-15 18:46:17 ----D---- C:\WINDOWS\SoftwareDistribution ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2271] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344] R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-15 180864] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-02-26 91527] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568] R2 ehSched;Media Center-Planerdienst; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-05 311296] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 MioNet;MioNet Service; C:\Programme\MioNet\MioNetManager.exe [2005-07-15 139264] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2010-02-19 135664] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 182768] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 NetSvc;Intel NCS NetService; C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- |
|
31.05.2010, 12:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Funny UST Scandal.avi.exe Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
31.05.2010, 20:52
| #3 | |
| | Funny UST Scandal.avi.exe Hallo cosinus,
__________________erst mal DANKE für die schnelle Antwort von Dir  Hier die log Datei von Malwarebytes: Zitat:
Hier die log Dateien von OTL: [QUOTE][OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2010 21:35:21 - Run 1 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Dokumente und Einstellungen\Monika\Desktop\Viren-Programme Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 556,00 Mb Available Physical Memory | 54,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 228,11 Gb Total Space | 187,18 Gb Free Space | 82,06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MONI Current User Name: Monika Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Monika\Desktop\Viren-Programme\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft) PRC - C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.) PRC - C:\Programme\MioNet\MioNetManager.exe () PRC - C:\Programme\Philips\SPC 200NC PC Camera\TrayMin200.exe () PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\WINDOWS\VM_STI.EXE (BIGDOG) PRC - C:\Programme\MioNet\jvm\bin\MioNet.exe () PRC - C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Monika\Desktop\Viren-Programme\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft) SRV - (MioNet) -- C:\Programme\MioNet\MioNetManager.exe () ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (ZSMC301b) -- C:\WINDOWS\system32\drivers\usbVM31b.sys (VM) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.29 17:30:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.29 17:30:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.09 18:09:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.03.09 17:31:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Mozilla\Extensions [2010.05.31 09:40:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Mozilla\Firefox\Profiles\8imqg2ko.default\extensions [2010.05.30 11:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Mozilla\Firefox\Profiles\8imqg2ko.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.03.09 17:31:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.29 17:30:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.05.29 17:30:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.05.29 17:30:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.05.29 17:30:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.05.29 17:30:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG) O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PPort11reminder] C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe () O4 - HKLM..\Run: [zzz_ImInstaller_IncrediMail] C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\incredimail_install.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TrayMin300.exe.lnk = C:\Programme\Philips\SPC 200NC PC Camera\TrayMin200.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (killer.exe) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\Autoplay\Command - "" = K:\smss.exe -- File not found O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\AutoRun\command - "" = K:\smss.exe -- File not found O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\Explore\Command - "" = K:\smss.exe -- File not found O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\Open\Command - "" = K:\smss.exe -- File not found O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\Autoplay\Command - "" = J:\smss.exe -- File not found O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\AutoRun\command - "" = J:\smss.exe -- File not found O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\Explore\Command - "" = J:\smss.exe -- File not found O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\Open\Command - "" = J:\smss.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.31 10:43:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Monika\Recent [2010.05.31 10:31:23 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.31 10:14:46 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.31 09:44:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Malwarebytes [2010.05.31 09:44:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.31 09:44:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.31 09:44:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.31 09:44:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.30 13:30:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\Ashampoo [2010.05.30 13:24:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Anwendungsdaten\ashampoo [2010.05.30 13:24:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2010.05.30 13:24:42 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo [2010.05.30 12:22:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2010.05.30 12:22:46 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.05.30 12:22:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.05.30 11:25:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\XnView [2010.05.30 11:25:28 | 000,000,000 | ---D | C] -- C:\Programme\XnView [2010.05.30 00:17:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Desktop\Viren-Programme [2010.05.30 00:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\ArcSoft [2010.05.30 00:01:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010.05.29 23:55:15 | 000,000,000 | ---D | C] -- C:\Programme\RegCleaner [2010.05.29 23:54:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2010.05.29 23:52:50 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.29 