|
Log-Analyse und Auswertung: avira meldet mehrere trojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.08.2010, 18:28 | #1 |
| avira meldet mehrere trojaner Hallo, ich bin gerade etwas ratlos. mein antivir hat mir gerade 3-4 viren innerhalb von 5 minuten gemeldet. Ich habe auf entfernen bzw quarantäne gedrückt, bin mir aber nicht sicher ob sich nicht doch etwas größeres manifestiert hat... in letzter zeit fühlt sich mein rechner etwas langsam an, allerdings kann ich nicht sagen woher das kommt. ich nutze zwar keine speicher- oder leistungsintensiven programme, habe aber häufig viele sachen offen.... wär super wenn sich mal jemand mein hjt-log anschauen könnte. vielen dank im voraus. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:17, on 09.08.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Lion\Lion.exe C:\Users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Zeon\DocuCom\PDF Gold 8\bin\PDFPlus.exe C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Capture-A-ScreenShot\Capture-A-ScreenShot.exe C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\amueller\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [Lion] "C:\Program Files\Lion\Lion.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Seite nicht gefunden | Facebook O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\Windows\system32\bmwebcfg.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 4592 bytes viele grüße
__________________ action is the enemy of thought |
09.08.2010, 19:25 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojanerZitat:
Aus den Regeln: 5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe) Fehlen diese Angaben, kann und wird dir hier niemand helfen. Zitat:
Warum hat Dein Vista noch kein einziges Update gesehen?
__________________ |
10.08.2010, 12:07 | #3 |
| avira meldet mehrere trojaner Hallo Arne,
__________________erstmal vielen Dank für die schnelle Antwort. in deiner Antwort war kein link, so dass ich nicht genau weiß welche Anleitung du meinst. Sorry, Vielleicht kann mir aber jemand den link dazu posten? Das mein Vista keine updates zieht wundert mich auch.... woran erkennt man das? Ich habe eigentlich automatische updates aktiviert, mit "manueller" Installation. Und ich muss regelmäßig sogar meinen Rechner nach der Installation des Updates neu starten...(ich habe mal ein screenshot vom Updateverlauf rangehängt..) Ich habe im log von antivir die namen der letzten Funde rausgesucht. da ich avir professional benutze, komme ich vielleicht auch an weitere Informationen ran, aber ich kenne mich auch nicht so gut damit aus... hier die Funde von gestern (gesamte Meldung siehe unten): TR/Crypt.XPACK.Gen BDS/VB.lvn.76 TR/Crypt.PEPM.Gen WORM/SdBot.97792.14 viele grüße und nochmals danke andreas ----------------------------------------------------- Die Datei 'C:\Users\amueller\AppData\Local\temp\xnsmoewrac.exe' enthielt einen Virus oder unerwünschtes Programm 'BDS/VB.lvn.120' [backdoor]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57f0bc78.qua' verschoben! Die Datei 'C:\Users\amueller\AppData\Local\temp\rameosxcnw.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f7993ac.qua' verschoben! Die Datei 'C:\Users\amueller\AppData\Local\temp\cwonrxmesa.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '05b3e689.qua' verschoben! Die Datei 'C:\Users\amueller\AppData\Local\temp\mscanoexrw.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.MWPM.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f7e9622.qua' verschoben!
__________________ |
10.08.2010, 12:15 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
10.08.2010, 15:04 | #5 |
| avira meldet mehrere trojaner anbei der report von malwarebytes. soll ich die objekte entfernen? otl folgt als nächstes... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4412 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 10.08.2010 16:01:34 mbam-log-2010-08-10 (16-01-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Durchsuchte Objekte: 213501 Laufzeit: 1 Stunde(n), 39 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\Last.fm\killer.exe (Worm.Koobface) -> No action taken. C:\Users\amueller\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QIAHATD\secureapp70700[1].exe (Malware.Packer.Gen) -> No action taken. C:\Users\amueller\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QIAHATD\secureapp70700[2].exe (Trojan.Agent.Gen) -> No action taken. C:\Users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240\secureapp70700.exe (Trojan.Agent.Gen) -> No action taken.
