| |
| |||||||
Log-Analyse und Auswertung: Trojaner Vista Desktop leer Festplatte defekt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.05.2011, 21:58
| #1 |
| |  Trojaner Vista Desktop leer Festplatte defekt? Hallo! Habe mir irgendwie einen Trojaner zugezogen  , obwohl ich meinem Virenprogramm keinerlei Installation erlaubt habe. Ständig öffnen sich setup Dateien mit mehrstelligen Ziffern im Namen. Klicke ich auf abbrechen kommt die nächste setup Datei. Außerdem versucht sich Java ständig ins Internet zu wählen. Habe ein ähnliches Problem bereits hier im Forum mitverfolgt und deshalb eine Analyse über Malwarebytes durchgeführt:51 infizierte Dateien und folgende Log datei: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6548 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 10.05.2011 22:33:35 mbam-log-2011-05-10 (22-33-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 295243 Laufzeit: 1 Stunde(n), 20 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 44 Infizierte Speicherprozesse: c:\programdata\trwkcwhfgpmgtx.exe (Rogue.Installer.Gen) -> 2836 -> Unloaded process successfully. c:\Users\Tini\l.exe (Rootkit.TDSS) -> 1856 -> Unloaded process successfully. Infizierte Speichermodule: c:\Users\Tini\AppData\Local\ohtsaw.dll (Trojan.Hiloti) -> Delete on reboot. c:\Users\Tini\AppData\Local\atifacosaqomi.dll (Trojan.Agent.U) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Acuge (Trojan.Hiloti) -> Value: Acuge -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trwKcwHFGPMgtX (Rogue.Installer.Gen) -> Value: trwKcwHFGPMgtX -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jyonozi (Trojan.Agent.U) -> Value: Jyonozi -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Tini\AppData\Local\ohtsaw.dll (Trojan.Hiloti) -> Delete on reboot. c:\programdata\trwkcwhfgpmgtx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Tini\l.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\m.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\0.027067628380521125.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\0.6096786126294245.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\2473.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\24A0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\tmp6586.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\FDA0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup1061641952.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup1408728840.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup1749326048.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup1752513760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup1827524832.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup1828728456.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup1991873248.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup3032938720.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup3279916256.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup3528403200.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup3535678688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup3609256072.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup3814930144.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup3822213344.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup4035532000.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup4061674376.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup4155243400.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup831226592.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup862498016.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2205707144.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2415815816.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2447262856.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2533755104.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2631627400.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2669623520.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2895472864.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\Temp\setup2908522376.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\4d261d6f-70984861 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Roaming\Adobe\plugs\mmc1500230.txt (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Windows\Temp\set4816.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Roaming\Adobe\plugs\mmc155.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Roaming\Adobe\plugs\mmc17.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Tini\AppData\Local\atifacosaqomi.dll (Trojan.Agent.U) -> Delete on reboot. Gerade läuft OTL. Hier entstanden folgende Log Dateien:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2011 22:44:32 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tini\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 211,68 Gb Free Space | 73,42% Space Free | Partition Type: NTFS Computer Name: MERLIN | User Name: Tini | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tini\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Tini\leaih.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\VideoWebCamera\VideoWebCamera.exe (Suyin) PRC - C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) PRC - C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Tini\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\SysHook.dll (Acer Incorporated) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {97E0B7BE-B4D2-408E-80A9-891FC08F94B8}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.03.12 17:46:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 11:56:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 11:56:03 | 000,000,000 | ---D | M] [2009.07.27 17:57:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions [2011.05.10 19:25:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\hmkz3aqp.default\extensions [2011.05.10 20:37:48 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\hmkz3aqp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.10 20:37:48 | 000,000,000 | -H-D | M] (Embedded Objects) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\hmkz3aqp.default\extensions\firefox@red-cog.com [2011.02.12 10:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.16 22:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 10:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.16 22:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 10:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.05.10 19:22:33 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\TINI\APPDATA\LOCAL\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8} [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.20 19:52:06 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.20 19:52:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.20 19:52:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.20 19:52:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.20 19:52:07 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PLFSetI] File not found O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acuge] File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Jyonozi] File not found O4 - HKCU..