Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
avira meldet mehrere trojaner

avira meldet mehrere trojaner


Log-Analyse und Auswertung: avira meldet mehrere trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.08.2010, 15:16   #1
Mr.Icetea
 
avira meldet mehrere trojaner - Standard

avira meldet mehrere trojaner


und hier der otl-scan. Sieht es dolle schlimm aus?


otl.txt:


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.08.2010 16:06:03 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\amueller\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,69 Gb Total Space | 17,90 Gb Free Space | 23,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 28,12 Gb Total Space | 6,38 Gb Free Space | 22,69% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 916,90 Gb Total Space | 838,92 Gb Free Space | 91,50% Space Free | Partition Type: NTFS
 
Computer Name: AMUELLER-PC
Current User Name: amueller
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lion\Lion.exe ()
PRC - C:\Programme\Lion\browser.exe ()
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.)
PRC - C:\Programme\Zeon\DocuCom\PDF Gold 8\bin\PDFPlus.exe (Zeon Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Capture-A-ScreenShot\Capture-A-ScreenShot.exe ()
PRC - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Zeon\DocuCom\PDF Gold 8\bin\IEHelp.dll ()
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WinHttpAutoProxySvc) --  File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (bmwebcfg) -- C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\amueller\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (PRISM_ICB) -- C:\Windows\System32\drivers\WG511ICB.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.29 11:50:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.29 11:50:57 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [Lion] C:\Program Files\Lion\Lion.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: registration.sonystyle-europe.com ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.255.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O24 - Desktop WallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg
O24 - Desktop BackupWallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\Shell - "" = AutoRun
O33 - MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\Shell\AutoRun\command - "" = D:\starter.exe -- File not found
O33 - MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\Shell - "" = AutoRun
O33 - MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\Shell\AutoRun\command - "" = D:\starter.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.10 16:05:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe
[2010.08.10 13:41:23 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\amueller\Desktop\mbam-setup (1).exe
[2010.08.09 19:11:50 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\amueller\Desktop\HiJackThis.exe
[2010.08.04 10:28:00 | 000,069,632 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe
[2010.07.21 20:57:28 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240
[2010.07.20 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\amueller\Desktop\ERGO Direkt Versicherungen – neues Affiliateprogramm » » 100partnerprogramme.de Merchantblog_files
[2010.07.18 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\DivX
[2010.07.18 18:27:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.07.18 18:26:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.07.18 18:24:19 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.07.18 18:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.07.14 12:32:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.10 16:09:12 | 002,097,152 | -HS- | M] () -- C:\Users\amueller\NTUSER.DAT
[2010.08.10 16:08:57 | 000,008,844 | ---- | M] () -- C:\Users\amueller\Desktop\capture1.jpg
[2010.08.10 16:05:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe
[2010.08.10 16:00:01 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000UA.job
[2010.08.10 15:18:17 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 15:18:17 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 13:42:16 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.10 13:41:30 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\amueller\Desktop\mbam-setup (1).exe
[2010.08.10 11:26:15 | 000,174,592 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller.xls
[2010.08.10 11:18:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.10 09:34:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.08.10 09:34:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.10 09:33:51 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.10 04:18:11 | 003,228,524 | -H-- | M] () -- C:\Users\amueller\AppData\Local\IconCache.db
[2010.08.09 21:28:30 | 001,653,604 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.09 21:28:30 | 000,710,156 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.09 21:28:30 | 000,678,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.09 21:28:30 | 000,142,126 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.09 21:28:30 | 000,129,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.09 19:11:53 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\amueller\Desktop\HiJackThis.exe
[2010.08.05 20:44:40 | 000,000,600 | ---- | M] () -- C:\Users\amueller\winscp.RND
[2010.08.04 17:00:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000Core.job
[2010.08.04 10:31:35 | 000,032,594 | ---- | M] () -- C:\Windows\scunin.dat
[2010.08.04 10:31:32 | 000,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe
[2010.08.04 10:31:32 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif
[2010.08.03 16:03:40 | 175,393,555 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.30 16:26:48 | 000,053,248 | ---- | M] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT
[2010.07.30 15:42:37 | 000,190,976 | ---- | M] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls
[2010.07.21 17:23:36 | 000,173,568 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls
[2010.07.20 18:04:52 | 000,140,376 | ---- | M] () -- C:\Users\amueller\Desktop\ERGO Direkt Versicherungen – neues Affiliateprogramm » » 100partnerprogramme.de Merchantblog.htm
[2010.07.20 18:00:59 | 005,092,235 | ---- | M] () -- C:\Users\amueller\Desktop\explido_PMAXX_Banken_Versicherungen_Ausgabe2.pdf
[2010.07.13 14:25:29 | 000,015,872 | ---- | M] () -- C:\Users\amueller\Desktop\Microsoft Excel-Arbeitsblatt (neu).xls
[4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.10 16:08:57 | 000,008,844 | ---- | C] () -- C:\Users\amueller\Desktop\capture1.jpg
[2010.08.10 13:42:16 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.04 10:28:03 | 000,032,594 | ---- | C] () -- C:\Windows\scunin.dat
[2010.08.04 10:28:00 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif
[2010.07.30 16:26:46 | 000,053,248 | ---- | C] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT
[2010.07.30 15:42:37 | 000,190,976 | ---- | C] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls
[2010.07.21 17:21:35 | 000,173,568 | ---- | C] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls
[2010.07.20 18:04:46 | 000,140,376 | ---- | C] () -- C:\Users\amueller\Desktop\ERGO Direkt Versicherungen – neues Affiliateprogramm » » 100partnerprogramme.de Merchantblog.htm
[2010.07.20 18:00:51 | 005,092,235 | ---- | C] () -- C:\Users\amueller\Desktop\explido_PMAXX_Banken_Versicherungen_Ausgabe2.pdf
[2009.06.26 18:57:50 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2008.09.21 15:14:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.01 19:16:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll
[2007.10.01 19:15:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SimReader.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.01.30 10:00:00 | 000,106,496 | ---- | C] () -- C:\Windows\System32\VSHP1020.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >
--- --- ---




extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.08.2010 16:06:03 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\amueller\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,69 Gb Total Space | 17,90 Gb Free Space | 23,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 28,12 Gb Total Space | 6,38 Gb Free Space | 22,69% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 916,90 Gb Total Space | 838,92 Gb Free Space | 91,50% Space Free | Partition Type: NTFS
 
Computer Name: AMUELLER-PC
Current User Name: amueller
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4011D9C3-FB77-4344-8ED1-9D5C3B4F2B8F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{58232324-89E0-470E-B1B8-6AC541B87813}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5CD812EA-7048-4136-9BFE-F1B26DEA8A0D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0D2AE9C-12F0-43A0-9509-B75896AA5EBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C1D0CA49-9E80-4CAB-8B86-C149CEC5AFBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8E68DE1-6192-406A-BA85-001B225E52ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E9AD8642-1549-466B-90C7-F7B443442466}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E9FC29A8-7ADB-4CA9-A90F-F5AB526097F1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FEB2FDD6-FD8E-432A-8983-BE0FD0E17CEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047637A3-9162-497C-AD00-4E192C9D3734}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0479463D-C244-47AE-BD67-4DE724BBEB69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10CD8611-1E01-4B4A-A933-7BEAD558031D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11B3C88F-D02F-490F-8EC8-F1482135E408}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12AEC3BD-E4E3-48A8-A04D-EE1D99C3495D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19C8835D-CB0A-4709-AABD-473DA0F19520}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EF094AC-BD72-40B2-BDDE-3B80285E6E20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2354DC83-0062-4370-B727-B910734B10E4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{2BFACA29-0CA1-4DB8-AEB7-C4CCB496444D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D8AA26F-F7DF-410A-BE14-4C96B856E13A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{335B5509-534C-440F-8B17-B23CA8062CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39A42045-4CB3-4173-8054-83FCEA5E8DFE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{45D69144-037B-4E9E-82BD-54BA68A4DF5A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4918FBD1-3334-42F8-925C-0BE96147E84D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{4C65E4B6-EC95-48AB-8768-D4AC9EA7947E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{5582A334-C17E-42F8-AD0A-E9A73D8BBB1A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{5BE446DA-FDDF-43A0-9A6F-862607ECBFA4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5E892050-2C0F-4AF7-9B66-23D7F7349708}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6CF61321-1A92-4FE9-9850-6E7DD01D1E76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6F723B26-96C0-46CE-84D7-DD794660BB46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{717C19FC-2CB9-4248-9B6F-B32CBB623D91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7200FA7D-ACBE-4E80-A80D-30DE52ADAD02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7593B02B-478E-4537-8E05-A8504520E521}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{773DCAD2-85EC-4117-B3B6-15BF31BC5FF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C236159-C9D6-4EE7-911C-67280F8FC721}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{836ABB73-1C0F-4507-8799-ED1C4AC42C22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CEF7521-D7BB-495B-9819-697C5B8D9C65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{975AD229-9909-4C15-9E73-6268171A9408}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A7C2A46-F1D9-4F99-ACBE-D48F2352D85F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACA9584B-E198-4C5D-9A39-6A889B057512}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B34238AF-11E1-4F2B-A494-E4162ABB0E9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C169534D-6B18-417D-B3E0-BC0863453E04}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD44938D-32F4-4D8C-BF23-679071E32154}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CF0F936C-2DB6-4540-857C-867C095C627F}" = protocol=6 | dir=out | app=system | 