__________________ action is the enemy of thought |
10.08.2010, 15:16 | #6 |
| avira meldet mehrere trojaner und hier der otl-scan. Sieht es dolle schlimm aus? otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.08.2010 16:06:03 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\amueller\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,69 Gb Total Space | 17,90 Gb Free Space | 23,34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 28,12 Gb Total Space | 6,38 Gb Free Space | 22,69% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 916,90 Gb Total Space | 838,92 Gb Free Space | 91,50% Space Free | Partition Type: NTFS Computer Name: AMUELLER-PC Current User Name: amueller Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Lion\Lion.exe () PRC - C:\Programme\Lion\browser.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.) PRC - C:\Programme\Zeon\DocuCom\PDF Gold 8\bin\PDFPlus.exe (Zeon Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Capture-A-ScreenShot\Capture-A-ScreenShot.exe () PRC - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Zeon\DocuCom\PDF Gold 8\bin\IEHelp.dll () MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WinHttpAutoProxySvc) -- File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (bmwebcfg) -- C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.) ========== Driver Services (SafeList) ========== DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\amueller\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (PRISM_ICB) -- C:\Windows\System32\drivers\WG511ICB.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.29 11:50:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.29 11:50:57 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKCU..\Run: [Lion] C:\Program Files\Lion\Lion.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: registration.sonystyle-europe.com ([]* in Trusted sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.255.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O24 - Desktop WallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg O24 - Desktop BackupWallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\Shell - "" = AutoRun O33 - MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\Shell\AutoRun\command - "" = D:\starter.exe -- File not found O33 - MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\Shell - "" = AutoRun O33 - MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\Shell\AutoRun\command - "" = D:\starter.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.10 16:05:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe [2010.08.10 13:41:23 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\amueller\Desktop\mbam-setup (1).exe [2010.08.09 19:11:50 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\amueller\Desktop\HiJackThis.exe [2010.08.04 10:28:00 | 000,069,632 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.07.21 20:57:28 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240 [2010.07.20 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\amueller\Desktop\ERGO Direkt Versicherungen – neues Affiliateprogramm » » 100partnerprogramme.de Merchantblog_files [2010.07.18 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\DivX [2010.07.18 18:27:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.07.18 18:26:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.07.18 18:24:19 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.07.18 18:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.14 12:32:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.10 16:09:12 | 002,097,152 | -HS- | M] () -- C:\Users\amueller\NTUSER.DAT [2010.08.10 16:08:57 | 000,008,844 | ---- | M] () -- C:\Users\amueller\Desktop\capture1.jpg [2010.08.10 16:05:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe [2010.08.10 16:00:01 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000UA.job [2010.08.10 15:18:17 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.10 15:18:17 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.10 13:42:16 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.10 13:41:30 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\amueller\Desktop\mbam-setup (1).exe [2010.08.10 11:26:15 | 000,174,592 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller.xls [2010.08.10 11:18:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.10 09:34:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.08.10 09:34:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.10 09:33:51 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys [2010.08.10 04:18:11 | 003,228,524 | -H-- | M] () -- C:\Users\amueller\AppData\Local\IconCache.db [2010.08.09 21:28:30 | 001,653,604 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.09 21:28:30 | 000,710,156 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.09 21:28:30 | 000,678,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.09 21:28:30 | 000,142,126 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.09 21:28:30 | 000,129,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.09 19:11:53 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\amueller\Desktop\HiJackThis.exe [2010.08.05 20:44:40 | 000,000,600 | ---- | M] () -- C:\Users\amueller\winscp.RND [2010.08.04 17:00:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000Core.job [2010.08.04 10:31:35 | 000,032,594 | ---- | M] () -- C:\Windows\scunin.dat [2010.08.04 10:31:32 | 000,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.08.04 10:31:32 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif [2010.08.03 16:03:40 | 175,393,555 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.30 16:26:48 | 000,053,248 | ---- | M] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT [2010.07.30 15:42:37 | 000,190,976 | ---- | M] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls [2010.07.21 17:23:36 | 000,173,568 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls [2010.07.20 18:04:52 | 000,140,376 | ---- | M] () -- C:\Users\amueller\Desktop\ERGO Direkt Versicherungen – neues Affiliateprogramm » » 100partnerprogramme.de Merchantblog.htm [2010.07.20 18:00:59 | 005,092,235 | ---- | M] () -- C:\Users\amueller\Desktop\explido_PMAXX_Banken_Versicherungen_Ausgabe2.pdf [2010.07.13 14:25:29 | 000,015,872 | ---- | M] () -- C:\Users\amueller\Desktop\Microsoft Excel-Arbeitsblatt (neu).xls [4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.10 16:08:57 | 000,008,844 | ---- | C] () -- C:\Users\amueller\Desktop\capture1.jpg [2010.08.10 13:42:16 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.04 10:28:03 | 000,032,594 | ---- | C] () -- C:\Windows\scunin.dat [2010.08.04 10:28:00 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif [2010.07.30 16:26:46 | 000,053,248 | ---- | C] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT [2010.07.30 15:42:37 | 000,190,976 | ---- | C] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls [2010.07.21 17:21:35 | 000,173,568 | ---- | C] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls [2010.07.20 18:04:46 | 000,140,376 | ---- | C] () -- C:\Users\amueller\Desktop\ERGO Direkt Versicherungen – neues Affiliateprogramm » » 100partnerprogramme.de Merchantblog.htm [2010.07.20 18:00:51 | 005,092,235 | ---- | C] () -- C:\Users\amueller\Desktop\explido_PMAXX_Banken_Versicherungen_Ausgabe2.pdf [2009.06.26 18:57:50 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini [2008.09.21 15:14:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.10.01 19:16:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll [2007.10.01 19:15:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SimReader.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.01.30 10:00:00 | 000,106,496 | ---- | C] () -- C:\Windows\System32\VSHP1020.DLL [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report > extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.08.2010 16:06:03 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\amueller\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,69 Gb Total Space | 17,90 Gb Free Space | 23,34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 28,12 Gb Total Space | 6,38 Gb Free Space | 22,69% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 916,90 Gb Total Space | 838,92 Gb Free Space | 91,50% Space Free | Partition Type: NTFS Computer Name: AMUELLER-PC Current User Name: amueller Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l .reg [@ = regfile] -- regedit.exe "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4011D9C3-FB77-4344-8ED1-9D5C3B4F2B8F}" = lport=10243 | protocol=6 | dir=in | app=system | "{58232324-89E0-470E-B1B8-6AC541B87813}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5CD812EA-7048-4136-9BFE-F1B26DEA8A0D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A0D2AE9C-12F0-43A0-9509-B75896AA5EBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C1D0CA49-9E80-4CAB-8B86-C149CEC5AFBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C8E68DE1-6192-406A-BA85-001B225E52ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E9AD8642-1549-466B-90C7-F7B443442466}" = lport=2869 | protocol=6 | dir=in | app=system | "{E9FC29A8-7ADB-4CA9-A90F-F5AB526097F1}" = rport=10243 | protocol=6 | dir=out | app=system | "{FEB2FDD6-FD8E-432A-8983-BE0FD0E17CEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{047637A3-9162-497C-AD00-4E192C9D3734}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0479463D-C244-47AE-BD67-4DE724BBEB69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{10CD8611-1E01-4B4A-A933-7BEAD558031D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{11B3C88F-D02F-490F-8EC8-F1482135E408}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12AEC3BD-E4E3-48A8-A04D-EE1D99C3495D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{19C8835D-CB0A-4709-AABD-473DA0F19520}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1EF094AC-BD72-40B2-BDDE-3B80285E6E20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2354DC83-0062-4370-B727-B910734B10E4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{2BFACA29-0CA1-4DB8-AEB7-C4CCB496444D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D8AA26F-F7DF-410A-BE14-4C96B856E13A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{335B5509-534C-440F-8B17-B23CA8062CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{39A42045-4CB3-4173-8054-83FCEA5E8DFE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{45D69144-037B-4E9E-82BD-54BA68A4DF5A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4918FBD1-3334-42F8-925C-0BE96147E84D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{4C65E4B6-EC95-48AB-8768-D4AC9EA7947E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{5582A334-C17E-42F8-AD0A-E9A73D8BBB1A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{5BE446DA-FDDF-43A0-9A6F-862607ECBFA4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{5E892050-2C0F-4AF7-9B66-23D7F7349708}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6CF61321-1A92-4FE9-9850-6E7DD01D1E76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6F723B26-96C0-46CE-84D7-DD794660BB46}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{717C19FC-2CB9-4248-9B6F-B32CBB623D91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7200FA7D-ACBE-4E80-A80D-30DE52ADAD02}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7593B02B-478E-4537-8E05-A8504520E521}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{773DCAD2-85EC-4117-B3B6-15BF31BC5FF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7C236159-C9D6-4EE7-911C-67280F8FC721}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{836ABB73-1C0F-4507-8799-ED1C4AC42C22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CEF7521-D7BB-495B-9819-697C5B8D9C65}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{975AD229-9909-4C15-9E73-6268171A9408}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9A7C2A46-F1D9-4F99-ACBE-D48F2352D85F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ACA9584B-E198-4C5D-9A39-6A889B057512}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B34238AF-11E1-4F2B-A494-E4162ABB0E9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C169534D-6B18-417D-B3E0-BC0863453E04}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CD44938D-32F4-4D8C-BF23-679071E32154}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CF0F936C-2DB6-4540-857C-867C095C627F}" = protocol=6 | dir=out | app=system | "{D488D1EB-82AE-4A2C-A6CF-CCCA8DEDDFAE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D5F05382-46AC-43AC-9426-8BDD0921C509}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1C0E994-D2E0-4B96-ADBD-6011E0554CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E431A75F-2980-41C3-AF0C-15710FBA3FF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E737330D-4E3D-4130-B361-A9347DFFDC4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ECE87647-B533-4AA2-803C-B7AB982D94C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FF666898-1A89-4EF1-B6CE-17B8D71B9776}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{02A2E34E-AC53-457F-AB1C-E41D03603A86}C:\program files\sony handheld\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\sony handheld\hotsync.exe | "TCP Query User{1928E562-71BD-412E-ACA9-B5B587964629}C:\users\amueller\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\amueller\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{51B2747D-3997-45EE-9E9F-E8CC1230B995}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{535A83F2-A4A0-47DC-9F1D-242A55097DCD}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | "TCP Query User{6C71C942-1173-405A-81CC-C174340FE2DA}C:\program files\sony handheld\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\sony handheld\hotsync.exe | "TCP Query User{78E8F488-D141-4089-AEB3-8D299B8F10C5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{8AF365B5-3822-4A18-B5EB-89088D4722AC}C:\users\amueller\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\amueller\temp\teamviewer\version4\teamviewer.exe | "TCP Query User{ADF1D2BD-773B-4179-B697-4D9D6580CC26}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{3270D369-1A37-4A2D-90C3-5109E807A691}C:\users\amueller\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\amueller\temp\teamviewer\version4\teamviewer.exe | "UDP Query User{4F71EB62-D630-4C92-BDEB-594136BBAC5A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{4FE7CDBF-3B48-4B17-B6E5-8631464AED36}C:\users\amueller\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\amueller\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{564FE6D9-1525-4726-9912-E0F0706A3381}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | "UDP Query User{6B35C44C-9F7C-4CBB-B707-C9AEB2E3CA78}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{A53F5798-57DA-4697-8A55-8C92CE459851}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{B8523725-E0B3-49D6-B571-44D03994BC42}C:\program files\sony handheld\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\sony handheld\hotsync.exe | "UDP Query User{CFDA3250-E20B-43DC-8FD8-2F28D17CC435}C:\program files\sony handheld\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\sony handheld\hotsync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D993950-3A5C-434E-82F8-72E7ADFC3182}" = Shutdown-Manager "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5 "{1ECCE5C7-7C28-4384-8711-90228FCFDFA8}" = Vodafone Mobile Connect "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{2A329709-A0F3-11D0-9501-444553540000}_is1" = PocketMirror (Standard Trial Edition) 4.3.0 "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0CCCBC7-8B52-439F-89D8-91535859C9BB}" = DocuCom PDF Gold 8.1 "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU "{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Professional "Capture-A-ScreenShot_is1" = Capture-A-ScreenShot "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "DivX Setup.divx.com" = DivX-Setup "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Foxit Reader" = Foxit Reader "HijackThis" = HijackThis 2.0.2 "LastFM_is1" = Last.fm 1.5.4.24567 "Lion_is1" = Lion 3.0.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MDI2PDF (Microsoft Office Document Image) Converter_is1" = MDI2PDF 2.5 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "Starcraft" = Starcraft "TeamViewer 4" = TeamViewer 4 "TeamViewer 5" = TeamViewer 5 "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR "winscp3_is1" = WinSCP 3.8 beta "XnView_is1" = XnView 1.96 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10.08.2010 03:54:16 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.08.2010 03:54:16 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2948 Error - 10.08.2010 03:54:16 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2948 Error - 10.08.2010 03:54:17 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.08.2010 03:54:17 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4040 Error - 10.08.2010 03:54:17 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4040 Error - 10.08.2010 03:54:18 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.08.2010 03:54:18 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5210 Error - 10.08.2010 03:54:18 | Computer Name = amueller-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5210 Error - 10.08.2010 05:18:26 | Computer Name = amueller-PC | Source = Avira AntiVir | ID = 4129 Description = Das Update von AMUELLER-PC (127.0.0.