| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner sdra64Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.07.2010, 09:56
| #1 |
| |  Trojaner sdra64 Habe mir den Trojaner sdra64 eingefangen und es auch gleich bemerkt. Nach Studium hier habe ich alle Gegenmaßnahmen eingeleitet: avast-antivirus, spybot, malwarebytes, ZBOT-Killer. Danach waren alle unerwünschten Einträge im Windows und der Registry verschwunden. PC fährt problemlos rauf und runter. Durchlauf mit GMER hat folgendes ergeben: GMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-07-13 18:50:42
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT spdb.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spdb.sys ZwEnumerateValueKey [0xB7ECE132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89F5A1F8
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
--- --- --- --- --- --- SCANGMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-07-13 19:13:55
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB02046B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0204574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB0204A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB020414C]
SSDT spdb.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spdb.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB020464E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB020408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB02040F0]
SSDT spdb.sys ZwQueryKey [0xB7ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB020476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB020472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB02048AE]
INT 0x62 ? 89FCBBF8
INT 0x63 ? 89F5BBF8
INT 0x73 ? 89FCBBF8
INT 0x73 ? 89FCBBF8
INT 0x73 ? 89FCBBF8
INT 0x94 ? 89DA9F00
INT 0xA4 ? 89F5BBF8
INT 0xB4 ? 89F5BBF8
---- Kernel code sections - GMER 1.0.15 ----
? spdb.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B79D18AC 5 Bytes JMP 89DA94E0
.text ak1snzyo.SYS B6D7A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ak1snzyo.SYS B6D7A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ak1snzyo.SYS B6D7A3C4 3 Bytes [00, 80, 02]
.text ak1snzyo.SYS B6D7A3C9 1 Byte [30]
.text ak1snzyo.SYS B6D7A3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spdb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spdb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spdb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spdb.sys
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ak1snzyo.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spdb.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89F5A1F8
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBPDO-0 89CF41F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89F5C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89F5C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89F5C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89F5C1F8
Device \Driver\usbehci \Device\USBPDO-1 89D8F1F8
Device \Driver\sptd \Device\4166488580 spdb.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume2 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Cdrom \Device\CdRom0 89D8E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Cdrom \Device\CdRom1 89D8E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Cdrom \Device\CdRom2 89D8E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume6 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume7 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\NetBT \Device\NetBt_Wins_Export 88AF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume8 89FCC1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\NetBT \Device\NetbiosSmb 88AF01F8
Device \Driver\nvata \Device\00000085 89F5B1F8
Device \Driver\PCI_PNP7330 \Device\0000005a spdb.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 89CF41F8
Device \Driver\usbehci \Device\USBFDO-1 89D8F1F8
Device \Driver\nvata \Device\NvAta0 89F5B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 884121F8
Device \Driver\nvata \Device\NvAta1 89F5B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 884121F8
Device \Driver\nvata \Device\NvAta2 89F5B1F8
Device \Driver\Ftdisk \Device\FtControl 89FCC1F8
Device \Driver\ak1snzyo \Device\Scsi\ak1snzyo1 89C32500
Device \Driver\ak1snzyo \Device\Scsi\ak1snzyo1Port7Path0Target0Lun0 89C32500
Device \FileSystem\Cdfs \Cdfs 89B12500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x29 0xF5 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0x65 0x3F 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1A 0xBD 0x73 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x29 0xF5 0x6F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0x65 0x3F 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1A 0xBD 0x73 0x68 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL F02F316A61A2957063CF18D0FE6BFEBE49F1F2BDF53C35D3595BB29BC6C290EF8731FA4E5D7BD695C4A09EBEE1C00144DD6425BE163309025D056DB6C168CE3582824E29B5780D4647B5DB805447D5A1F814A7B134332CF95DB6A2AA50052161E6BC039440B206B2817342648CF537CB60D226B80B3361136ECD570E4BA8EF523BEA16BC1978795C8831E74A897841095CE76C8916D84FFBAA1EB28BD1990E3A898C25609FCD7D9B783D832789AD7675B80CECED188200332FEE7EE3C4D12C20E096F45676E70E19F1D9720612AA3C02C66E3F4515BFE18F9EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA2D97226D213B5558EDD5E5BE2F6E667DCF2B2FD1AC1ABFB9C0ED621215C38769B5AF4CC0DE284443C7B270062C05EB7CF22039D068F22C6514D388FE3A405AF72287F6E62362DAE76F7DCC3258C9745E2912F57A743539275650F0F99A08AB7771D845D9973584DD541823EB704F3ED0FF5B7C4C71D26C76FC6B23D0A9994C71EFE4ED99B0959CB7917766F3DDF6BEC4128324768BB565399028C7BB1B8449DCC3A3D64004B55D7F4DBAD9A0CBCC802DBA54882BC277425414C9AECC28B0FFADFDAC243147146A4511AAF462F1BAAF0328F37DFAAC7E3B22801F07D2006BCA5259567015B967
