| |
| |||||||
Log-Analyse und Auswertung: Trojaner GefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.04.2011, 14:01
| #1 |
 |  Trojaner Gefunden Hallo, auf dem Computer meines Schwiegervaters ist wohl ein Trojaner. Die ursprüngliche Meldung des Virenscanners habe ich leider nicht. Das System hat auch einige Sicherheitslücken - also kein Wunder. Hier die Logs vom Malwarebytes und OTL - und schonmal vielen Dank!! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5363 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 04.04.2011 14:18:28 mbam-log-2011-04-04 (14-18-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 245634 Laufzeit: 37 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\INCG9WP8HQ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\JRMX9X1GML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.04.2011 14:28:35 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\scholz mm\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 232,00 Mb Available Physical Memory | 46,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 35,06 Gb Total Space | 8,70 Gb Free Space | 24,81% Space Free | Partition Type: FAT32 Drive D: | 35,55 Gb Total Space | 19,44 Gb Free Space | 54,69% Space Free | Partition Type: FAT32 Drive E: | 14,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MMSCHOLZ-MOBIL | User Name: scholz mm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH) SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon) DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group) DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.) DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 [2008.06.13 19:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Extensions [2008.06.13 19:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2009.10.07 09:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Firefox\Profiles\b5cp5495.default\extensions [2010.12.27 12:23:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Firefox\Profiles\b5cp5495.default\extensions\ffxtlbr@babylon.com [2007.01.29 15:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.07 09:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.11.20 12:25:16 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2009.03.08 14:12:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [MFARestart] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData\pack\avgrunasx.exe () O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258040359968 (MUWebControl Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.03 20:11:50 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{3acc64de-4e87-11de-bbe7-00166fb8535b}\Shell\AutoRun\command - "" = F:\ O33 - MountPoints2\{3acc64de-4e87-11de-bbe7-00166fb8535b}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.04 14:27:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe [2011.04.04 13:38:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Malwarebytes [2011.04.04 13:36:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.04.04 13:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.04.04 13:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.04.04 13:35:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.04.04 13:35:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.04 13:22:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\scholz mm\Recent [2011.04.04 13:20:25 | 000,000,000 | ---D | C] -- C:\Config.Msi [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.04 14:24:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.04 14:24:36 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2011.04.04 14:23:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.04 14:23:32 | 534,892,544 | -HS- | M] () -- C:\hiberfil.sys [2011.04.04 12:59:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe [2011.03.29 19:56:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.03.27 21:15:46 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.25 14:43:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.17 16:07:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010.03.04 11:53:42 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat [2009.11.22 18:48:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2009.11.20 12:27:13 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.11.20 12:27:13 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009.11.20 12:27:13 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009.06.01 10:47:15 | 000,057,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.03.04 16:53:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2009.03.04 16:53:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2009.03.04 16:53:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2009.03.04 16:53:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2009.03.04 16:53:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2009.03.04 16:53:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2009.03.04 16:53:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2009.03.04 16:53:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2009.03.04 16:53:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2009.03.04 16:53:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2009.03.04 16:53:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2009.03.04 16:53:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2009.03.04 16:53:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2009.03.04 16:53:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2009.03.04 16:53:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2009.03.04 16:53:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2009.03.04 16:53:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2009.03.04 16:53:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2009.03.04 16:53:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009.03.04 16:51:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEBX300DEFGIPS.ini [2008.12.25 16:05:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\removeme.exe [2008.12.25 15:42:14 | 000,010,606 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat [2008.10.16 16:24:14 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys [2008.10.16 16:24:13 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll [2008.10.16 16:24:13 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll [2008.10.16 16:24:13 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll [2008.10.16 09:07:14 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2008.03.05 21:11:31 | 000,001,026 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008.03.05 21:11:22 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL [2008.03.05 21:11:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL [2008.03.05 21:11:22 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL [2008.03.05 21:11:10 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL [2007.05.27 21:50:04 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll [2007.05.27 21:49:56 | 011,206,656 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll [2007.05.27 21:49:56 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\zhhp2600.exe [2007.05.27 21:49:55 | 000,323,584 | R--- | C] () -- C:\WINDOWS\System32\zshp2600.exe [2007.05.27 21:49:54 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll [2007.05.27 00:05:43 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat [2007.05.27 00:05:42 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll [2007.05.26 23:44:33 | 000,002,644 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI [2007.05.26 23:44:32 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsl05.bin [2007.04.30 10:36:38 | 000,000,377 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.04.07 11:36:10 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007.04.07 11:36:10 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2007.04.07 11:29:26 | 000,000,924 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini [2007.04.07 11:29:21 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.04.07 11:29:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2007.03.06 21:45:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll [2007.02.24 23:36:27 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2007.02.24 15:13:33 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys [2007.02.24 15:13:33 | 000,005,993 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007.02.24 15:13:30 | 000,469,696 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys [2007.02.24 00:36:07 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.02.24 00:23:40 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.01.29 16:50:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.01.29 16:04:15 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\scholz mm\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.01.29 15:52:17 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.01.17 18:01:16 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.01.12 18:34:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MTB30.ini [2007.01.09 19:32:37 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.12.19 21:04:55 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI [2006.12.15 16:01:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.12.01 13:46:52 | 000,162,304 | ---- | C] () -- C:\WINDOWS\Unwise32.exe [2006.11.27 