\Run: [leaih] C:\Users\Tini\leaih.exe () O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{456b1016-e509-11de-9326-001f16a6d62c}\Shell - "" = AutoRun O33 - MountPoints2\{456b1016-e509-11de-9326-001f16a6d62c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{a12d982d-7cda-11de-bbce-001f16a6d62c}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\{aecc2a31-b7c7-11de-b895-001f16a6d62c}\Shell\AutoRun\command - "" = E:\Menu.exe O33 - MountPoints2\{e3f213cc-baaf-11df-afef-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e3f213cc-baaf-11df-afef-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.10 22:42:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe [2011.05.10 22:35:53 | 000,000,000 | R--D | C] -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2011.05.10 21:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.05.10 21:03:11 | 000,000,000 | -H-D | C] -- C:\Users\Tini\AppData\Roaming\Malwarebytes [2011.05.10 21:03:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.10 21:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.10 21:03:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.05.10 21:02:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.10 21:02:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.10 19:22:32 | 000,000,000 | -H-D | C] -- C:\Users\Tini\AppData\Local\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8} [2011.04.28 16:11:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.28 16:11:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.28 16:11:14 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.14 18:26:26 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 18:26:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 18:26:22 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 18:26:21 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 18:26:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 18:26:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 18:26:04 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 18:26:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 18:26:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.14 18:26:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 18:26:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.14 18:25:57 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 18:25:55 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 18:25:54 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll ========== Files - Modified Within 30 Days ========== [2011.05.10 22:43:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.10 22:43:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.10 22:43:10 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.10 22:43:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.10 22:42:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe [2011.05.10 22:40:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.10 22:35:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.10 22:35:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 22:35:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 22:35:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.10 22:35:09 | 3213,750,272 | -HS- | M] () -- C:\hiberfil.sys [2011.05.10 21:12:23 | 000,237,568 | RHS- | M] () -- C:\Users\Tini\leaih.exe [2011.05.10 20:49:25 | 000,448,045 | -H-- | M] () -- C:\Users\Tini\biiac.exe [2011.05.10 19:22:34 | 000,000,120 | -H-- | M] () -- C:\Users\Tini\AppData\Local\Nruhuqu.dat [2011.05.10 19:22:34 | 000,000,000 | -H-- | M] () -- C:\Users\Tini\AppData\Local\Ygari.bin [2011.05.10 19:20:43 | 000,237,568 | -H-- | M] () -- C:\Users\Tini\lfjuun.exe [2011.05.10 19:20:34 | 000,000,000 | -H-- | M] () -- C:\Users\Tini\2gweorjqjutp92vjy9gake [2011.05.10 18:56:23 | 000,048,544 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.05.09 17:52:47 | 000,048,544 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.05.04 18:40:06 | 000,034,816 | -H-- | M] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.15 17:09:40 | 000,423,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.05.10 21:12:23 | 000,237,568 | RHS- | C] () -- C:\Users\Tini\leaih.exe [2011.05.10 20:49:25 | 000,448,045 | -H-- | C] () -- C:\Users\Tini\biiac.exe [2011.05.10 19:22:34 | 000,000,120 | -H-- | C] () -- C:\Users\Tini\AppData\Local\Nruhuqu.dat [2011.05.10 19:22:34 | 000,000,000 | -H-- | C] () -- C:\Users\Tini\AppData\Local\Ygari.bin [2011.05.10 19:20:42 | 000,237,568 | -H-- | C] () -- C:\Users\Tini\lfjuun.exe [2011.05.10 19:20:34 | 000,000,000 | -H-- | C] () -- C:\Users\Tini\2gweorjqjutp92vjy9gake [2010.09.07 15:57:10 | 000,168,197 | ---- | C] () -- C:\Windows\hppins09.dat.temp [2010.09.07 15:13:26 | 000,000,621 | ---- | C] () -- C:\Windows\System32\hppapr09.dat [2010.03.12 17:35:29 | 000,202,406 | ---- | C] () -- C:\Windows\hpwins24.dat [2009.09.17 10:02:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 10:02:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.03 12:09:06 | 000,034,816 | -H-- | C] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.04 19:46:17 | 000,000,319 | ---- | C] () -- C:\Windows\ULEAD32.INI [2009.07.30 12:00:06 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.07.27 20:14:35 | 000,000,000 | -H-- | C] () -- C:\Users\Tini\AppData\Roaming\wklnhst.dat [2009.07.27 19:51:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.06.11 21:26:46 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin [2009.06.11 13:05:25 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.06.11 12:41:56 | 000,048,544 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2009.06.11 12:40:40 | 000,048,544 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2009.03.26 03:15:57 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.26 03:15:57 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.26 03:15:57 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.26 03:15:57 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.25 19:50:36 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.03.25 18:38:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.04 21:35:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.03.04 21:35:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.03.04 21:35:53 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.03.04 21:35:53 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2008.12.17 06:09:43 | 000,001,879 | ---- | C] () -- C:\Windows\hpwmdl24.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,423,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.05.2011 22:44:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tini\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 211,68 Gb Free Space | 73,42% Space Free | Partition Type: NTFS