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes
File C:\WINDOWS\system32\wbem\Logs\wbemcore.log (size mismatch) 25729/25820 bytes
---- EOF - GMER 1.0.15 ----
--- --- --- --- --- --- Kann ich nun davon ausgehen, dass mein Rechner sauber ist oder soll ich doch platt machen und neuinstallieren? Danke im voraus für die Hilfe Geändert von harrybell (14.07.2010 um 10:20 Uhr) |
|
14.07.2010, 19:03
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner sdra64Zitat:
__________________ |
|
15.07.2010, 09:31
| #3 |
| | Trojaner sdra64 Hallo Arne,
__________________habe nur noch das Logfile von GERM. Wenn ich die bereits erwähnten Programme laufen lasse, ist alles clean. Was nun ????? Gruß Harald |
|
15.07.2010, 09:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner sdra64 Ich will die von Malwarebytes haben, starte es und schau im Reiter Logdateien /Scan-Berichte nach (Name des Reiters unterschiedlich je nach Malwarebytes-Version und Spracheinstellungen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.07.2010, 14:21
| #5 |
| | Trojaner sdra64 Hallo Arne, Simsalabim, hier der Log der Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4308 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 15.07.2010 14:59:14 mbam-log-2010-07-15 (14-59-14).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 110321 Laufzeit: 3 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Danke und Gruß Harald |
|
15.07.2010, 15:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner sdra64 Das hast Du eben aber erst erstellt durch einen neuen Durchlauf. Ich will die alten Logs sehen!
__________________ --> Trojaner sdra64 |
|
15.07.2010, 17:11
| #7 |
| | Trojaner sdra64 Hallo Arne, hier sind alle Scans vor Bereinigung: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 13.07.2010 14:43:17 mbam-log-2010-07-13 (14-43-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 133116 Laufzeit: 3 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 12 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ----------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4308 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 13.07.2010 14:49:21 mbam-log-2010-07-13 (14-49-21).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 145057 Laufzeit: 3 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Temp\pdfupd.exe (Trojan.Agent) -> Delete on reboot. ----------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4308 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 13.07.2010 16:54:25 mbam-log-2010-07-13 (16-54-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 32990 Laufzeit: 6 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hoffe, das hilft dir weiter. Gruß Harald |
|
15.07.2010, 18:25
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner sdra64 Ok, das hilft schon. Mach mal jetzt Logs mit OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2010, 13:27
| #9 |
| | Trojaner sdra64 Hallo Arne, sorry für die späte Antwort, aber ich war 2 Tage verreist. Hier die gewünschten OLT-Logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.07.2010 14:23:50 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = F:\Downloads\Firefox Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 40,29 Gb Total Space | 20,15 Gb Free Space | 50,02% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 21,07 Gb Free Space | 43,14% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 23,00 Gb Free Space | 47,10% Space Free | Partition Type: NTFS Drive F: | 39,06 Gb Total Space | 13,53 Gb Free Space | 34,63% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,50 Gb Free Space | 97,27% Space Free | Partition Type: NTFS Drive H: | 48,83 Gb Total Space | 1,03 Gb Free Space | 2,10% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,68% Space Free | Partition Type: NTFS Drive J: | 49,08 Gb Total Space | 48,99 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: HARRY Current User Name: Harald NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - F:\Downloads\Firefox\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Avast Antivirus\ashDisp.exe (ALWIL Software) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - F:\Downloads\Firefox\OTL.exe (OldTimer Tools) MOD - C:\Programme\Avast Antivirus\AhJsctNs.dll (ALWIL Software) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/" FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.03.24 19:16:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.29 23:28:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.29 23:28:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.02 12:18:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.03.24 19:16:43 | 000,000,000 | ---D | M] [2010.01.01 23:08:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald\Anwendungsdaten\Mozilla\Extensions [2010.07.15 16:06:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Harald\Anwendungsdaten\Mozilla\Firefox\Profiles\ua54bxwr.default\extensions [2010.01.02 16:47:23 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Harald\Anwendungsdaten\Mozilla\Firefox\Profiles\ua54bxwr.