|
Log-Analyse und Auswertung: Auch Probleme nach antimalware DoktorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.07.2010, 23:26 | #1 |
| Auch Probleme nach antimalware Doktor Hallo, wie ich gesehen habe, habe ich das gleiche Problem, wie auch andere hier: ich hatte mir einen malwaredoktor eingefangen. Diesen scheine ich jetzt zwar vertrieben zu haben, aber dafür funktioniert mein internet explorer gar nicht mehr und mein antivirus Programm (Avira) kann sich nicht mehr updaten. Außerdem stopt mein windows defenser jetzt plötzlich lauter startup Programme, was er früher nicht getan hat (das stört mich weniger) und ich frage mich ob die malware auch wirklich weg ist. So weit die Problembeschreibung, jetzt mal die Tatbestände: Habe eure Anleitung gefolgt und erst rkill.com und danach mit Malwarebytes anti-malware. Schien erst alles gut aber nach erforderlichem Neustart war ein neues "Schutzprogramm" da. Habe den Vorgang wiederholt und dann war alles in Ordnung. Habe dann auch mehrere male CCleaner durchlaufen lassen und die OTL-scan gemacht. Resultate: 1. Mal malwarebyte: Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4362 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 28.07.2010 19:29:46 mbam-log-2010-07-28 (19-29-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 187269 Laufzeit: 3 Stunde(n), 5 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 20 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cekjtsnf (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Spyware.Zbot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\****\AppData\Local\lgbkyohyl\lkeoqdatssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNOUUWYX\sjnvpnidk[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUG6RMJM\bsvqbwql[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\******\AppData\Local\Temp\fFollower.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\*******\AppData\Local\Temp\itse.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\0.14380055554757498.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\1280162344.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\4_pinnew.exe (Trojan.Kryptic) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\6_ldry3no.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\miragge.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\opeFB43.exe (Trojan.Kryptic) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\~TM3690.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwqxk32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\2_load.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\60325cahp25ca2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\iExplore.exe (Trojan.Agent) -> Quarantined and deleted successfully. 2. Mal: Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4362 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 29.07.2010 05:58:39 mbam-log-2010-07-29 (05-58-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 187095 Laufzeit: 2 Stunde(n), 54 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\****\iExplore.exe (Trojan.Agent) -> Quarantined and deleted successfully. und dann schließlich noch der (oder das) Log von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2010 14:06:53 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\kristin\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,00 Mb Total Physical Memory | 225,00 Mb Available Physical Memory | 23,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,46 Gb Total Space | 24,04 Gb Free Space | 48,61% Space Free | Partition Type: NTFS Drive D: | 11,40 Gb Total Space | 4,51 Gb Free Space | 39,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ****** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\k*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (A5AGU) -- C:\Windows\System32\drivers\AGUx86.sys (D-Link Corporation) DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071011.001\IDSvix86.sys (Symantec Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.forestle.org/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.dofair.org/de" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 21:36:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 21:36:26 | 000,000,000 | ---D | M] [2009.07.11 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Mozilla\Extensions [2010.07.29 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x8lofk9c.default\extensions [2010.04.27 11:56:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kristin\AppData\Roaming\Mozilla\Firefox\Profiles\x8lofk9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.20 18:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007.10.03 22:28:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.06.21 05:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll [2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll [2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll [2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll [2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll [2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll [2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll [2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll [2010.04.13 10:42:22 