23:39:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.05.29 23:32:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Anwendungsdaten\skypePM [2010.05.29 23:31:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.05.29 23:31:34 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.05.29 23:31:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [2010.05.29 23:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\DoctorWeb [2010.05.29 22:45:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.05.29 22:15:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.05.29 21:22:03 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010.05.29 21:22:02 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010.05.29 21:22:02 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010.05.29 21:22:01 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010.05.29 21:21:59 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010.05.29 21:21:59 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010.05.29 21:21:59 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010.05.29 21:21:47 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010.05.29 21:21:47 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010.05.29 21:21:40 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2010.05.29 21:21:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.05.29 20:47:38 | 000,000,000 | ---D | C] -- C:\log [2010.05.29 20:19:19 | 000,000,000 | ---D | C] -- C:\!KillBox [2010.05.29 19:41:04 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010.05.29 19:40:34 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.05.29 19:25:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.05.29 19:25:33 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.05.29 17:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010.05.29 17:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2010.05.29 17:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010.05.29 17:41:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010.05.29 17:38:35 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [2010.05.29 17:38:35 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys [2010.05.29 17:38:35 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys [2010.05.29 17:38:01 | 000,737,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll [2010.05.29 17:38:01 | 000,687,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll [2010.05.29 17:38:01 | 000,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe [2010.05.29 17:38:01 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll [2010.05.29 17:38:01 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe [2010.05.29 17:38:01 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe [2010.05.29 17:38:01 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll [2010.05.29 17:38:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll [2010.05.29 17:38:01 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll [2010.05.29 17:38:01 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl [2010.05.29 17:38:01 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll [2010.05.29 17:38:01 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe [2010.05.29 17:38:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll [2010.05.29 17:38:01 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll [2010.05.29 17:38:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe [2010.05.29 17:38:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll [2010.05.29 17:38:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll [2010.05.29 17:38:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll [2010.05.29 17:38:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com [2010.05.29 17:38:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe [2010.05.29 17:38:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll [2010.05.29 17:38:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll [2010.05.29 17:38:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe [2010.05.29 17:37:59 | 001,850,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2010.05.29 17:37:59 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll [2010.05.29 17:37:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll [2010.05.29 17:37:59 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll [2010.05.29 17:37:59 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys [2010.05.29 17:37:59 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll [2010.05.29 17:37:59 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys [2010.05.29 17:37:59 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys [2010.05.29 17:37:59 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2010.05.29 17:37:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys [2010.05.29 17:37:59 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys [2010.05.29 17:37:59 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll [2010.05.29 17:37:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys [2010.05.29 17:37:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys [2010.05.29 17:37:59 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys [2010.05.29 17:37:59 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys [2010.05.29 17:37:58 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2010.05.29 17:37:58 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2010.05.29 17:37:58 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys [2010.05.29 17:37:58 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys [2010.05.29 17:37:58 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2010.05.29 17:37:58 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys [2010.05.29 17:37:58 | 000,134,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL [2010.05.29 17:37:58 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys [2010.05.29 17:37:58 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys [2010.05.29 17:37:58 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys [2010.05.29 17:37:58 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys [2010.05.29 17:37:58 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys [2010.05.29 17:37:58 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys [2010.05.29 17:37:58 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys [2010.05.29 17:37:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys [2010.05.29 17:37:58 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys [2010.05.29 17:37:58 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys [2010.05.29 17:37:58 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys [2010.05.29 17:37:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys [2010.05.29 17:37:58 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys [2010.05.29 17:37:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys [2010.05.15 18:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Monika\Eigene Dateien\Downloads [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [258 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.31 21:31:57 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.31 21:31:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.31 21:31:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.31 21:31:31 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys [2010.05.31 21:30:36 | 003,932,160 | ---- | M] () -- C:\Dokumente und Einstellungen\Monika\NTUSER.DAT [2010.05.31 21:30:36 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Monika\ntuser.ini [2010.05.31 20:31:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.31 10:29:02 | 000,000,166 | ---- | M] () -- C:\Dokumente und Einstellungen\Monika\Eigene Dateien\cc_20100531_102859.reg [2010.05.31 10:28:46 | 000,000,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Monika\Eigene Dateien\cc_20100531_102840.reg [2010.05.31 10:28:24 | 000,114,686 | ---- | M] () -- C:\Dokumente und Einstellungen\Monika\Eigene Dateien\cc_20100531_102759.reg [2010.05.30 14:40:55 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.30 13:24:57 | 000,000,846 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ashampoo Burning Studio 2010.lnk [2010.05.30 12:29:37 | 001,054,928 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.05.30 12:29:37 | 000,472,268 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.05.30 12:29:37 | 000,452,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.05.30 12:29:37 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.05.30 12:29:37 | 000,073,954 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.05.30 11:27:02 | 000,120,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Monika\Desktop\Hijack.jpg [2010.05.30 00:29:30 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.30 00:29:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.30 00:29:30 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2010.05.30 00:05:04 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.29 23:54:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.29 23:41:38 | 000,034,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.05.29 23:32:27 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.05.29 23:31:43 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.05.29 22:47:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.05.29 22:19:06 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.05.29 22:05:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.05.29 21:22:00 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.05.29 17:56:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.05.29 17:56:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.05.06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010.05.06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010.05.06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010.05.06 22:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010.05.06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [258 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.31 10:29:01 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Monika\Eigene Dateien\cc_20100531_102859.reg [2010.05.31 10:28:44 | 000,000,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Monika\Eigene Dateien\cc_20100531_102840.reg [2010.05.31 10:28:03 | 000,114,686 | ---- | C] () -- C:\Dokumente und Einstellungen\Monika\Eigene Dateien\cc_20100531_102759.reg [2010.05.30 13:24:57 | 000,000,846 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ashampoo Burning Studio 2010.lnk [2010.05.30 11:27:02 | 000,120,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Monika\Desktop\Hijack.jpg [2010.05.29 23:32:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.01.23 13:50:19 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Maus2.ini [2009.12.12 15:49:04 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI [2009.11.28 18:27:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\simgrim1.INI [2009.11.22 18:11:09 | 000,001,132 | ---- | C] () -- C:\WINDOWS\compedia.ini [2009.08.23 19:03:55 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009.02.02 19:57:10 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.02.02 19:57:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.02.02 19:53:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009.02.02 19:53:12 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009.02.02 19:52:29 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2009.02.02 19:52:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009.02.02 19:46:43 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008.01.01 17:21:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2008.01.01 17:21:16 | 000,000,211 | ---- | C] () -- C:\WINDOWS\BrzeDemo.ini [2006.12.09 16:11:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.04.19 20:31:59 | 000,001,204 | ---- | C] () -- C:\WINDOWS\disney.ini [2006.01.16 20:33:16 | 000,000,329 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2006.01.16 16:08:50 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F6AFA65A95.sys [2006.01.16 15:56:30 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005.12.29 10:48:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.12.29 10:44:52 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005.12.29 10:21:34 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini [2005.12.29 10:21:06 | 000,000,413 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.08.20 02:52:54 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.08.20 02:34:12 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003323_.tmp.dll [2005.08.20 02:33:56 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003355_.tmp.dll [2005.08.05 16:26:04 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.04.09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini < End of report > /QUOTE] und hier der zweite von OTL OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.05.2010 21:35:22 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Dokumente und Einstellungen\Monika\Desktop\Viren-Programme