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten . Es wurden keine neuen Dateien geladen. [ System Events ] Error - 07.08.2010 20:16:53 | Computer Name = amueller-PC | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00A0D16E582A zugeteilt werden. Der folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 08.08.2010 11:44:27 | Computer Name = amueller-PC | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00FFCF541374 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 09.08.2010 07:20:40 | Computer Name = amueller-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse 0019D28B409D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 09.08.2010 07:24:42 | Computer Name = amueller-PC | Source = BROWSER | ID = 8032 Description = Error - 09.08.2010 15:22:05 | Computer Name = amueller-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.255.33 für die Netzwerkkarte mit der Netzwerkadresse 0019D28B409D wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 09.08.2010 15:22:59 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.08.2010 15:22:59 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7024 Description = Error - 10.08.2010 03:35:48 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10.08.2010 03:35:48 | Computer Name = amueller-PC | Source = Service Control Manager | ID = 7024 Description = Error - 10.08.2010 05:18:33 | Computer Name = amueller-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse 0019D28B409D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report >
__________________ --> avira meldet mehrere trojaner |
10.08.2010, 20:07 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Ja, lt. Anleitung musst Du alle Funde entfernen!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.08.2010, 01:18 | #8 |
| avira meldet mehrere trojaner Hi Arne, erst mal fettes danke für deine hilfe! vor allem für deine präsenz, du bist ja ununterbochem am werkeln... habe alles entfernt. hier die neue logdatei: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4412 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 11.08.2010 02:11:59 mbam-log-2010-08-11 (02-11-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Durchsuchte Objekte: 213501 Laufzeit: 1 Stunde(n), 39 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\Last.fm\killer.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QIAHATD\secureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QIAHATD\secureapp70700[2].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240\secureapp70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. nach den meldungen mache ich mir echt sorgen... wenn du sagst es wäre besser neu aufzusetzen würde ich das auch machen.. ich will auf jeden fall sicher gehen dass das system sauber ist. ich frag mich auch woher die ganzen meldungen kommen. ich bin eigentlich echt sehr vorsichtig...
__________________ action is the enemy of thought |
11.08.2010, 07:29 | #9 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojanerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.08.2010, 13:11 | #10 |
| avira meldet mehrere trojaner hmmm naja, also ich bin nicht scharf drauf neu aufzusetzen, da das doch relativ zeitaufwendig ist... ich kenne mich mit viren und würmern halt nicht so gut aus, und kann daher schwer einschätzen wie "gefährlich" bzw "schädlich" sie sind. wenn du sagst, dass es deiner erfahrung nach ein ganz schlimmer finger ist, der wahrscheinlich das system komplett kompromittiert hat, würde ich eher neu aufsetzen. andernfalls versuche ich die bereinigung. Gruß Andreas
__________________ action is the enemy of thought |
11.08.2010, 13:21 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL SRV - (WinHttpAutoProxySvc) -- File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O33 - MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\Shell - "" = AutoRun O33 - MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\Shell\AutoRun\command - "" = D:\starter.exe -- File not found O33 - MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\Shell - "" = AutoRun O33 - MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\Shell\AutoRun\command - "" = D:\starter.exe -- File not found :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.08.2010, 12:56 | #12 |
| avira meldet mehrere trojaner Hi Arne, anbei das neue log: All processes killed ========== OTL ========== Service WinHttpAutoProxySvc stopped successfully! Service WinHttpAutoProxySvc deleted successfully! File File not found not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:Control_RunDLL "sysdm.cpl" deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:credssp.dll deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75e108fe-7f7b-11de-9463-00a0d16e5feb}\ not found. File D:\starter.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f07231c8-7115-11de-8cf5-00a0d16e5feb}\ not found. File D:\starter.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: amueller ->Temp folder emptied: 9053171 bytes ->Java cache emptied: 62630605 bytes ->Google Chrome cache emptied: 190365376 bytes ->Opera cache emptied: 11300883 bytes ->Flash cache emptied: 261991 bytes User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16587042 bytes RecycleBin emptied: 3019812755 bytes Total Files Cleaned = 3.157,00 mb HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated. OTL by OldTimer - Version 3.2.9.1 log created on 08122010_134709 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Wie siehts aus? Grüße Andreas
__________________ action is the enemy of thought |
12.08.2010, 13:25 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.08.2010, 22:22 | #14 |