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.05.01 13:50:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Harald\Anwendungsdaten\Mozilla\Firefox\Profiles\ua54bxwr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.07.28 22:58:30 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\Anwendungsdaten\Mozilla\Firefox\Profiles\ua54bxwr.default\searchplugins\winamp-search.xml [2010.01.01 23:30:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.21 11:34:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.21 11:34:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.21 11:34:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.21 11:34:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.21 11:34:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.19 17:15:22 | 000,404,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13983 more lines... O4 - HKLM..\Run: [avast!] C:\Programme\Avast Antivirus\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\ccleaner.exe (Piriform Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.01 21:37:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.18 14:10:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Harald\Recent [2010.07.15 15:07:55 | 000,000,000 | ---D | C] -- C:\Programme\XP-Datenschutz [2010.07.14 14:03:07 | 000,499,712 | ---- | C] (eSage Lab) -- C:\WINDOWS\System32\remover.exe [2010.07.13 14:35:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Harald\Anwendungsdaten\Malwarebytes [2010.07.13 14:35:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.13 14:35:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.13 14:35:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.13 14:35:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.20 10:38:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.06.20 09:28:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll [2010.06.19 20:12:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Harald\Anwendungsdaten\MSN6 [2010.06.19 20:12:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6 [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.18 14:16:24 | 000,002,995 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.07.18 14:14:56 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.07.18 14:10:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.18 14:10:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.18 14:07:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.15 18:31:29 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000005-00231102}.rfx [2010.07.15 18:31:29 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000005-00231102}.rfx [2010.07.15 18:31:29 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000005-00231102}.rfx [2010.07.15 18:30:57 | 012,320,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT [2010.07.15 18:30:57 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Harald\ntuser.ini [2010.07.15 14:59:51 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\Desktop\Bootkit Remover.lnk [2010.07.15 14:58:58 | 000,000,733 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\Desktop\ZBotKiller.lnk [2010.07.14 11:32:15 | 000,057,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\Eigene Dateien\GMER 13072010.doc [2010.07.13 16:24:18 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\Eigene Dateien\Regsich13072010.reg [2010.07.13 14:35:44 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.13 14:00:09 | 000,000,210 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.07.12 18:19:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.07.12 18:19:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.06.25 15:55:31 | 001,089,858 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.25 15:55:31 | 000,483,842 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.25 15:55:31 | 000,461,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.25 15:55:31 | 000,094,926 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.25 15:55:31 | 000,079,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.20 15:27:29 | 000,058,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.20 10:21:17 | 000,524,288 | -HS- | M] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{186dfc70-7c3b-11df-b2d2-c80aa94d0e62}.TMContainer00000000000000000002.regtrans-ms [2010.06.20 10:21:17 | 000,524,288 | -HS- | M] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{186dfc70-7c3b-11df-b2d2-c80aa94d0e62}.TMContainer00000000000000000001.regtrans-ms [2010.06.20 10:21:17 | 000,065,536 | -HS- | M] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{186dfc70-7c3b-11df-b2d2-c80aa94d0e62}.TM.blf [2010.06.19 17:15:22 | 000,404,451 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.19 16:47:56 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Harald\Desktop\Spybot - Search & Destroy.lnk [2010.06.19 15:18:25 | 000,524,288 | -HS- | M] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{0e3cf9d7-7b84-11df-9d3a-c80aa94d0e62}.TMContainer00000000000000000002.regtrans-ms [2010.06.19 15:18:25 | 000,524,288 | -HS- | M] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{0e3cf9d7-7b84-11df-9d3a-c80aa94d0e62}.TMContainer00000000000000000001.regtrans-ms [2010.06.19 15:18:25 | 000,065,536 | -HS- | M] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{0e3cf9d7-7b84-11df-9d3a-c80aa94d0e62}.TM.blf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.15 14:59:16 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald\Desktop\Bootkit Remover.lnk [2010.07.15 14:57:28 | 000,000,733 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald\Desktop\ZBotKiller.lnk [2010.07.13 19:14:25 | 000,057,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald\Eigene Dateien\GMER 13072010.doc [2010.07.13 16:24:18 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\Harald\Eigene Dateien\Regsich13072010.reg [2010.07.13 14:35:44 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.13 14:00:08 | 000,000,210 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.06.20 09:54:51 | 000,524,288 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{186dfc70-7c3b-11df-b2d2-c80aa94d0e62}.TMContainer00000000000000000002.regtrans-ms [2010.06.20 09:54:51 | 000,524,288 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{186dfc70-7c3b-11df-b2d2-c80aa94d0e62}.TMContainer00000000000000000001.regtrans-ms [2010.06.20 09:54:51 | 000,065,536 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{186dfc70-7c3b-11df-b2d2-c80aa94d0e62}.TM.blf [2010.06.19 15:00:33 | 000,524,288 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{0e3cf9d7-7b84-11df-9d3a-c80aa94d0e62}.TMContainer00000000000000000002.regtrans-ms [2010.06.19 15:00:33 | 000,524,288 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{0e3cf9d7-7b84-11df-9d3a-c80aa94d0e62}.TMContainer00000000000000000001.regtrans-ms [2010.06.19 15:00:33 | 000,065,536 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT{0e3cf9d7-7b84-11df-9d3a-c80aa94d0e62}.TM.blf [2010.06.19 15:00:32 | 000,208,384 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT.LOG1 [2010.06.19 15:00:32 | 000,000,000 | -HS- | C] () -- C:\Dokumente und Einstellungen\Harald\NTUSER.DAT.LOG2 [2010.06.06 15:44:06 | 000,001,588 | ---- | C] () -- C:\WINDOWS\debugrcfile.ini [2010.01.17 12:18:31 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll [2010.01.11 10:55:52 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2010.01.11 10:55:52 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2010.01.11 10:55:52 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2010.01.11 10:55:52 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2010.01.11 10:55:52 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2010.01.11 10:55:51 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2010.01.11 10:55:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2010.01.11 10:55:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2010.01.11 10:55:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2010.01.11 10:55:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2010.01.10 18:31:22 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2010.01.10 18:31:22 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2010.01.10 18:29:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll [2010.01.10 18:29:14 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2010.01.10 18:24:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.01.10 18:24:27 | 000,025,976 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.01.10 18:24:14 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.01.06 10:39:53 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini [2010.01.03 11:56:13 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll [2010.01.02 16:25:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.01.02 15:26:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.01.02 00:18:17 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006.06.09 16:20:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys < End of report > ----------------------------------------------------------------------------------- OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.07.2010 14:23:50 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\Downloads\Firefox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,29 Gb Total Space | 20,15 Gb Free Space | 50,02% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 21,07 Gb Free Space | 43,14% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 23,00 Gb Free Space | 47,10% Space Free | Partition Type: NTFS
Drive F: | 39,06 Gb Total Space | 13,53 Gb Free Space | 34,63% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,50 Gb Free Space | 97,27% Space Free | Partition Type: NTFS
Drive H: | 48,83 Gb Total Space | 1,03 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive I: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive J: | 49,08 Gb Total Space | 48,99 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Computer Name: HARRY
Current User Name: Harald
NOT logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe" = C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"I:\Call Of Duty Modern Warfare 2\iw4mp.exe" = I:\Call Of Duty Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp -- File not found
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe" = C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{43C67D92-F56E-4729-8673-9A2D5A6036F8}" = ASUS Utilities
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}" = Dir-It!