15:41:27 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2006.11.27 15:37:40 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006.11.27 15:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI [2006.11.27 15:29:18 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\scholz mm\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.10.10 10:01:18 | 000,159,821 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.EXE [2006.10.10 10:01:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI [2006.05.10 20:24:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.05.10 20:03:30 | 000,244,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.01.06 17:17:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.01.03 20:43:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.01.03 20:39:06 | 000,393,086 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.01.03 20:39:06 | 000,382,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.01.03 20:39:06 | 000,064,848 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.01.03 20:39:06 | 000,053,770 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.01.03 20:12:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006.01.03 19:47:26 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.01.03 19:46:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.12.27 15:50:32 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin [2005.12.27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2005.12.27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2005.12.27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005.12.08 02:01:06 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005.12.01 00:24:56 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005.03.28 00:45:26 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004.08.04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004.08.04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2002.05.24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.08.26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.04.2011 14:28:35 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\scholz mm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
510,00 Mb Total Physical Memory | 232,00 Mb Available Physical Memory | 46,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,06 Gb Total Space | 8,70 Gb Free Space | 24,81% Space Free | Partition Type: FAT32
Drive D: | 35,55 Gb Total Space | 19,44 Gb Free Space | 54,69% Space Free | Partition Type: FAT32
Drive E: | 14,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MMSCHOLZ-MOBIL | User Name: scholz mm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}" = Paragon Drive Backup 2007
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{86ACFE52-BE3A-4E54-840F-D031339825AD}" = ATI Catalyst Control Center
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{94F3D243-2006-4B2D-9160-C2A33F74BB84}" = Windows Media Center Edition MPEG Codec Plug-in
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_AcrS009E" = HDAUDIO Soft Data Fax Modem with SmartCP
"Corel Applications" = Corel Applications
"DesignPro" = Avery Zweckform DesignPro 2000
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON BX300F Series" = Druckerdeinstallation für EPSON BX300F Series
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 1.99.1
"HP Smart Web Printing" = HP Smart Web Printing
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"TomTom HOME" = TomTom HOME 2.7.3.1894
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"xp-AntiSpy" = xp-AntiSpy 3.97
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.03.2011 13:54:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15484
Error - 24.03.2011 05:07:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 24.03.2011 05:07:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15563
Error - 24.03.2011 05:07:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15563
Error - 25.03.2011 05:36:27 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.03.2011 05:36:27 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3621391
Error - 25.03.2011 05:36:27 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3621391
Error - 28.03.2011 06:10:01 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.03.2011 06:10:01 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15500
Error - 28.03.2011 06:10:01 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15500
[ System Events ]
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:30:57 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 04.04.2011 07:36:22 | Computer Name = MMSCHOLZ-MOBIL | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "helpsvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
Error - 04.04.2011 07:53:12 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 04.04.2011 08:24:09 | Computer Name = MMSCHOLZ-MOBIL | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 04.04.2011 08:24:21 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
< End of report >
Geändert von jonono (04.04.2011 um 14:06 Uhr) |
|
04.04.2011, 15:11
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner Gefunden Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________Zitat:
__________________ |
|
04.04.2011, 15:18
| #3 |
| | Trojaner Gefunden Danke für die Antwort. Mir ist auch schon die fehlende Aktualisierung aufgefallen. Das Problem ist, dass der Computer momentan keine Internetverbindung hat, und ich sie auch nicht aufgebaut bekomme.
__________________Gibt es eine Möglichkeit mbam offline upzudaten. Mit meinem Computer komme ich ins Netz. Ich habe diese Anleitung gefunden, aber die Datei rules.ref existiert bei mir im mbam-Verzeichnis gar nicht: hxxp://www.mytechguide.org/2010/02/25/how-to-manually-download-definition-updates-for-malwarebytes-anti-malware/ |
|
04.04.2011, 15:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden Malwarebytes starten auf dem Rechner mit Internetverbindung, Updatebutton anklicken. Stell sicher, dass du bei DB-Version 6266 bist (oder höher!). Erst dann Malwarebytes beenden. Such dann auf diesem Rechner die Signaturdatei rules.ref heraus, kopier sie auf einen USB-Stick und übertrage sie auf dem Rechner ohne Internetverbindung, die alte rules.ref löschen/überschreiben. Die rules.ref sollte in diesem Verzeichnis sein, stell sicher, dass dir Dateien und Ordner angezeigt werden: Code:
ATTFilter Vista/7 => C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\
WinXP => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.04.2011, 17:58
| #5 |
| | Trojaner Gefunden So jetzt hat es geklappt. Hatte die Datei im falschen Verzeichnis gesucht. Ausserdem habe ich eine Systemwiederherstellung zurückgenommen, die gemacht wurde. Jetzt gibts auch wieder einen Virusscanner. Danach habe ich nochmal beide Scans laufen lassen. Hier die Logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6266 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 04.04.2011 18:15:30 mbam-log-2011-04-04 (18-15-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 259763 Laufzeit: 1 Stunde(n), 18 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\INCG9WP8HQ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\JRMX9X1GML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.04.2011 18:19:54 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\scholz mm\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 52,00 Mb Available Physical Memory | 10,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 35,06 Gb Total Space | 7,52 Gb Free Space | 21,45% Space Free | Partition Type: FAT32 Drive D: | 35,55 Gb Total Space | 19,44 Gb Free Space | 54,69% Space Free | Partition Type: FAT32 Drive E: | 14,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MMSCHOLZ-MOBIL | User Name: scholz mm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (TUWinStylerThemeSvc) -- File not found SRV - (AppMgmt) -- File not found SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe () SRV - (avgwd) -- C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon) DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group) DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.) DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG10\Firefox\ [2010.11.16 10:26:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.04.01 09:23:22 | 000,000,000 | ---D | M] [2008.06.13 19:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Extensions [2008.06.13 19:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2009.10.07 09:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Firefox\Profiles\b5cp5495.default\extensions [2010.12.27 12:23:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Mozilla\Firefox\Profiles\b5cp5495.default\extensions\ffxtlbr@babylon.com [2007.01.29 15:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.07 09:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.11.20 12:25:16 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2009.03.08 14:12:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: internet ([]about in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258040359968 (MUWebControl Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control) O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.03 20:11:50 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{3acc64de-4e87-11de-bbe7-00166fb8535b}\Shell\AutoRun\command - "" = F:\ O33 - MountPoints2\{3acc64de-4e87-11de-bbe7-00166fb8535b}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.04 15:51:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.04.04 15:51:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.04.04 15:51:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.04.04 15:24:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\scholz mm\Recent [2011.04.04 15:23:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nikon [2011.04.04 15:23:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011.04.04 15:23:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\SoftMaker [2011.04.04 15:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\BabylonToolbar [2011.04.04 15:19:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\AVG10 [2011.04.04 15:19:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG 2011 [2011.04.04 14:27:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe [2011.04.04 13:38:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\scholz mm\Anwendungsdaten\Malwarebytes [2011.04.04 13:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.04.04 13:35:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.04 13:22:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\scholz mm\Recent(2) [2011.04.04 13:20:25 | 000,000,000 | ---D | C] -- C:\Config.Msi [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.04 18:20:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.04 18:19:32 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2011.04.04 18:17:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.04 18:17:22 | 534,892,544 | -HS- | M] () -- C:\hiberfil.sys [2011.04.04 12:59:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\scholz mm\Desktop\OTL.exe [2011.04.01 09:24:02 | 000,000,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk [2011.03.29 19:56:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.03.27 21:15:46 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.20 13:28:25 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe [2011.01.25 14:43:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.17 16:07:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010.03.04 11:53:42 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat [2009.11.22 18:48:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2009.11.20 12:27:13 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.11.20 12:27:13 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009.11.20 12:27:13 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009.06.01 10:47:15 | 000,057,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.03.04 16:53:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2009.03.04 16:53:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2009.03.04 16:53:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2009.03.04 16:53:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2009.03.04 16:53:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2009.03.04 16:53:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2009.03.04 16:53:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2009.03.04 16:53:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2009.03.04 16:53:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2009.03.04 16:53:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2009.03.04 16:53:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2009.03.04 16:53:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2009.03.04 16:53:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2009.03.04 16:53:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2009.03.04 16:53:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2009.03.04 16:53:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2009.03.04 16:53:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2009.03.04 16:53:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2009.03.04 16:53:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009.03.04 16:51:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEBX300DEFGIPS.ini [2008.12.25 16:05:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\removeme.exe [2008.12.25 15:42:14 | 000,010,606 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat [2008.10.16 16:24:14 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys [2008.10.16 16:24:13 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll [2008.10.16 16:24:13 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll [2008.10.16 16:24:13 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll [2008.10.16 09:07:14 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2008.03.05 21:11:31 | 000,001,026 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008.03.05 21:11:22 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL [2008.03.05 21:11:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL [2008.03.05 21:11:22 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL [2008.03.05 21:11:10 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL [2007.05.27 21:50:04 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll [2007.05.27 21:49:56 | 011,206,656 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll [2007.05.27 21:49:56 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\zhhp2600.exe [2007.05.27 21:49:55 | 000,323,584 | R--- | C] () -- C:\WINDOWS\System32\zshp2600.exe [2007.05.27 21:49:54 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll [2007.05.27 00:05:43 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat [2007.05.27 00:05:42 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll [2007.05.26 23:44:33 | 000,002,644 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI [2007.05.26 23:44:32 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsl05.bin [2007.04.30 10:36:38 | 000,000,377 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.04.07 11:36:10 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007.04.07 11:36:10 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2007.04.07 11:29:26 | 000,000,924 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini [2007.04.07 11:29:21 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.04.07 11:29:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2007.03.06 21:45:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll [2007.02.24 23:36:27 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2007.02.24 15:13:33 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys [2007.02.24 15:13:33 | 000,005,993 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007.02.24 15:13:30 | 000,469,696 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys [2007.02.24 00:36:07 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.02.24 00:23:40 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.01.29 16:50:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.01.29 16:04:15 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\scholz mm\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.01.29 15:52:17 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.01.17 18:01:16 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.01.12 18:34:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MTB30.ini [2007.01.09 19:32:37 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.12.19 21:04:55 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI [2006.12.15 16:01:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.12.01 13:46:52 | 000,162,304 | ---- | C] () -- C:\WINDOWS\Unwise32.exe [2006.11.27 15:41:27 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2006.11.27 15:37:40 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006.11.27 15:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI [2006.11.27 15:29:18 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\scholz mm\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.10.10 10:01:18 | 000,159,821 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.EXE [2006.10.10 10:01:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI [2006.05.10 20:24:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.05.10 20:03:30 | 000,244,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.01.06 17:17:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.01.03 20:43:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.01.03 20:39:06 | 000,393,086 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.01.03 20:39:06 | 000,382,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.01.03 20:39:06 | 000,064,848 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.01.03 20:39:06 | 000,053,770 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.01.03 20:12:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006.01.03 20:11:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006.01.03 19:47:26 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.01.03 19:46:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.12.27 15:50:32 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin [2005.12.27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2005.12.27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2005.12.27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005.12.08 02:01:06 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005.12.01 00:24:56 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005.03.28 00:45:26 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004.08.04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004.08.04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2002.05.24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.08.26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.04.2011 18:19:54 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\scholz mm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
