| |
| |||||||
Log-Analyse und Auswertung: avira meldet mehrere trojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.08.2010, 22:22
| #13 |
 |  avira meldet mehrere trojaner hi arne, anbei der combofix. hat aber nichts gemeldet... ccleaner hatte ich vorher ausgeführt. OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2010 23:11:56 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\amueller\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,69 Gb Total Space | 21,64 Gb Free Space | 28,22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 28,12 Gb Total Space | 6,38 Gb Free Space | 22,69% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMUELLER-PC Current User Name: amueller Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Lion\Lion.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (bmwebcfg) -- C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.) ========== Driver Services (SafeList) ========== DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\amueller\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (PRISM_ICB) -- C:\Windows\System32\drivers\WG511ICB.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.29 11:50:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.29 11:50:57 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010.08.12 13:47:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKCU..\Run: [Lion] C:\Program Files\Lion\Lion.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: registration.sonystyle-europe.com ([]* in Trusted sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: VMApplet - (control_rundll "sysdm.cpl") - File not found O24 - Desktop WallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg O24 - Desktop BackupWallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.12 23:06:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe [2010.08.12 18:15:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.12 15:42:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.12 13:47:09 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.10 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\amueller\Desktop\vir [2010.08.04 10:28:00 | 000,069,632 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.07.21 20:57:28 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240 [2010.07.18 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\DivX [2010.07.18 18:27:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.07.18 18:26:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.07.18 18:24:19 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.07.18 18:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.14 12:32:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.12 23:12:04 | 002,097,152 | -HS- | M] () -- C:\Users\amueller\NTUSER.DAT [2010.08.12 23:11:51 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.12 23:11:51 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.12 23:00:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.12 19:12:08 | 000,174,592 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller.xls [2010.08.12 19:11:41 | 000,025,088 | ---- | M] () -- C:\Users\amueller\Desktop\Microsoft Word-Dokument (neu).doc [2010.08.12 19:00:03 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000UA.job [2010.08.12 17:00:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000Core.job [2010.08.12 15:13:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.12 13:51:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.08.12 13:51:02 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys [2010.08.12 13:47:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.08.12 13:44:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe [2010.08.10 04:18:11 | 003,228,524 | -H-- | M] () -- C:\Users\amueller\AppData\Local\IconCache.db [2010.08.09 21:28:30 | 001,653,604 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.09 21:28:30 | 000,710,156 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.09 21:28:30 | 000,678,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.09 21:28:30 | 000,142,126 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.09 21:28:30 | 000,129,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.05 20:44:40 | 000,000,600 | ---- | M] () -- C:\Users\amueller\winscp.RND [2010.08.04 10:31:35 | 000,032,594 | ---- | M] () -- C:\Windows\scunin.dat [2010.08.04 10:31:32 | 000,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.08.04 10:31:32 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif [2010.07.30 16:26:48 | 000,055,296 | ---- | M] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT [2010.07.30 15:42:37 | 000,190,976 | ---- | M] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls [2010.07.21 17:23:36 | 000,173,568 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls [4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.11 16:47:38 | 000,025,088 | ---- | C] () -- C:\Users\amueller\Desktop\Microsoft Word-Dokument (neu).doc [2010.08.04 10:28:03 | 000,032,594 | ---- | C] () -- C:\Windows\scunin.dat [2010.08.04 10:28:00 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif [2010.07.30 16:26:46 | 000,055,296 | ---- | C] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT [2010.07.30 15:42:37 | 000,190,976 | ---- | C] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls [2010.07.21 17:21:35 | 000,173,568 | ---- | C] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls [2009.06.26 18:57:50 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini [2008.09.21 15:14:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.10.01 19:16:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll [2007.10.01 19:15:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SimReader.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.01.30 10:00:00 | 000,106,496 | ---- | C] () -- C:\Windows\System32\VSHP1020.DLL [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report >
__________________  action is the enemy of thought |
| Themen zu avira meldet mehrere trojaner |
| 5 minuten, antivir, antivir guard, avg, avira, bho, bonjour, desktop, entfernen, excel, explorer, firewall, google, hijack, hijackthis, internet, internet explorer, langsam, nicht gefunden, nicht sicher, pdf, plug-in, programme, software, super, system, trojane, trojaner, viren, vista, windows |
Baum-Darstellung