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7fb31581-40c9-473f-b1f1-c34b9376704a}" = Nero 9
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allway Sync_is1" = Allway Sync version 10.2.3
"AnyDVD" = AnyDVD
"AudioCS" = Creative Audio-Systemsteuerung
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVD Shrink_is1" = DVD Shrink 3.2
"FormatFactory" = FormatFactory 2.20
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{43C67D92-F56E-4729-8673-9A2D5A6036F8}" = ASUS Utilities
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"JDownloader" = JDownloader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.09
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mp3tag" = Mp3tag v2.45a
"MyDVD" = Softwarenetz MyDVD
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"PC Wizard 2010_is1" = PC Wizard 2010.1.92
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Security Task Manager" = Security Task Manager 1.7
"SysInfo" = Creative-Systeminformationen
"VLC media player" = VLC media player 1.0.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XP-Datenschutz" = XP-Datenschutz
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"zonelink_ERASER_is1" = zoneLINK SystemUp 2009 Eraser
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
Gruß und Danke Harald |
|
18.07.2010, 16:24
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner sdra64Zitat:
Bitte OTL erneut ausführen und Logs posten. Halte Dich genau an die Anleitung.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2010, 18:45
| #11 |
| | Trojaner sdra64 Hallo Arne, habe mich beim 1. Versuch (als normaler User) und jetzt beim 2. Versuch (als Administrator) genau an die Anleitung gehalten. Hier das 2. Ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.07.2010 19:42:48 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\AdminHarry\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 40,29 Gb Total Space | 20,08 Gb Free Space | 49,84% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 21,07 Gb Free Space | 43,14% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 22,60 Gb Free Space | 46,28% Space Free | Partition Type: NTFS Drive F: | 39,06 Gb Total Space | 13,34 Gb Free Space | 34,16% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,50 Gb Free Space | 97,27% Space Free | Partition Type: NTFS Drive H: | 48,83 Gb Total Space | 1,03 Gb Free Space | 2,10% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,68% Space Free | Partition Type: NTFS Drive J: | 49,08 Gb Total Space | 48,99 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: HARRY Current User Name: AdminHarry Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 14 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\AdminHarry\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Avast Antivirus\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Avast Antivirus\ashServ.exe (ALWIL Software) PRC - C:\Programme\Avast Antivirus\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Avast Antivirus\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Avast Antivirus\aswUpdSv.exe (ALWIL Software) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\AdminHarry\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Avast Antivirus\AhJsctNs.dll (ALWIL Software) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (afcdpsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (avast! Antivirus) -- C:\Programme\Avast Antivirus\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Programme\Avast Antivirus\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Programme\Avast Antivirus\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Programme\Avast Antivirus\aswUpdSv.exe (ALWIL Software) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (O&O Defrag) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson PC Suite\SupServ.exe () SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.) SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (EIO) -- C:\WINDOWS\System32\drivers\EIO.sys File not found DRV - (ALSysIO) -- C:\DOKUME~1\Harald\LOKALE~1\Temp\ALSysIO.sys File not found DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software) DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis) DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys (Acronis) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (NVTCP) -- C:\WINDOWS\system32\drivers\nvtcp.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Programme\PowerDVD\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys () DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.03.24 19:16:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.18 19:31:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.29 23:28:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.07.18 19:30:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.03.24 19:16:43 | 000,000,000 | ---D | M] [2010.07.18 19:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Mozilla\Extensions [2010.07.18 19:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Mozilla\Firefox\Profiles\71jlgbqg.default\extensions [2010.07.18 19:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Mozilla\Firefox\Profiles\71jlgbqg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.18 19:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Mozilla\Firefox\Profiles\71jlgbqg.default\extensions\staged-xpis [2010.01.01 23:30:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.21 11:34:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.21 11:34:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.21 11:34:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.21 11:34:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.21 11:34:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.19 17:15:22 | 000,404,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13983 more lines... O4 - HKLM..