510,00 Mb Total Physical Memory | 52,00 Mb Available Physical Memory | 10,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,06 Gb Total Space | 7,52 Gb Free Space | 21,45% Space Free | Partition Type: FAT32
Drive D: | 35,55 Gb Total Space | 19,44 Gb Free Space | 54,69% Space Free | Partition Type: FAT32
Drive E: | 14,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MMSCHOLZ-MOBIL | User Name: scholz mm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgdiagex.exe" = C:\Programme\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnose 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgnsx.exe" = C:\Programme\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgemcx.exe" = C:\Programme\AVG\AVG10\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}" = Paragon Drive Backup 2007
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86ACFE52-BE3A-4E54-840F-D031339825AD}" = ATI Catalyst Control Center
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{94F3D243-2006-4B2D-9160-C2A33F74BB84}" = Windows Media Center Edition MPEG Codec Plug-in
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_AcrS009E" = HDAUDIO Soft Data Fax Modem with SmartCP
"Corel Applications" = Corel Applications
"DesignPro" = Avery Zweckform DesignPro 2000
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON BX300F Series" = Druckerdeinstallation für EPSON BX300F Series
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 1.99.1
"HP Smart Web Printing" = HP Smart Web Printing
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"TomTom HOME" = TomTom HOME 2.7.3.1894
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"xp-AntiSpy" = xp-AntiSpy 3.97
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.03.2011 13:54:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15484
Error - 24.03.2011 05:07:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 24.03.2011 05:07:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15563
Error - 24.03.2011 05:07:50 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15563
Error - 25.03.2011 05:36:27 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.03.2011 05:36:27 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3621391
Error - 25.03.2011 05:36:27 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3621391
Error - 28.03.2011 06:10:01 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.03.2011 06:10:01 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15500
Error - 28.03.2011 06:10:01 | Computer Name = MMSCHOLZ-MOBIL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15500
[ System Events ]
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:13:55 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 04.04.2011 07:30:57 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 04.04.2011 07:36:22 | Computer Name = MMSCHOLZ-MOBIL | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "helpsvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
Error - 04.04.2011 07:53:12 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 04.04.2011 08:24:09 | Computer Name = MMSCHOLZ-MOBIL | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 04.04.2011 08:24:21 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 04.04.2011 09:27:19 | Computer Name = MMSCHOLZ-MOBIL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%2
< End of report >
|
|
04.04.2011, 20:08
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner GefundenZitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.03 20:11:50 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{3acc64de-4e87-11de-bbe7-00166fb8535b}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{3acc64de-4e87-11de-bbe7-00166fb8535b}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Trojaner Gefunden |
|
05.04.2011, 08:32
| #7 |
| | Trojaner Gefunden Guten Morgen! Ich vermute die Festplatte war ab Werk so formatiert. Der User hat jedenfalls sicherlich nicht daran rumgefummelt. Ich werde sie umwandeln. Hier das Ergebnis des OTL Fixes: All processes killed ========== OTL ========== ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes ->Flash cache emptied: 82 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 39636 bytes User: scholz mm ->Temp folder emptied: 215049 bytes ->Temporary Internet Files folder emptied: 475758 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 35842402 bytes ->Flash cache emptied: 1528538 bytes User: Besitzer %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 84907 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 37,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04052011_092222 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
05.04.2011, 11:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 16:03
| #9 |
| | Trojaner Gefunden Hallo, ich beschäftige mich gerade mit der manuellen Installation der Wiederherstellungskonsole. Hier schonmal der log des ersten CF-Durchlaufs ohne installierte Konsole. Combofix Logfile: Code:
ATTFilter ComboFix 11-04-04.02 - scholz mm 05.04.2011 16:43:37.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.247 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\scholz mm\Desktop\cofi.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-05 bis 2011-04-05 ))))))))))))))))))))))))))))))
.
.
2011-04-05 07:22 . 2011-04-05 07:22 -------- d-----w- C:\_OTL
2011-04-04 13:51 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 13:51 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 13:25 . 2011-04-04 13:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-04 13:23 . 2011-04-04 13:23 -------- d-----w- c:\programme\Gemeinsame Dateien\Nikon
2011-04-04 13:23 . 2011-04-04 13:23 -------- d--h--w- c:\windows\PIF
2011-04-04 13:23 . 2011-04-04 13:23 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\SoftMaker
2011-04-04 13:21 . 2011-04-04 13:21 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\BabylonToolbar
2011-04-04 13:19 . 2011-04-04 13:19 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\AVG10
2011-04-04 11:38 . 2011-04-04 11:38 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\Malwarebytes
2011-04-04 11:36 . 2011-04-04 11:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-04 11:35 . 2011-04-04 11:36 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-02-11 09:34 . 2007-02-11 09:34 141312 ----a-w- c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-09-13 185632]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-03-30 18:39 471040 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-07-26 17:14 1867776 ------w- c:\programme\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 12:49 16126464 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-04 10:20 68856 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\programme\Ahead\Nero BackItUp\NBJ.exe"
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe"
"REGSHAVE"=c:\programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
"igfxpers"=c:\windows\system32\igfxpers.exe
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\MSMSGS.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [16.10.2008 16:24 38448]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [02.04.2010 09:00 135664]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [26.05.2007 23:44 2944]
S3 BrSerWDM;Brother-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [26.05.2007 23:44 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [26.05.2007 23:44 11008]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [26.05.2007 23:28 10368]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys --> c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [?]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys --> c:\windows\system32\drivers\RTL2832UBDA.sys [?]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys --> c:\windows\system32\Drivers\RTL2832UUSB.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bbb5575cdd2.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-02 07:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ATICCC - c:\programme\ATI Technologies\ATI.ACE\cli.exe
AddRemove-HijackThis - f:\antivirus\hijackis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-05 16:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ssmypics.scr
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-05 16:59:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-05 14:59
.
Vor Suchlauf: 9.275.867.136 Bytes frei
Nach Suchlauf: 9.147.187.200 Bytes frei
.
- - End Of File - - BDBA64706830F6ACE9FB5D4129F3492D
|
|
05.04.2011, 16:19
| #10 |
| | Trojaner Gefunden So... habe CF nochmal mit der Konsole laufen lassen. Hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-04.02 - scholz mm 05.04.2011 17:10:44.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.239 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\scholz mm\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\scholz mm\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-05 bis 2011-04-05 ))))))))))))))))))))))))))))))
.
.