"{D488D1EB-82AE-4A2C-A6CF-CCCA8DEDDFAE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D5F05382-46AC-43AC-9426-8BDD0921C509}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E1C0E994-D2E0-4B96-ADBD-6011E0554CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E431A75F-2980-41C3-AF0C-15710FBA3FF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E737330D-4E3D-4130-B361-A9347DFFDC4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ECE87647-B533-4AA2-803C-B7AB982D94C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF666898-1A89-4EF1-B6CE-17B8D71B9776}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{02A2E34E-AC53-457F-AB1C-E41D03603A86}C:\program files\sony handheld\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\sony handheld\hotsync.exe | 
"TCP Query User{1928E562-71BD-412E-ACA9-B5B587964629}C:\users\amueller\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\amueller\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{51B2747D-3997-45EE-9E9F-E8CC1230B995}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{535A83F2-A4A0-47DC-9F1D-242A55097DCD}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"TCP Query User{6C71C942-1173-405A-81CC-C174340FE2DA}C:\program files\sony handheld\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\sony handheld\hotsync.exe | 
"TCP Query User{78E8F488-D141-4089-AEB3-8D299B8F10C5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{8AF365B5-3822-4A18-B5EB-89088D4722AC}C:\users\amueller\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\amueller\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{ADF1D2BD-773B-4179-B697-4D9D6580CC26}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{3270D369-1A37-4A2D-90C3-5109E807A691}C:\users\amueller\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\amueller\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{4F71EB62-D630-4C92-BDEB-594136BBAC5A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{4FE7CDBF-3B48-4B17-B6E5-8631464AED36}C:\users\amueller\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\amueller\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{564FE6D9-1525-4726-9912-E0F0706A3381}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"UDP Query User{6B35C44C-9F7C-4CBB-B707-C9AEB2E3CA78}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{A53F5798-57DA-4697-8A55-8C92CE459851}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{B8523725-E0B3-49D6-B571-44D03994BC42}C:\program files\sony handheld\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\sony handheld\hotsync.exe | 
"UDP Query User{CFDA3250-E20B-43DC-8FD8-2F28D17CC435}C:\program files\sony handheld\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\sony handheld\hotsync.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D993950-3A5C-434E-82F8-72E7ADFC3182}" = Shutdown-Manager
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5
"{1ECCE5C7-7C28-4384-8711-90228FCFDFA8}" = Vodafone Mobile Connect
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2A329709-A0F3-11D0-9501-444553540000}_is1" = PocketMirror (Standard Trial Edition) 4.3.0
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0CCCBC7-8B52-439F-89D8-91535859C9BB}" = DocuCom PDF Gold 8.1
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Professional
"Capture-A-ScreenShot_is1" = Capture-A-ScreenShot
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"LastFM_is1" = Last.fm 1.5.4.24567
"Lion_is1" = Lion 3.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDI2PDF (Microsoft Office Document Image) Converter_is1" = MDI2PDF 2.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Starcraft" = Starcraft
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 3.8 beta
"XnView_is1" = XnView 1.96
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.08.2010 03:54:16 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.08.2010 03:54:16 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2948
 
Error - 10.08.2010 03:54:16 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2948
 
Error - 10.08.2010 03:54:17 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.08.2010 03:54:17 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4040
 
Error - 10.08.2010 03:54:17 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4040
 
Error - 10.08.2010 03:54:18 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.08.2010 03:54:18 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210
 
Error - 10.08.2010 03:54:18 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210
 
Error - 10.08.2010 05:18:26 | Computer Name = amueller-PC | Source = Avira AntiVir | ID = 4129
Description = Das Update von AMUELLER-PC (127.0.0.1) ist fehlgeschlagen.  Während 
des Herunterladens ist ein Fehler aufgetreten .  Es wurden keine neuen Dateien geladen.
 