\Run: [avast!] C:\Programme\Avast Antivirus\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.01 21:37:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2010.07.18 19:43:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Macromedia [2010.07.18 19:43:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Adobe [2010.07.18 19:33:57 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\OTL.exe [2010.07.18 19:33:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Eigene Dateien\Downloads [2010.07.18 19:31:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.07.18 19:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Talkback [2010.07.18 19:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Lokale Einstellungen\Anwendungsdaten\Thunderbird [2010.07.18 19:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Thunderbird [2010.07.18 19:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Mozilla [2010.07.15 15:07:55 | 000,000,000 | ---D | C] -- C:\Programme\XP-Datenschutz [2010.07.15 15:06:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.14 14:18:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Identities [2010.07.14 14:18:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Eigene Dateien\Eigene Musik [2010.07.14 14:18:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Eigene Dateien [2010.07.14 14:18:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Eigene Dateien\Eigene Bilder [2010.07.14 14:18:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.07.14 14:18:09 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten\Microsoft [2010.07.14 14:18:09 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\AdminHarry\Cookies [2010.07.14 14:18:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\AdminHarry\SendTo [2010.07.14 14:18:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Recent [2010.07.14 14:18:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Anwendungsdaten [2010.07.14 14:18:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Startmenü [2010.07.14 14:18:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Favoriten [2010.07.14 14:18:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Vorlagen [2010.07.14 14:18:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Netzwerkumgebung [2010.07.14 14:18:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Lokale Einstellungen [2010.07.14 14:18:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Druckumgebung [2010.07.14 14:18:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\AdminHarry\Desktop [2010.07.14 14:03:07 | 000,499,712 | ---- | C] (eSage Lab) -- C:\WINDOWS\System32\remover.exe [2010.07.13 14:35:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.13 14:35:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.13 14:35:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.13 14:35:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010.07.18 19:33:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\OTL.exe [2010.07.18 19:27:45 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.07.18 16:30:33 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000005-00231102}.rfx [2010.07.18 16:30:33 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000005-00231102}.rfx [2010.07.18 16:30:33 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000005-00231102}.rfx [2010.07.18 14:16:24 | 000,002,995 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.07.18 14:15:15 | 001,048,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\AdminHarry\NTUSER.DAT [2010.07.18 14:15:15 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\AdminHarry\ntuser.ini [2010.07.18 14:10:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.18 14:10:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.18 14:07:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.15 18:00:36 | 004,323,264 | -H-- | M] () -- C:\Dokumente und Einstellungen\AdminHarry\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.07.15 15:04:49 | 000,000,376 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\LAN-Verbindung.lnk [2010.07.15 15:03:57 | 000,000,733 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\ZBotKiller.lnk [2010.07.15 15:03:38 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\Rootkit Remover.lnk [2010.07.14 14:18:11 | 000,042,936 | ---- | M] () -- C:\Dokumente und Einstellungen\AdminHarry\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.07.13 14:35:44 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.13 14:00:09 | 000,000,210 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.07.12 18:19:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.07.12 18:19:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.15 15:04:49 | 000,000,376 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\LAN-Verbindung.lnk [2010.07.15 15:02:00 | 000,000,733 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\ZBotKiller.lnk [2010.07.15 15:01:25 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\AdminHarry\Desktop\Rootkit Remover.lnk [2010.07.14 14:18:10 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\AdminHarry\ntuser.ini [2010.07.14 14:18:09 | 001,048,576 | -H-- | C] () -- C:\Dokumente und Einstellungen\AdminHarry\NTUSER.DAT [2010.07.14 14:18:09 | 000,028,672 | -H-- | C] () -- C:\Dokumente und Einstellungen\AdminHarry\NTUSER.DAT.LOG [2010.07.13 14:35:44 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.13 14:00:08 | 000,000,210 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.06.06 15:44:06 | 000,001,588 | ---- | C] () -- C:\WINDOWS\debugrcfile.ini [2010.01.17 12:18:31 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll [2010.01.11 10:55:52 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2010.01.11 10:55:52 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2010.01.11 10:55:52 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2010.01.11 10:55:52 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2010.01.11 10:55:52 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2010.01.11 10:55:51 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2010.01.11 10:55:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2010.01.11 10:55:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2010.01.11 10:55:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2010.01.11 10:55:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2010.01.10 18:31:22 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2010.01.10 18:31:22 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2010.01.10 18:29:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll [2010.01.10 18:29:14 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2010.01.10 18:24:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.01.10 18:24:27 | 000,025,976 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.01.10 18:24:14 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.01.06 10:39:53 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini [2010.01.03 11:56:13 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll [2010.01.02 16:25:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.01.02 15:26:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.01.02 00:18:17 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006.06.09 16:20:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys < End of report > ===================================================== OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.07.2010 19:42:48 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\AdminHarry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,29 Gb Total Space | 20,08 Gb Free Space | 49,84% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 21,07 Gb Free Space | 43,14% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 22,60 Gb Free Space | 46,28% Space Free | Partition Type: NTFS
Drive F: | 39,06 Gb Total Space | 13,34 Gb Free Space | 34,16% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,50 Gb Free Space | 97,27% Space Free | Partition Type: NTFS
Drive H: | 48,83 Gb Total Space | 1,03 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive I: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive J: | 49,08 Gb Total Space | 48,99 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Computer Name: HARRY
Current User Name: AdminHarry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe" = C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"I:\Call Of Duty Modern Warfare 2\iw4mp.exe" = I:\Call Of Duty Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp -- File not found
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe" = C:\Programme\PowerDVD\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{43C67D92-F56E-4729-8673-9A2D5A6036F8}" = ASUS Utilities
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}" = Dir-It!
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7fb31581-40c9-473f-b1f1-c34b9376704a}" = Nero 9
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allway Sync_is1" = Allway Sync version 10.2.3
"AnyDVD" = AnyDVD
"AudioCS" = Creative Audio-Systemsteuerung
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVD Shrink_is1" = DVD Shrink 3.2
"FormatFactory" = FormatFactory 2.20
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{43C67D92-F56E-4729-8673-9A2D5A6036F8}" = ASUS Utilities
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"JDownloader" = JDownloader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.09
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mp3tag" = Mp3tag v2.45a
"MyDVD" = Softwarenetz MyDVD
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"PC Wizard 2010_is1" = PC Wizard 2010.1.92
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Security Task Manager" = Security Task Manager 1.7
"SysInfo" = Creative-Systeminformationen
"VLC media player" = VLC media player 1.0.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XP-Datenschutz" = XP-Datenschutz
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"zonelink_ERASER_is1" = zoneLINK SystemUp 2009 Eraser
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 30.01.2010 18:25:31 | Computer Name = HARRY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOKUMENTE UND EINSTELLUNGEN\HARALD\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\UA54BXWR.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.
Error - 30.01.2010 18:25:31 | Computer Name = HARRY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOKUMENTE UND EINSTELLUNGEN\HARALD\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\UA54BXWR.DEFAULT\PREFS.JS
failed, 00000005.