2011-04-05 14:40 . 2011-04-05 14:40 -------- d-----w- C:\cofi
2011-04-05 07:22 . 2011-04-05 07:22 -------- d-----w- C:\_OTL
2011-04-04 13:51 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 13:51 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 13:25 . 2011-04-04 13:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-04 13:23 . 2011-04-04 13:23 -------- d-----w- c:\programme\Gemeinsame Dateien\Nikon
2011-04-04 13:23 . 2011-04-04 13:23 -------- d--h--w- c:\windows\PIF
2011-04-04 13:23 . 2011-04-04 13:23 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\SoftMaker
2011-04-04 13:21 . 2011-04-04 13:21 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\BabylonToolbar
2011-04-04 13:19 . 2011-04-04 13:19 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\AVG10
2011-04-04 11:38 . 2011-04-04 11:38 -------- d-----w- c:\dokumente und einstellungen\scholz mm\Anwendungsdaten\Malwarebytes
2011-04-04 11:36 . 2011-04-04 11:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-04 11:35 . 2011-04-04 11:36 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-02-11 09:34 . 2007-02-11 09:34 141312 ----a-w- c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-09-13 185632]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-03-30 18:39 471040 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-07-26 17:14 1867776 ------w- c:\programme\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 12:49 16126464 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-04 10:20 68856 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\programme\Ahead\Nero BackItUp\NBJ.exe"
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe"
"REGSHAVE"=c:\programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
"igfxpers"=c:\windows\system32\igfxpers.exe
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\MSMSGS.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [16.10.2008 16:24 38448]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [02.04.2010 09:00 135664]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [26.05.2007 23:44 2944]
S3 BrSerWDM;Brother-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [26.05.2007 23:44 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [26.05.2007 23:44 11008]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [26.05.2007 23:28 10368]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys --> c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [?]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys --> c:\windows\system32\drivers\RTL2832UBDA.sys [?]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys --> c:\windows\system32\Drivers\RTL2832UUSB.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bbb5575cdd2.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-02 07:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-05 17:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2011-04-05 17:17:27
ComboFix-quarantined-files.txt 2011-04-05 15:17
ComboFix2.txt 2011-04-05 14:59
.
Vor Suchlauf: 9.140.043.776 Bytes frei
Nach Suchlauf: 9.120.448.512 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 71F1D8D1FF5C078C6AE5E78F36F2BB35
|
|
05.04.2011, 18:06
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden Systempartition nach NTFS konvertieren: 1) Start, Ausführen, cmd eintippen und ok Danach dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 19:21
| #12 |
| | Trojaner Gefunden Hallo, TDSSKiller hat wohl nichts gefunden: 2011/04/05 20:18:57.0656 3808 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/05 20:18:57.0671 3808 ================================================================================ 2011/04/05 20:18:57.0671 3808 SystemInfo: 2011/04/05 20:18:57.0671 3808 2011/04/05 20:18:57.0671 3808 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/05 20:18:57.0671 3808 Product type: Workstation 2011/04/05 20:18:57.0671 3808 ComputerName: MMSCHOLZ-MOBIL 2011/04/05 20:18:57.0671 3808 UserName: scholz mm 2011/04/05 20:18:57.0671 3808 Windows directory: C:\WINDOWS 2011/04/05 20:18:57.0671 3808 System windows directory: C:\WINDOWS 2011/04/05 20:18:57.0671 3808 Processor architecture: Intel x86 2011/04/05 20:18:57.0671 3808 Number of processors: 1 2011/04/05 20:18:57.0671 3808 Page size: 0x1000 2011/04/05 20:18:57.0671 3808 Boot type: Normal boot 2011/04/05 20:18:57.0671 3808 ================================================================================ 2011/04/05 20:18:58.0421 3808 Initialize success 2011/04/05 20:19:06.0453 3832 ================================================================================ 2011/04/05 20:19:06.0453 3832 Scan started 2011/04/05 20:19:06.0453 3832 Mode: Manual; 2011/04/05 20:19:06.0453 3832 ================================================================================ 2011/04/05 20:19:06.0984 3832 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/04/05 20:19:07.0031 3832 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/05 20:19:07.0078 3832 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/04/05 20:19:07.0109 3832 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/04/05 20:19:07.0171 3832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/05 20:19:07.0218 3832 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/04/05 20:19:07.0265 3832 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/04/05 20:19:07.0296 3832 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/04/05 20:19:07.0343 3832 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/04/05 20:19:07.0375 3832 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/04/05 20:19:07.0406 3832 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/04/05 20:19:07.0437 3832 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/04/05 20:19:07.0468 3832 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/04/05 20:19:07.0546 3832 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/04/05 20:19:07.0687 3832 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/04/05 20:19:07.0765 3832 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys 2011/04/05 20:19:07.0796 3832 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/04/05 20:19:07.0828 3832 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/04/05 20:19:07.0859 3832 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/04/05 20:19:07.0921 3832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/05 20:19:07.0968 3832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/05 20:19:08.0250 3832 ati2mtag (1fa523c5e4ad953f896ea50c33475bea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/04/05 20:19:08.0328 3832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/05 20:19:08.0421 3832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/05 20:19:08.0609 3832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/05 20:19:08.0656 3832 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys 2011/04/05 20:19:08.0734 3832 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys 2011/04/05 20:19:08.0750 3832 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys 2011/04/05 20:19:08.0796 3832 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 2011/04/05 20:19:08.0875 3832 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/04/05 20:19:08.0906 3832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/05 20:19:08.0953 3832 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/04/05 20:19:08.0984 3832 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/04/05 20:19:09.0015 3832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/05 20:19:09.0046 3832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/05 20:19:09.0078 3832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/05 20:19:09.0140 3832 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/04/05 20:19:09.0203 3832 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/04/05 20:19:09.0250 3832 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/04/05 20:19:09.0406 3832 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/04/05 20:19:09.0484 3832 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/04/05 20:19:09.0515 3832 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/04/05 20:19:09.0562 3832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/05 20:19:09.0609 3832 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 2011/04/05 20:19:09.0687 3832 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/05 20:19:09.0921 3832 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/05 20:19:09.0968 3832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/05 20:19:10.0000 3832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/05 20:19:10.0125 3832 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/04/05 20:19:10.0171 3832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/05 