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.13 10:42:22 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.13 10:42:22 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.13 10:42:23 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.13 10:42:23 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ugent.be ([athena] https in Trusted sites) O15 - HKCU\..Trusted Domains: ugent.be ([athenax] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{68df2259-1028-11df-b50c-003005ff650d}\Shell\Autoplay\command - "" = G:\usb_installer.exe -- File not found O33 - MountPoints2\{68df2259-1028-11df-b50c-003005ff650d}\Shell\explore\Command - "" = G:\usb_installer.exe -- File not found O33 - MountPoints2\{68df2259-1028-11df-b50c-003005ff650d}\Shell\Open\Command - "" = G:\usb_installer.exe -- File not found O33 - MountPoints2\{765e205f-5d93-11dd-9816-00a0d1c4e717}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{765e205f-5d93-11dd-9816-00a0d1c4e717}\Shell\explore\Command - "" = C:\Windows\explorer.exe -- [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{765e205f-5d93-11dd-9816-00a0d1c4e717}\Shell\open\Command - "" = C:\Windows\explorer.exe -- [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{87821a97-bd9f-11de-877e-00a0d1c4e717}\Shell\AutoRun\command - "" = WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.29 14:02:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.07.29 06:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.07.29 06:05:46 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\*****\ccsetup234.exe [2010.07.28 12:15:00 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Virus [2010.07.28 12:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.28 05:44:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\lgbkyohyl [2010.07.28 05:44:14 | 000,000,000 | -HSD | C] -- C:\Users\******\AppData\Roaming\lowsec [2010.07.28 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Malwarebytes [2010.07.28 00:16:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.28 00:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.28 00:16:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.28 00:14:44 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\kristin\Desktop\herbert.exe [2010.07.27 23:09:53 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\F7338DD58FB39DF3AA736995116FB9D4 [2010.07.01 23:27:44 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Documents\Mari-Dimi_Hochzeit [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.29 14:03:54 | 002,883,584 | -HS- | M] () -- C:\Users\*******\ntuser.dat [2010.07.29 14:02:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\kristin\Desktop\OTL.exe [2010.07.29 13:55:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 13:55:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.29 13:55:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 06:07:35 | 000,000,810 | ---- | M] () -- C:\Users\kristin\Desktop\CCleaner.lnk [2010.07.29 06:05:58 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\******\ccsetup234.exe [2010.07.28 22:41:03 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.07.28 19:36:11 | 000,363,520 | ---- | M] () -- C:\Users\*****\rkill.com [2010.07.28 19:33:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.28 19:31:15 | 006,291,456 | -H-- | M] () -- C:\Users\kristin\AppData\Local\IconCache.db [2010.07.28 12:15:01 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 11:39:44 | 000,088,576 | ---- | M] () -- C:\Users\kristin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.28 05:56:53 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.28 05:56:53 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.28 05:56:53 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.28 05:43:48 | 000,000,012 | ---- | M] () -- C:\Users\kristin\AppData\Roaming\mbsvil.dat [2010.07.28 00:15:14 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\kristin\Desktop\herbert.exe [2010.07.26 20:50:56 | 000,005,000 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2010.07.24 20:18:31 | 000,027,648 | ---- | M] () -- C:\Users\******\Desktop\Hochzeitsliste_bewerkt2.xls [2010.07.14 12:42:55 | 000,000,402 | ---- | M] () -- C:\Users\******\Desktop\Mari-Dimi_Hochzeit - Shortcut.lnk [2010.07.14 12:42:41 | 000,000,521 | ---- | M] () -- C:\Users\*******\Desktop\Fahrtenlieder - Shortcut.lnk [2010.07.13 21:03:42 | 000,000,949 | ---- | M] () -- C:\Users\********\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.29 06:07:35 | 000,000,810 | ---- | C] () -- C:\Users\******\Desktop\CCleaner.lnk [2010.07.28 19:36:07 | 000,363,520 | ---- | C] () -- C:\Users\******\rkill.com [2010.07.28 12:15:01 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 05:43:47 | 000,000,012 | ---- | C] () -- C:\Users\******\AppData\Roaming\mbsvil.dat [2010.07.27 23:11:32 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.07.24 13:27:34 | 000,027,648 | ---- | C] () -- C:\Users\******\Desktop\Hochzeitsliste_bewerkt2.xls [2010.07.14 12:42:55 | 000,000,402 | ---- | C] () -- C:\Users\******\Desktop\Mari-Dimi_Hochzeit - Shortcut.lnk [2010.07.14 12:42:41 | 000,000,521 | ---- | C] () -- C:\Users\******\Desktop\Fahrtenlieder - Shortcut.lnk [2010.07.13 21:03:42 | 000,000,949 | ---- | C] () -- C:\Users\******\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2009.02.28 03:04:16 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.10.04 12:14:06 | 000,001,732 | ---- | C] () -- C:\Windows\hpdj5700.ini [2007.10.03 19:49:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.03 19:49:33 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2007.12.13 13:04:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\BitTorrent [2010.07.28 03:32:07 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\F7338DD58FB39DF3AA736995116FB9D4 [2009.06.05 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICAClient [2007.10.04 11:56:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\InterVideo [2010.07.28 11:23:58 | 000,000,000 | -HSD | M] -- C:\Users\*******\AppData\Roaming\lowsec [2009.01.05 13:05:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\OpenOffice.org [2007.10.04 21:42:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Template [2007.11.08 23:36:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Voipwise [2010.07.28 19:31:40 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.07.28 22:41:03 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job ========== Purity Check ========== < End of report > und da war dann auch noch ein extra-Log dabei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.07.2010 14:06:53 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\kristin\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,00 Mb Total Physical Memory | 225,00 Mb Available Physical Memory | 23,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,46 Gb Total Space | 24,04 Gb Free Space | 48,61% Space Free | Partition Type: NTFS Drive D: | 11,40 Gb Total Space | 4,51 Gb Free Space | 39,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KRISTIN-PC Current User Name: kristin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A266CFC-9A36-474C-A41A-57BE1DC480D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{9AE50FE5-FD58-414B-801B-CF5EB64CBDD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{F3A901E9-CC88-4EA0-AEE3-B2E0A7A9E99F}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0427DD2D-A34A-4CFB-B1AF-EA2293A133BB}" = protocol=17 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "{07D2E4CF-74DB-416A-8A13-6E1E9CFA57A5}" = protocol=6 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "{4794D813-A601-4243-9A73-D0CEDA663D18}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4C0EE28F-4CD8-4CD6-93F6-5A89D405011B}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe | "{87411EF1-B8DF-4042-B0AF-896322A054FF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{8D243E94-6600-462C-AA0E-5141A20363E2}" = protocol=17 | dir=in | app=c:\program files\cisco systems\vpn client\cvpnd.exe | "{A7986DA5-06BB-48B7-8B0B-02C0F873CAFA}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe | "{B143C72A-2909-4856-B2E9-FAD6366CCDEB}" = protocol=6 | dir=in | app=c:\program files\cisco systems\vpn client\cvpnd.exe | "{D38E07A2-2E0D-44FE-9DED-98E4BB5521C4}" = protocol=6 | dir=out | app=system | "{FE5F8FD2-CECC-4B8C-BDCD-55406D6B1AF0}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "TCP Query User{1EA68CBB-3663-4EC3-8A62-40AC80ECE94A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{32E431AF-161B-4465-90F0-BDEFB706F97C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4FABB058-F4EE-4A8B-B4C5-E82B4407BEF1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{55EF519B-2113-47B9-9B7D-C60578642084}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | "TCP Query User{57A64C90-99B1-4FCE-8E0A-4AE42815EB2F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{AFCC9D5D-DAD3-4597-A854-B6596816BD5D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{C9209A71-5FD7-4FBC-AA49-1E12B3AE1A45}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | "UDP Query User{022F8F42-3487-4DC8-8BCD-B1C1094AA278}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{040D12BD-1742-449F-98DA-A5DD25796F8B}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | "UDP Query User{06DAC7E0-0FC4-4FFC-A558-EC6D49FE5ACB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{22F52ED3-E18A-4FE4-B619-53D4F31E8EFC}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | "UDP Query User{26B52202-5F9F-4B12-BE4E-9F72F3D88B5C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{497CEC4D-831C-4308-B545-C0419DD63E93}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{80605B2C-E3F9-472A-816F-B1A03D5E767C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-003F-0413-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{9763E36A-08E9-4228-BBCE-12989A4EB1A8}" = QuickTime "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E4B7BD2F-FC41-490F-965D-15D93F4FE1A2}" = OpenOffice.org 3.0 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{EC899917-C880-1017-8CB7-B932BD009007}" = DNE Update "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "SynTPDeinstKey" = Synaptics Pointing Device Driver "VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Chrome9 HC IGP Family Windows Vista Display "VIA Chrome9 HC IGP Windows Vista Display" = VIA Display Vista Driver 7.14.10.0060 "VLC media player" = VideoLAN VLC media player 0.8.6i "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "WinRAR archiver" = Compresor WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.04.2010 08:36:27 | Computer Name = ******-PC | Source = Application Error | ID = 1000 Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x4875a34b, faulting module libvlc.dll, version 0.0.0.0, time stamp 0x4875a34b, exception code 0xc0000005, fault offset 0x000176cd, process id 0xff8, application start time 0x01cad4bc6ab5182e. Error - 09.04.2010 08:15:28 | Computer Name = *******-PC | Source = Application Error | ID = 1000 Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x4875a34b, faulting module libvlc.dll, version 0.0.0.0, time stamp 0x4875a34b, exception code 0xc0000005, fault offset 0x00016f10, process id 0xb38, application start time 0x01cad7dd80cb57e9. Error - 20.04.2010 18:04:14 | Computer Name = ******-PC | Source = Application Error | ID = 1000 Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da, faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception code 0xc0000005, fault offset 0x000130b2, process id 0xc04, application start time 0x01cae0c869c9fb6a. Error - 30.04.2010 15:10:30 | Computer Name = ******-PC | Source = Application Error | ID = 1000 Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da, faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception code 0xc0000005, fault offset 0x000130b2, process id 0xdf4, application start time 0x01cae8464fff71da. Error - 08.05.2010 07:52:54 | Computer Name = ******-PC | Source = Application Error | ID = 1000 Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da, faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception code 0xc0000005, fault offset 0x000130b2, process id 0x10c, application start time 0x01caee8c6929dc26. Error - 21.05.2010 04:15:11 | Computer Name = *******-PC | Source = Application Error | ID = 1000 Description = Faulting application wmplayer.exe, version 11.0.6000.6353, time stamp 0x4aa91b5d, faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034, exception code 0xc0000005, fault offset 0x00048d72, process id 0xc58, application start time 0x01caf8b51c2e35ca. Error - 22.05.2010 11:45:32 | Computer Name = *******-PC | Source = Application Error | ID = 1000 Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da, faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception code 0xc0000005, fault offset 0x000130b2, process id 0x7e8, application start time 0x01caf9b6ee42b998. Error - 24.05.2010 16:03:38 | Computer Name = ******-PC | Source = MsiInstaller | ID = 1023 Description = Error - 24.05.2010 16:03:42 | Computer Name = *********-PC | Source = MsiInstaller | ID = 1023 Description = Error - 07.06.2010 15:36:53 | Computer Name = ******-PC | Source = Application Error | ID = 1000 Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da, faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception code 0xc0000005, fault offset 0x000130b2, process id 0xc60, application start time 0x01cb066f99608f70. [ System Events ] Error - 25.07.2010 06:01:35 | Computer Name = *******-PC | Source = DCOM | ID = 10010 Description = Error - 25.07.2010 07:53:58 | Computer Name = *****-PC | Source = DCOM | ID = 10010 Description = Error - 25.07.2010 14:14:02 | Computer Name = ******-PC | Source = DCOM | ID = 10010 Description = Error - 25.07.2010 17:04:09 | Computer Name = *******-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 22:41:57 on 25.07.2010 was unexpected. Error - 25.07.2010 17:49:24 | Computer Name = ******-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 23:45:54 on 25.07.2010 was unexpected. Error - 27.07.2010 17:40:10 | Computer Name = *******-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 23:36:59 on 27.07.2010 was unexpected. Error - 27.07.2010 17:40:20 | Computer Name = ******-PC | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 27.07.2010 17:46:09 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7022 Description = Error - 28.07.2010 05:04:40 | Computer Name = ******-PC | Source = DCOM | ID = 10010 Description = Error - 28.07.2010 12:45:23 | Computer Name = *****-PC | Source = DCOM | ID = 10010 Description = < End of report > es tut mir leid, vielleicht ist bei mir da etwas schief gelaufen, aber dieser log ist so groß, dass er in sehr viele antworten aufgeteilt werden müßte. Ich hab´s auch als Anhang versucht, aber die Datei betrug 2,4 MB und war also auch dafür viel zu groß. Ist dieser Log nötig? Vielen lieben Dank auf jeden Fall schon mal im Vorhinein für eure Hilfe, auch die Anleitung zur Entfernung des antimalware Doktors war super! LG, Kristin |
Themen zu Auch Probleme nach antimalware Doktor |
acroiehelper.dll, anti malware doctor, antimalware, antivirus, appdata, audiodg.exe, avgntflt.sys, avira, ccsetup, components, corp./icp, dateien, explorer, firefox.exe, frage, funktioniert, iexplore.exe, install.exe, internet, internet explorer, load.exe, local\temp, location, malwarebytes, microsoft, microsoft office word, msiinstaller, neustart, nvstor.sys, oldtimer, otl-scan, otl.exe, plug-in, problem, probleme, programdata, programm, programme, rkill.com, saver, sched.exe, searchplugins, shell32.dll, skype.exe, software, start menu, super, torrent.exe, trojan.agent, trojan.fakealert, update, userinit, vlc media player, wiederholt, windows |