[ System Events ]
Error - 07.08.2010 20:16:53 | Computer Name = amueller-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00A0D16E582A zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 08.08.2010 11:44:27 | Computer Name = amueller-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 00FFCF541374 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 09.08.2010 07:20:40 | Computer Name = amueller-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse
 0019D28B409D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 09.08.2010 07:24:42 | Computer Name = amueller-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 09.08.2010 15:22:05 | Computer Name = amueller-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.255.33 für die Netzwerkkarte mit der Netzwerkadresse
 0019D28B409D wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 09.08.2010 15:22:59 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.08.2010 15:22:59 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 10.08.2010 03:35:48 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.08.2010 03:35:48 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 10.08.2010 05:18:33 | Computer Name = amueller-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse
 0019D28B409D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
--- --- ---
__________________
action is the enemy of thought

Antwort

Themen zu avira meldet mehrere trojaner
5 minuten, antivir, antivir guard, avg, avira, bho, bonjour, desktop, entfernen, excel, explorer, firewall, google, hijack, hijackthis, internet, internet explorer, langsam, nicht gefunden, nicht sicher, pdf, plug-in, programme, software, super, system, trojane, trojaner, viren, vista, windows


« TR/Dropper.Gen und TR/Crypt.CFI.Gen im AntiVir | Auswertung »


Ähnliche Themen: avira meldet mehrere trojaner


  1. Avira meldet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.05.2015 (3)
  2. Windows 8.1: Avira Free Antivirus findet mehrere Viren und Trojaner
    Log-Analyse und Auswertung - 31.03.2015 (11)
  3. Ein großes Dankeschön an schrauber: Windows 8.1: Avira Free Antivirus findet mehrere Viren und Trojaner
    Lob, Kritik und Wünsche - 30.03.2015 (0)
  4. Win7: Avira meldet mehrere Funde und ich habe zwei mal explorer.exe im Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (12)
  5. Asus Netbook mit Windows 8; Avira zeigt mehrere Trojaner u.a. TR/BProtector.Gen
    Log-Analyse und Auswertung - 02.03.2014 (11)
  6. Windows XP: Avira meldet mehrere Trojaner, wurde beim Online Banking auf falsche Seite geleitet...
    Log-Analyse und Auswertung - 09.09.2013 (13)
  7. Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'
    Log-Analyse und Auswertung - 29.05.2013 (7)
  8. Mehrere Trojaner (bublik.I.9 und 10, PWS.Zbot, Ransom.Blocker) von Avira entdeckt!
    Log-Analyse und Auswertung - 12.05.2013 (11)
  9. Mehrere Trojaner von Avira gefunden
    Log-Analyse und Auswertung - 10.04.2013 (7)
  10. AVIRA findet mehrere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (4)
  11. Avira meldet mehrere Infizierungen: u.a. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (3)
  12. Avira meldet mehrere Viren, Dateien in Quarantäne (TR/Crypt.ZPACK.Gen2, EXP/2010-0840.AW.2, JS/Meta)
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (1)
  13. avira meldet mehrere funde mit ADWARE im namen - gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (15)
  14. Mehrere Trojaner innerhalb einer Woche mit Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (21)
  15. Antivir meldet mehrere Viren/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (5)
  16. Avira findet (angeblich) mehrere Trojaner - muss ich mir Sorgen machen?
    Plagegeister aller Art und deren Bekämpfung - 11.03.2010 (24)
  17. avira meldet Trojaner
    Log-Analyse und Auswertung - 18.01.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema avira meldet mehrere trojaner - und hier der otl-scan. Sieht es dolle schlimm aus? otl.txt: OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 10.08.2010 16:06:03 - Run 1 OTL by OldTimer - - avira meldet mehrere trojaner...
Archiv
Du betrachtest: avira meldet mehrere trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131