20:19:10.0218 3832 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys 2011/04/05 20:19:10.0343 3832 EpmShd (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys 2011/04/05 20:19:10.0406 3832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/05 20:19:10.0500 3832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/04/05 20:19:10.0875 3832 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/05 20:19:11.0656 3832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/04/05 20:19:12.0531 3832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/04/05 20:19:13.0343 3832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/05 20:19:13.0484 3832 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/05 20:19:13.0562 3832 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2011/04/05 20:19:13.0656 3832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/05 20:19:13.0750 3832 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/05 20:19:13.0796 3832 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/05 20:19:13.0890 3832 hotcore3 (4bab16afc2b0029e09c67daa8ec722a2) C:\WINDOWS\system32\drivers\hotcore3.sys 2011/04/05 20:19:14.0015 3832 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/04/05 20:19:14.0156 3832 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/04/05 20:19:14.0250 3832 HSFHWAZL (a902a7e76c245210eee9ef5185158e9c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/04/05 20:19:14.0343 3832 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/04/05 20:19:14.0515 3832 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/05 20:19:14.0625 3832 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/04/05 20:19:14.0656 3832 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/04/05 20:19:14.0687 3832 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/05 20:19:14.0828 3832 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/04/05 20:19:14.0953 3832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/05 20:19:15.0015 3832 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/04/05 20:19:15.0140 3832 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys 2011/04/05 20:19:15.0453 3832 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/05 20:19:15.0781 3832 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/04/05 20:19:15.0828 3832 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/05 20:19:15.0859 3832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/04/05 20:19:15.0906 3832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/05 20:19:15.0937 3832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/05 20:19:15.0984 3832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/05 20:19:16.0046 3832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/05 20:19:16.0093 3832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/05 20:19:16.0125 3832 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/05 20:19:16.0171 3832 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/05 20:19:16.0187 3832 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/05 20:19:16.0234 3832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/05 20:19:16.0437 3832 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/05 20:19:16.0546 3832 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/04/05 20:19:16.0593 3832 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 2011/04/05 20:19:16.0640 3832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/05 20:19:16.0687 3832 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/05 20:19:16.0781 3832 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/05 20:19:16.0843 3832 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/05 20:19:16.0890 3832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/05 20:19:16.0937 3832 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 2011/04/05 20:19:16.0968 3832 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/04/05 20:19:17.0156 3832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/05 20:19:17.0218 3832 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/05 20:19:17.0312 3832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/05 20:19:17.0359 3832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/05 20:19:17.0390 3832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/05 20:19:17.0421 3832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/05 20:19:17.0453 3832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/05 20:19:17.0609 3832 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/04/05 20:19:17.0656 3832 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/05 20:19:17.0687 3832 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/04/05 20:19:17.0812 3832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/05 20:19:17.0843 3832 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys 2011/04/05 20:19:17.0890 3832 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/04/05 20:19:17.0953 3832 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/05 20:19:17.0984 3832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/05 20:19:18.0015 3832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/05 20:19:18.0062 3832 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/05 20:19:18.0109 3832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/05 20:19:18.0156 3832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/05 20:19:18.0343 3832 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys 2011/04/05 20:19:18.0406 3832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/05 20:19:18.0468 3832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/05 20:19:18.0531 3832 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 2011/04/05 20:19:18.0578 3832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/05 20:19:18.0625 3832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/05 20:19:18.0796 3832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/05 20:19:18.0843 3832 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys 2011/04/05 20:19:18.0890 3832 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys 2011/04/05 20:19:18.0937 3832 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys 2011/04/05 20:19:19.0000 3832 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/05 20:19:19.0031 3832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/05 20:19:19.0078 3832 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/05 20:19:19.0109 3832 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/05 20:19:19.0171 3832 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/05 20:19:19.0234 3832 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/04/05 20:19:19.0375 3832 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/04/05 20:19:19.0406 3832 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/04/05 20:19:19.0484 3832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/05 20:19:19.0656 3832 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/05 20:19:19.0703 3832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/05 20:19:19.0765 3832 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/04/05 20:19:19.0843 3832 QCMerced (e0fc6892ada96bf6a7f2830143e5cfd2) C:\WINDOWS\system32\DRIVERS\LVCM.sys 2011/04/05 20:19:19.0921 3832 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/04/05 20:19:19.0953 3832 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/04/05 20:19:19.0984 3832 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/04/05 20:19:20.0015 3832 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/04/05 20:19:20.0046 3832 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/04/05 20:19:20.0218 3832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/05 20:19:20.0265 3832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/05 20:19:20.0296 3832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/05 20:19:20.0343 3832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/05 20:19:20.0406 3832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/05 20:19:20.0437 3832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/05 20:19:20.0500 3832 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/05 20:19:20.0546 3832 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/05 20:19:20.0625 3832 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/05 20:19:20.0796 3832 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/04/05 20:19:21.0031 3832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/05 20:19:21.0093 3832 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys 2011/04/05 20:19:21.0125 3832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/05 20:19:21.0218 3832 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/04/05 20:19:21.0250 3832 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/04/05 