Computer Name: MERLIN | User Name: Tini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B206AF-DE5F-44E1-ADF8-595FE4C838B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{1AA47F86-36FC-4CF9-8349-D8E9639E9ED0}" = rport=139 | protocol=6 | dir=out | app=system |
"{26F417C7-69DE-48B4-B6E9-5B8E4196844E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{27ECD289-7154-40FD-9B11-F15557C7F822}" = rport=137 | protocol=17 | dir=out | app=system |
"{28C8260B-C1C2-47C1-9CD1-501F71CEA8EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{302CFC63-A1B0-4D02-BEB5-A610732A323E}" = lport=137 | protocol=17 | dir=in | app=system |
"{33F08B46-8C04-4082-82FE-2BB44CF9D23D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43CCC414-C02C-4006-82B8-9A8C07B0F01D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5735B7F4-2C9E-420B-A5AE-D00424155D57}" = lport=138 | protocol=17 | dir=in | app=system |
"{BD1D0793-730D-4460-877F-CB9A9D92F409}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{C9312FA9-3667-417B-A37E-CB59FFD510E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA101025-E171-4538-BE8F-F7997C980D5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE13F605-7D8C-4451-B467-5CFEC054A76E}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{122212C3-994B-416A-B1E8-B90BCE223B2C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{173F031C-8BE4-44DB-9DFB-96EA388914FC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A73B785-2D91-4F8C-89BC-873FD262BE07}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4B146BE4-D733-4C15-8CC9-C4234CFA95FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{59DA3BF4-F723-40B2-B8B6-486462AE5514}" = dir=in | app=d:\setup\hpznui01.exe |
"{941AD498-9D9C-4C62-AB18-F0551D2AF324}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9565BF23-ADC8-4E8D-8F13-C45931823591}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9656A844-F6B1-495E-9B68-3D21B79998BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A9DD5344-768F-44B4-8CAC-6595BF07F940}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA1F37B5-0C8C-4859-8DF5-A930833DFCDA}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{B50E2B0D-3F69-430D-9A05-0E008CE14C32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B6D31019-032D-4742-9FC0-C13FCA706BF7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C58154D9-085A-471F-B6EA-5969753022EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{C8E809A4-CEC7-40E6-8BC7-BD32720EB2DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DCCB2173-ADB3-46F8-8C4E-EDF9FF917511}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DE1EED78-626B-4AE3-869A-F064E9019A64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2F7FFE5-6DBC-4808-AC3C-16BB5BC98708}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D471171-70BF-459B-AF06-9C34329295E7}" = 6000E609_Help
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4F57C27B-EDF4-4009-BEBA-EA7AA5C7A02D}" = ProductContext
"{551845DB-2D33-474E-B591-0831F0F2FAF6}" = BPDSoftware_Ini
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{691FCAD9-4A3F-43B9-8EC6-F7EE608D3772}" = 6000E609_eDocs
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{716F4A62-0548-42b3-BAEA-44BC4F8E187C}" = HP Officejet 6000 E609 Series
"{722CD933-F4A3-4b3b-95D2-2A325BA693DA}" = 6000E609a
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1212
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"NVIDIA Drivers" = NVIDIA Drivers
"ORTMANN Cross Stitch Creator" = ORTMANN Cross Stitch Creator 3.0.7
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"Röntgen-Trainer_is1" = Röntgen-Trainer Chirurgische Ambulanz Version 1.0
"SetupMyPC" = SetupMyPC
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"Updator" = Updator
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.12.2010 17:10:22 | Computer Name = Merlin | Source = Windows Search Service | ID = 3013
Description =
Error - 10.12.2010 17:10:22 | Computer Name = Merlin | Source = Windows Search Service | ID = 3013
Description =
Error - 10.12.2010 17:10:22 | Computer Name = Merlin | Source = Windows Search Service | ID = 3013
Description =
Error - 12.12.2010 10:22:42 | Computer Name = Merlin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.12.2010 10:22:42 | Computer Name = Merlin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.12.2010 10:22:46 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.12.2010 10:22:46 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.12.2010 10:22:47 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.12.2010 10:22:47 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.12.2010 10:22:48 | Computer Name = Merlin | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.05.2011 14:47:40 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description =
Error - 10.05.2011 14:53:07 | Computer Name = Merlin | Source = Service Control Manager | ID = 7022
Description =
Error - 10.05.2011 15:11:07 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description =
Error - 10.05.2011 15:11:07 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description =
Error - 10.05.2011 15:17:09 | Computer Name = Merlin | Source = Service Control Manager | ID = 7022
Description =
Error - 10.05.2011 16:35:59 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description =
Error - 10.05.2011 16:35:59 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description =
Error - 10.05.2011 16:38:13 | Computer Name = Merlin | Source = Service Control Manager | ID = 7009
Description =
Error - 10.05.2011 16:38:47 | Computer Name = Merlin | Source = Service Control Manager | ID = 7009
Description =
Error - 10.05.2011 16:38:47 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Problem ist auch, dass ich unter Windows-Start nur ein leeres Feld sehe und alle programme verschwunden sind. Ebenso die Desktop Items und angeblich alle meine persönlichen Dateien. Komme ich an diese wieder ran? Kann mir jemand helfen? Besten Dank! |
| Themen zu Trojaner Vista Desktop leer Festplatte defekt? |
| 0x00000001, 32 bit, antivir, avgntflt.sys, avira, bho, desktop, desktop leer, error, excel, excel.exe, fehler, festplatte, festplatte defekt, firefox, flash player, hewlett packard, home, infizierte dateien, install.exe, installation, intranet, launch, location, logfile, m.exe, mozilla, nicht gefunden, nvlddmkm.sys, officejet, oldtimer, packard bell, plug-in, problem, programm, realtek, registry, rogue.installer.gen, scan, sched.exe, searchplugins, security, shell32.dll, software, start menu, svchost.exe, trojan.agent.u, trojan.fraudpack.gen, trojaner, usb, usb 2.0, vista |
Baum-Darstellung