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 556,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 228,11 Gb Total Space | 187,18 Gb Free Space | 82,06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MONI
Current User Name: Monika
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe" = C:\Dokumente und Einstellungen\Monika\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer -- (IncrediMail Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{040F1101-E6D4-49A2-8534-DFF9005EFBF5}" = Toggolino Rechenabenteuer
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1D6FB37A-CBCA-11D6-8940-0002A5E32BEF}" = Prosiaczek i Przyjaciele
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A2646FB-7BAC-451B-BF90-4889C4429C5E}" = Philips SPC 200NC PC Camera
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32180A3A-F7F0-4BD9-924A-B3A271DD35AE}" = Caillous Vorschule
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E57A0411-1829-4700-9823-F9E0AC7596D3}" = Schulanfänger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"GratkaEK" = Komputerowa Gratka - Jak Wykurzyæ Smoga
"GratkaMS" = Komputerowa Gratka - Muszelkowe Serce
"GratkaZM" = Komputerowa Gratka - Zaginione Myszki
"ICQLite" = ICQ 5.1
"ie8" = Windows Internet Explorer 8
"Jan Brzechwa" = Jan Brzechwa
"Laura geht in die Schule" = Laura geht in die Schule
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MioNet" = MioNet
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.4)" = Mozilla Thunderbird (2.0.0.4)
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"QuickTime32" = QuickTime for Windows (32-bit)
"Security Task Manager" = Security Task Manager 1.7h
"SIPPS!UninstallKey" = SIPPS
"Unsere lustige Spielesammlung" = Unsere lustige Spielesammlung
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XnView_is1" = XnView 1.97.4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.05.2010 18:22:49 | Computer Name = MONI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 29.05.2010 18:31:23 | Computer Name = MONI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 30.05.2010 06:34:53 | Computer Name = MONI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 30.05.2010 08:21:22 | Computer Name = MONI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 30.05.2010 09:34:16 | Computer Name = MONI | Source = Google Update | ID = 20
Description =
Error - 30.05.2010 10:34:29 | Computer Name = MONI | Source = Google Update | ID = 20
Description =
Error - 31.05.2010 02:51:01 | Computer Name = MONI | Source = Google Update | ID = 20
Description =
Error - 31.05.2010 03:03:06 | Computer Name = MONI | Source = Google Update | ID = 20
Description =
Error - 31.05.2010 14:27:00 | Computer Name = MONI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 31.05.2010 15:31:53 | Computer Name = MONI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 30.05.2010 08:41:56 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:41:58 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:41:59 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:42:00 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:42:01 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:42:04 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:42:05 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:42:09 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:42:10 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 30.05.2010 08:42:11 | Computer Name = MONI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
< End of report >
Hoffe das ich keinen Fehler gemacht habe ... |
|
31.05.2010, 21:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funny UST Scandal.avi.exe Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O20 - HKLM Winlogon: Shell - (killer.exe) - File not found
O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\Autoplay\Command - "" = K:\smss.exe -- File not found
O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\AutoRun\command - "" = K:\smss.exe -- File not found
O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\Explore\Command - "" = K:\smss.exe -- File not found
O33 - MountPoints2\{81231810-2b90-11df-9681-00123fb918b7}\Shell\Open\Command - "" = K:\smss.exe -- File not found
O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\Autoplay\Command - "" = J:\smss.exe -- File not found
O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\AutoRun\command - "" = J:\smss.exe -- File not found
O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\Explore\Command - "" = J:\smss.exe -- File not found
O33 - MountPoints2\{97efed4c-e560-11dd-95dc-00123fb918b7}\Shell\Open\Command - "" = J:\smss.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2010, 13:59
| #5 | |
| | Funny UST Scandal.avi.exe Hallo Arne, hier das gewünschte .log. Wobei ich noch erwähnen möchte, dass ich beim aufspielen des Removal Tools, mit einer SD Karte, auf den PC folgendes erlebte. Da der PC jegliche Installation von Software verweigerte und auch den Firefox beim Aufrufen von Antiviren Software u.ä. wieder beendet wurde, nahm ich eine SD Karte und install. mit meinem Notebook das Tool darauf. Als ich dann die Karte in den Slot des verseuchten PC`s steckte und über den Arbeitsplatz aufrief, war die Datei: "Funny UST Scandal.avi" auch schon drauf und das obwohl ich nur das Removal Tool darauf speicherte  .Daher vermute ich dass manche Files nicht gefunden werden , da die SD Karte ja wieder entfernt wurde... Zitat:
|
|
01.06.2010, 18:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funny UST Scandal.avi.exe Ich hab mit OTL da nur einige Überreste entfernt, wirkliche Schädlingsdateien hab ich da nicht mehr gesehen im Log. Noch Probleme mitm Rechner oder gabs noch weitere Funde in der Zwischenzeit?
__________________ --> Funny UST Scandal.avi.exe |
|
01.06.2010, 22:14
| #7 |
| |  Funny UST Scandal.avi.exe @cosinus, der Rechner läuft im Moment ohne Probleme  Bin mir sicher dass ich das alleine nicht geschafft hätte  EIN DICKES  aus Unterfranken sagt *rafelder* Werde morgen noch mal AVAST drüber laufen lassen und Rückmeldung geben. Falls das überhaupt sinnvoll ist |
|
| Themen zu Funny UST Scandal.avi.exe |
| adobe, antivirus, autorun, avast!, bho, browser, browseui preloader, computer, desktop, downloader, einstellungen, firefox, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, iminstaller, install.exe, internet, internet explorer, logfile, malwarebytes' anti-malware, media center, monitor, mozilla, notification, nt.exe, registry, server, skype.exe, software, studio, system, virus, windows, windows xp |
Linear-Darstellung