20:19:21.0312 3832 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/04/05 20:19:21.0343 3832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/05 20:19:21.0390 3832 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/05 20:19:21.0468 3832 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/05 20:19:21.0656 3832 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/04/05 20:19:21.0703 3832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/05 20:19:21.0734 3832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/05 20:19:21.0796 3832 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/04/05 20:19:21.0828 3832 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/04/05 20:19:21.0859 3832 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/04/05 20:19:21.0890 3832 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/04/05 20:19:21.0937 3832 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/04/05 20:19:21.0984 3832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/05 20:19:22.0046 3832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/05 20:19:22.0140 3832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/05 20:19:22.0281 3832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/05 20:19:22.0312 3832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/05 20:19:22.0375 3832 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/04/05 20:19:22.0421 3832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/05 20:19:22.0484 3832 UimBus (e3cfd4fce555784869a9243a71efcb22) C:\WINDOWS\system32\DRIVERS\UimBus.sys 2011/04/05 20:19:22.0546 3832 Uim_IM (5237bb4b8390325936a38b55d72c23b4) C:\WINDOWS\system32\Drivers\Uim_IM.sys 2011/04/05 20:19:22.0609 3832 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/04/05 20:19:22.0671 3832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/05 20:19:22.0906 3832 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/04/05 20:19:22.0937 3832 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/05 20:19:22.0968 3832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/05 20:19:23.0000 3832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/05 20:19:23.0046 3832 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/04/05 20:19:23.0078 3832 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/05 20:19:23.0093 3832 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/05 20:19:23.0125 3832 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/05 20:19:23.0156 3832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/05 20:19:23.0203 3832 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/04/05 20:19:23.0234 3832 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/04/05 20:19:23.0281 3832 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/05 20:19:23.0484 3832 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2011/04/05 20:19:23.0859 3832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/05 20:19:23.0937 3832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/05 20:19:24.0046 3832 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/04/05 20:19:24.0265 3832 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/04/05 20:19:24.0328 3832 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/04/05 20:19:24.0921 3832 ================================================================================ 2011/04/05 20:19:24.0921 3832 Scan finished 2011/04/05 20:19:24.0921 3832 ================================================================================ |
|
05.04.2011, 20:00
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2011, 15:07
| #14 |
| | Trojaner Gefunden Hallo, alles erledigt - hier die Logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-06 15:50:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541080G9AT00 rev.MB4OA60A
Running: di5njjwr.exe; Driver: C:\DOKUME~1\SCHOLZ~1\LOKALE~1\Temp\kwliqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\hiber_WMILIB.SYS Das System kann den angegebenen Pfad nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:58:11 on 06.04.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16915 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cb6bbb5575cdd2.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys "Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys "Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "HID Infrared Remote Receiver" (RTL2832U_IRHID) - ? - C:\WINDOWS\System32\DRIVERS\RTL2832U_IRHID.sys (File not found) "hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys "IEEE-1284.4 Driver HPZid412" (HPZid412) - ? - C:\WINDOWS\System32\DRIVERS\HPZid412.sys (File not found) "int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys (File found, but it contains no detailed information) "kwliqpoc" (kwliqpoc) - ? - C:\DOKUME~1\SCHOLZ~1\LOKALE~1\Temp\kwliqpoc.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys "OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys "osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys "osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Print Class Driver for IEEE-1284.4 HPZipr12" (HPZipr12) - ? - C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "REALTEK 2832U BDA Driver" (RTL2832UBDA) - ? - C:\WINDOWS\System32\drivers\RTL2832UBDA.sys (File not found) "REALTEK 2832U USB Driver" (RTL2832UUSB) - ? - C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys (File not found) "UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys "Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys "USB to IEEE-1284.4 Translation Driver HPZius12" (HPZius12) - "HP" - C:\WINDOWS\System32\DRIVERS\HPZius12.sys "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\WINDOWS\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} "IPSUploader Control" - "IP Labs GmbH - Germany." - C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IPSUploader.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab {CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\WINDOWS\system32\eDStoolbar.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\scholz mm\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Value Labs, Taiwan" - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot "CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon "DWQueuedReporting" - "Microsoft Corporation" - "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t "EPM-DM" - "Acer Inc" - c:\acer\Empowering Technology\ePower\epm-dm.exe "eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe "LaunchApp" - "Acer Inc." - Alaunch "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor iP3500 series" - "CANON INC." - C:\WINDOWS\system32\CNMLM8V.DLL "PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\WINDOWS\system32\hpz3l5mu.dll "PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\pdfports.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AdminWorks Agent X6" (AWService) - "Avocent Inc." - C:\Acer\Empowering Technology\admServ.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Statusdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe "B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000041c Kernel Drivers (total 175): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D0000 \WINDOWS\system32\hal.dll 0xF8AE7000 \WINDOWS\system32\KDCOM.DLL 0xF89F7000 \WINDOWS\system32\BOOTVID.dll 0xF84B7000 ACPI.sys 0xF8AE9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF84A6000 pci.sys 0xF85E7000 isapnp.sys 0xF89FB000 compbatt.sys 0xF89FF000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF8BAF000 pciide.sys 0xF8867000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF8AEB000 aliide.sys 0xF8AED000 cmdide.sys 0xF8AEF000 toside.sys 0xF8AF1000 viaide.sys 0xF8AF3000 intelide.sys 0xF8488000 pcmcia.sys 0xF85F7000 MountMgr.sys 0xF8469000 ftdisk.sys 0xF8A03000 ACPIEC.sys 0xF8BB0000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF886F000 PartMgr.sys 0xF8877000 hotcore3.sys 0xF8607000 VolSnap.sys 0xF8A07000 cpqarray.sys 0xF8451000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF8439000 atapi.sys 0xF8A0B000 aha154x.sys 0xF887F000 sparrow.sys 0xF8A0F000 symc810.sys 0xF8617000 aic78xx.sys 0xF8A13000 dac960nt.sys 0xF8627000 ql10wnt.sys 0xF8A17000 amsint.sys 0xF8887000 asc.sys 0xF8A1B000 asc3550.sys 0xF888F000 mraid35x.sys 0xF8897000 i2omp.sys 0xF8A1F000 ini910u.sys 0xF8637000 ql1240.sys 0xF8647000 aic78u2.sys 0xF889F000 symc8xx.sys 0xF88A7000 sym_hi.sys 0xF88AF000 sym_u3.sys 0xF88B7000 ABP480N5.SYS 0xF88BF000 asc3350p.sys 0xF8AF5000 cd20xrnt.sys 0xF8657000 ultra.sys 0xF8420000 adpu160m.sys 0xF88C7000 dpti2o.sys 0xF8667000 ql1080.sys 0xF8677000 ql1280.sys 0xF8687000 ql12160.sys 0xF88CF000 perc2.sys 0xF8AF7000 perc2hib.sys 0xF88D7000 hpn.sys 0xF8A23000 cbidf2k.sys 0xF83F4000 dac2w2k.sys 