| avira meldet mehrere trojaner hi arne, anbei der combofix. hat aber nichts gemeldet... ccleaner hatte ich vorher ausgeführt. OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2010 23:11:56 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\amueller\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,69 Gb Total Space | 21,64 Gb Free Space | 28,22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 28,12 Gb Total Space | 6,38 Gb Free Space | 22,69% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMUELLER-PC Current User Name: amueller Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\amueller\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Lion\Lion.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\amueller\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (bmwebcfg) -- C:\Windows\System32\bmwebcfg.exe (Bytemobile, Inc.) ========== Driver Services (SafeList) ========== DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\amueller\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (PRISM_ICB) -- C:\Windows\System32\drivers\WG511ICB.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.29 11:50:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.29 11:50:57 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010.08.12 13:47:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKCU..\Run: [Lion] C:\Program Files\Lion\Lion.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: registration.sonystyle-europe.com ([]* in Trusted sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: VMApplet - (control_rundll "sysdm.cpl") - File not found O24 - Desktop WallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg O24 - Desktop BackupWallPaper: C:\Users\amueller\Pictures\explodingdog\capture1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.12 23:06:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe [2010.08.12 18:15:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.12 15:42:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.12 13:47:09 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.10 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\amueller\Desktop\vir [2010.08.04 10:28:00 | 000,069,632 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.07.21 20:57:28 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240 [2010.07.18 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\amueller\AppData\Roaming\DivX [2010.07.18 18:27:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.07.18 18:26:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.07.18 18:24:19 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.07.18 18:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.14 12:32:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.12 23:12:04 | 002,097,152 | -HS- | M] () -- C:\Users\amueller\NTUSER.DAT [2010.08.12 23:11:51 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.12 23:11:51 | 000,004,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.12 23:00:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.12 19:12:08 | 000,174,592 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller.xls [2010.08.12 19:11:41 | 000,025,088 | ---- | M] () -- C:\Users\amueller\Desktop\Microsoft Word-Dokument (neu).doc [2010.08.12 19:00:03 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000UA.job [2010.08.12 17:00:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000Core.job [2010.08.12 15:13:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.12 13:51:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.08.12 13:51:02 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys [2010.08.12 13:47:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.08.12 13:44:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\amueller\Desktop\OTL.exe [2010.08.10 04:18:11 | 003,228,524 | -H-- | M] () -- C:\Users\amueller\AppData\Local\IconCache.db [2010.08.09 21:28:30 | 001,653,604 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.09 21:28:30 | 000,710,156 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.09 21:28:30 | 000,678,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.09 21:28:30 | 000,142,126 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.09 21:28:30 | 000,129,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.05 20:44:40 | 000,000,600 | ---- | M] () -- C:\Users\amueller\winscp.RND [2010.08.04 10:31:35 | 000,032,594 | ---- | M] () -- C:\Windows\scunin.dat [2010.08.04 10:31:32 | 000,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.08.04 10:31:32 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif [2010.07.30 16:26:48 | 000,055,296 | ---- | M] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT [2010.07.30 15:42:37 | 000,190,976 | ---- | M] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls [2010.07.21 17:23:36 | 000,173,568 | ---- | M] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls [4 C:\Users\amueller\Desktop\*.tmp files -> C:\Users\amueller\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.11 16:47:38 | 000,025,088 | ---- | C] () -- C:\Users\amueller\Desktop\Microsoft Word-Dokument (neu).doc [2010.08.04 10:28:03 | 000,032,594 | ---- | C] () -- C:\Windows\scunin.dat [2010.08.04 10:28:00 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif [2010.07.30 16:26:46 | 000,055,296 | ---- | C] () -- C:\Users\amueller\Desktop\DM_Stellenprofile__Website_Management_FK246.PPT [2010.07.30 15:42:37 | 000,190,976 | ---- | C] () -- C:\Users\amueller\Desktop\Absagen ohne Eintrag 29.07.xls [2010.07.21 17:21:35 | 000,173,568 | ---- | C] () -- C:\Users\amueller\Desktop\Stundenabrechnung 2010 Andreas Müller pausenkorrektur.xls [2009.06.26 18:57:50 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini [2008.09.21 15:14:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.10.01 19:16:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll [2007.10.01 19:15:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SimReader.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.01.30 10:00:00 | 000,106,496 | ---- | C] () -- C:\Windows\System32\VSHP1020.DLL [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report >
__________________ action is the enemy of thought |
13.08.2010, 07:30 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Das ist kein CF-Log...
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu avira meldet mehrere trojaner |
5 minuten, antivir, antivir guard, avg, avira, bho, bonjour, desktop, entfernen, excel, explorer, firewall, google, hijack, hijackthis, internet, internet explorer, langsam, nicht gefunden, nicht sicher, pdf, plug-in, programme, software, super, system, trojane, trojaner, viren, vista, windows |