Error - 30.01.2010 18:25:31 | Computer Name = HARRY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOKUMENTE UND EINSTELLUNGEN\HARALD\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\UA54BXWR.DEFAULT\SESSIONSTORE.JS
failed, 00000005.
Error - 05.04.2010 05:35:07 | Computer Name = HARRY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
M:\FILME\Cash\VIDEO_TS\VTS_01_2.VOB failed, 0000A420.
Error - 15.07.2010 08:59:01 | Computer Name = HARRY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\dllcache\beep.sys failed, 00000005.
Error - 18.07.2010 08:14:11 | Computer Name = HARRY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\dllcache\beep.sys failed, 00000005.
Error - 18.07.2010 08:19:19 | Computer Name = HARRY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\dllcache\beep.sys failed, 00000005.
[ Application Events ]
Error - 13.07.2010 11:49:19 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 9x48eqjr.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul 9x48eqjr.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 11:49:34 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 9x48eqjr.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul 9x48eqjr.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 11:50:13 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 9x48eqjr.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul 9x48eqjr.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 11:56:35 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 9x48eqjr.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul 9x48eqjr.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 12:18:06 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gmer.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul gmer.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 12:18:17 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gmer.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul gmer.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 12:18:26 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gmer.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul gmer.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 12:18:31 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gmer.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul gmer.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 12:18:36 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gmer.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul gmer.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
Error - 13.07.2010 12:18:47 | Computer Name = HARRY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gmer.exe, Version 1.0.15.15281, fehlgeschlagenes
Modul gmer.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.
[ System Events ]
Error - 14.07.2010 04:22:26 | Computer Name = HARRY | Source = Rasman | ID = 20031
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da von
den Medien-DLLs keine Anschlussinformationen gefunden werden konnten. Starten Sie
den Computer neu. Der Anruferpuffer ist zu klein.
Error - 14.07.2010 04:22:27 | Computer Name = HARRY | Source = Service Control Manager | ID = 7024
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem dienstspezifischem
Fehler beendet: 603 (0x25B).
Error - 14.07.2010 04:30:16 | Computer Name = HARRY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 15.07.2010 08:53:12 | Computer Name = HARRY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 15.07.2010 08:53:12 | Computer Name = HARRY | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 15.07.2010 08:55:46 | Computer Name = HARRY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 15.07.2010 09:07:27 | Computer Name = HARRY | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 18.07.2010 08:07:27 | Computer Name = HARRY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.07.2010 08:09:07 | Computer Name = HARRY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.07.2010 08:10:49 | Computer Name = HARRY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
Hoffe, jetzt stimmts. Gruß und schönen Abend Harald |
|
18.07.2010, 19:54
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner sdra64 Sieht unauffällig aus. Noch Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2010, 08:33
| #13 |
| | Trojaner sdra64 Hallo Arne, außer Online-Banking habe ich mich wie üblich im Internet bewegt. Konnte weder beim Hochfahren des PC noch bei Anwendungen oder Internet irgendwelche Merkwürdigkeiten entdecken. Habe auch jeden Tag als erstes Spybot, Malwarebytes, Zbot-Killer und Rootkit Remover laufen lassen und keinerlei Hinweise auf Ungereimtheiten erhalten. Sieht so aus, als ob ich durch das schnelle Gegensteuern nach Infekt und erfolgter Firewall-Deaktivierung noch mal Glück hatte. Oder ???? Gruß Harald |
|
| Themen zu Trojaner sdra64 |
| acronis, ausgehen, avast!, bytes, c:\windows\system32\services.exe, cdrom, code, datei, folge, gegenmaßnahmen, gmer, hal.dll, i8042prt.sys, irql, logfiles, maßnahme, nvidia, programme, rechner, registry, scan, services.exe, software, spybot, system, system32, trojaner, udp, usbport.sys, windows, write |
Linear-Darstellung