0xF8697000 disk.sys 0xF86A7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF83D4000 fltmgr.sys 0xF83C2000 sr.sys 0xF86B7000 PxHelp20.sys 0xF83AB000 KSecDD.sys 0xF831E000 Ntfs.sys 0xF82F1000 NDIS.sys 0xF86C7000 sisagp.sys 0xF86D7000 viaagp.sys 0xF82D7000 Mup.sys 0xF86E7000 alim1541.sys 0xF86F7000 amdagp.sys 0xF8707000 agp440.sys 0xF8717000 agpCPQ.sys 0xF8737000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF803D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF8029000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF8001000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF8937000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF7FDD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF893F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7CB7000 \SystemRoot\system32\DRIVERS\w29n51.sys 0xF7CA3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0xF8747000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF8957000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0xF8967000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7C74000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF8B01000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF8977000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF8757000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF8767000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF8777000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7C51000 \SystemRoot\system32\DRIVERS\ks.sys 0xF8B03000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0xF898F000 \SystemRoot\System32\drivers\GEARAspiWDM.sys 0xF8AB7000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF8C6F000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF8787000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF8ABF000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF7C3A000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF8797000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF87A7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF89AF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF7C29000 \SystemRoot\system32\DRIVERS\psched.sys 0xF87B7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF89BF000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF89CF000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF87C7000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF8B09000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF7B2B000 \SystemRoot\system32\DRIVERS\update.sys 0xF8AD3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF89E7000 \SystemRoot\system32\DRIVERS\UimBus.sys 0xF7B0D000 \SystemRoot\System32\Drivers\Uim_IM.sys 0xF8B0D000 \SystemRoot\System32\Drivers\UimFIO.SYS 0xF87D7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF3671000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xF364D000 \SystemRoot\system32\drivers\portcls.sys 0xF8807000 \SystemRoot\system32\drivers\drmk.sys 0xF3617000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xF3523000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xF3472000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF88FF000 \SystemRoot\System32\Drivers\Modem.SYS 0xF8817000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF8AAB000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF8B17000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8CBC000 \SystemRoot\System32\Drivers\Null.SYS 0xF8B1B000 \SystemRoot\System32\Drivers\Beep.SYS 0xF894F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF895F000 \SystemRoot\System32\drivers\vga.sys 0xF8B1F000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF8B23000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF897F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF8997000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF8ACF000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF339F000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF3346000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF331E000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF32F8000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF8827000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF32D6000 \SystemRoot\System32\drivers\afd.sys 0xF8837000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF32AB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF7AF1000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys 0xF323B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF8847000 \SystemRoot\System32\Drivers\Fips.SYS 0xF31EF000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF825F000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF31D7000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF8B31000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF8AB3000 \SystemRoot\System32\drivers\Dxapi.sys 0xF890F000 \SystemRoot\System32\watchdog.sys 0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys 0xF8C28000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF9D6000 \SystemRoot\System32\ati2dvag.dll 0xBFA18000 \SystemRoot\System32\ati2cqag.dll 0xBFA52000 \SystemRoot\System32\atikvmag.dll 0xBFA88000 \SystemRoot\System32\ati3duag.dll 0xBFCEF000 \SystemRoot\System32\ativvaxx.dll 0xB8F78000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB8C53000 \SystemRoot\system32\drivers\wdmaud.sys 0xF3187000 \SystemRoot\system32\drivers\sysaudio.sys 0xB8B38000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF8D39000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys 0xB8762000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys 0xB8872000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xF8B63000 \??\C:\WINDOWS\system32\drivers\osaio.sys 0xF8C38000 \??\C:\WINDOWS\system32\drivers\osanbm.sys 0xB8530000 \SystemRoot\system32\DRIVERS\srv.sys 0xB82C4000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys 0xF8B57000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS 0xB8190000 \??\C:\DOKUME~1\SCHOLZ~1\LOKALE~1\Temp\kwliqpoc.sys 0xB8165000 \SystemRoot\system32\drivers\kmixer.sys 0xF89B7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 39): 0 System Idle Process 4 System 736 C:\WINDOWS\system32\smss.exe 800 csrss.exe 828 C:\WINDOWS\system32\winlogon.exe 872 C:\WINDOWS\system32\services.exe 884 C:\WINDOWS\system32\lsass.exe 1032 C:\WINDOWS\system32\ati2evxx.exe 1052 C:\WINDOWS\system32\svchost.exe 1168 svchost.exe 1216 C:\WINDOWS\system32\svchost.exe 1340 svchost.exe 1404 svchost.exe 1628 C:\WINDOWS\system32\spoolsv.exe 1744 C:\WINDOWS\system32\ati2evxx.exe 1820 C:\WINDOWS\explorer.exe 2024 svchost.exe 156 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 192 C:\Acer\Empowering Technology\admServ.exe 340 C:\Programme\Synaptics\SynTP\SynTPLpr.exe 456 C:\Programme\Synaptics\SynTP\SynTPEnh.exe 544 C:\Programme\Canon\MyPrinter\BJMYPRT.EXE 604 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe 780 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 1100 C:\Acer\Empowering Technology\ePower\epm-dm.exe 1112 C:\Acer\Empowering Technology\eRecovery\Monitor.exe 932 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1292 C:\WINDOWS\system32\bgsvcgen.exe 1332 C:\Programme\Bonjour\mDNSResponder.exe 1500 C:\Programme\Google\Update\GoogleUpdate.exe 1524 C:\Programme\Java\jre6\bin\jqs.exe 1872 C:\WINDOWS\system32\svchost.exe 1884 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe 1936 C:\WINDOWS\system32\wscntfy.exe 2088 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2284 alg.exe 3088 C:\WINDOWS\system32\wuauclt.exe 2528 C:\Dokumente und Einstellungen\scholz mm\Desktop\osam_autorun_manager_5_0_portable\osam.exe 3044 C:\Dokumente und Einstellungen\scholz mm\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (FAT32) \\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: HTS541080G9AT00, Rev: MB4OA60A PhysicalDrive1 Model Number: TOSHIBAMK1652GSX, Rev: Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F 149 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
|
06.04.2011, 15:37
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner GefundenZitat:
Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus. Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen) Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus den Bootkit Remover nochmals aus und poste das neue Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Gefunden |
| 0x00000001, 0xc0000001, 32 bit, babylon, benutzerregistrierung, canon, compu, computer, gefunde, location, malwarebytes, media center, meldung, monitor.exe, msvcrt, oldtimer, otl.exe, picasa, plug-in, rojaner gefunden, saver, scan, schonmal, shell32.dll, shortcut, sicherheitslücke, sicherheitslücken, studio, system, troja, trojan.renos, trojaner, trojaner gefunden, virenscan, visual studio |
Linear-Darstellung
