| |
| |||||||
Log-Analyse und Auswertung: OTL logfile analyseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.05.2011, 20:35
| #1 |
| |  OTL logfile analyse guten abend hatte gestern zum ersten mal eine trojaner attacke und habe malwarebytes suchen lassen (quick und vollständig) es fand nach jedem neustart jedoch wieder trojaner .... nun aber nach dem 3ten mal nicht mehr nun habe ich mir OTL runtergeladen und würde mich freuen wenn mir jemand weiterhelfen kann? zu dem ganzen kommt dass meine dateien von der c platte weg sind (nur musik gott sei dank) kann es denn sein dass der trojaner noch immer da ist oder ein verstecktes programm? systemwiederherstellung geht auch nicht weil immer dort steht nach angeblicher wiederherstellung dass das virenschutzprogramm dafür deaktiviert sein muss .... doch das half auch nichts... vielen dank im vorraus OTL logfile created on: 5/11/2011 9:19:21 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\kinkon\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146.39 Gb Total Space | 80.58 Gb Free Space | 55.04% Space Free | Partition Type: NTFS Drive D: | 1250.78 Gb Total Space | 1148.99 Gb Free Space | 91.86% Space Free | Partition Type: NTFS Drive G: | 100.00 Mb Total Space | 71.32 Mb Free Space | 71.32% Space Free | Partition Type: NTFS Computer Name: KINKON-PC | User Name: kinkon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/11 21:18:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\kinkon\Downloads\OTL.exe PRC - [2011/05/05 22:42:14 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\P\plugin-container.exe PRC - [2011/05/05 22:42:13 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\P\firefox.exe PRC - [2011/04/27 19:36:16 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/21 20:44:22 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\avguard.exe PRC - [2011/01/24 00:43:42 | 000,107,008 | -H-- | M] () -- C:\P\VLC\vlc.exe PRC - [2010/12/13 18:39:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/12/13 18:39:18 | 000,389,288 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\avcenter.exe PRC - [2010/11/24 02:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2010/05/14 21:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010/04/27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/01/07 23:09:38 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe PRC - [2009/12/31 04:47:38 | 000,523,408 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe PRC - [2009/10/16 20:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe PRC - [2009/03/30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2011/05/11 21:18:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\kinkon\Downloads\OTL.exe MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/19 15:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011/05/04 18:12:33 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll -- (Akamai) SRV - [2011/04/27 19:36:16 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\P\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/21 20:44:22 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\P\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/08 23:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/10/16 20:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/12/13 18:39:38 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010/12/13 18:39:38 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010/07/30 23:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010/07/30 23:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010/07/30 23:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010/07/30 23:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010/07/26 21:24:58 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010/07/26 21:24:54 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2010/05/31 05:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/04/27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/03/02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009/12/22 12:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/10/19 15:50:12 | 006,098,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/09/30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2008/08/28 20:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 76 53 09 4F 0C CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.7 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/04/11 19:44:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\P\components [2011/05/11 20:14:44 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\P\plugins [2011/05/11 20:14:44 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/04/11 19:44:44 | 000,000,000 | ---D | M] [2011/01/29 06:46:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\kinkon\AppData\Roaming\mozilla\Extensions [2011/05/07 05:06:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\kinkon\AppData\Roaming\mozilla\Firefox\Profiles\x3eqmhuq.default\extensions [2011/04/11 21:48:26 | 000,002,317 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\geizhalsat.xml [2011/03/02 19:59:39 | 000,000,937 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\ponseu--spanisch--deutsch.xml [2011/02/13 02:41:18 | 000,001,336 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\wiktionary-en.xml [2011/01/29 07:05:18 | 000,002,057 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\youtube-videosuche.xml File not found (No name found) -- [2011/05/11 20:14:44 | 000,000,000 | -H-D | M] (Java Console) -- C:\P\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} () (No name found) -- C:\USERS\KINKON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3EQMHUQ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI () (No name found) -- C:\USERS\KINKON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3EQMHUQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [Eraser] D:\Programme\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\P\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Standby] C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.55.5 212.33.32.160 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/11 00:07:52 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\AppData\Roaming\Malwarebytes [2011/05/11 00:07:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/05/11 00:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/11 00:07:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011/05/11 00:07:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/05/11 00:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/05/08 05:21:36 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\.datTrader [2011/04/19 22:33:44 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\Desktop\3100 [2011/04/16 20:43:00 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\AppData\Local\Eraser 6 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/11 21:08:30 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2011/05/11 20:32:37 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/05/11 20:32:37 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/05/11 20:32:37 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/05/11 20:32:37 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/05/11 20:32:37 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/05/11 20:28:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/11 20:28:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/11 20:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/05/11 20:27:53 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys [2011/05/11 19:49:53 | 000,076,950 | ---- | M] () -- C:\cc_20110511_194917.reg [2011/05/11 19:46:07 | 000,001,587 | ---- | M] () -- C:\Users\kinkon\Desktop\mbam - Verknüpfung.lnk [2011/05/11 17:58:51 | 000,274,432 | ---- | M] () -- C:\Users\kinkon\J0GZWo455FY3.exe [2011/05/10 23:15:25 | 000,000,000 | -H-- | M] () -- C:\Users\kinkon\2gweorjqjutp92vjy9gake [2011/05/09 20:36:25 | 000,003,350 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011/05/05 22:42:32 | 000,001,456 | -H-- | M] () -- C:\Users\kinkon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/26 02:15:41 | 001,411,509 | -H-- | M] () -- C:\Users\kinkon\Desktop\DSC_5040.JPG [2011/04/16 13:48:31 | 000,300,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/11 19:49:41 | 000,076,950 | ---- | C] () -- C:\cc_20110511_194917.reg [2011/05/11 19:46:07 | 000,001,587 | ---- | C] () -- C:\Users\kinkon\Desktop\mbam - Verknüpfung.lnk [2011/05/11 19:45:30 | 000,274,432 | ---- | C] () -- C:\Users\kinkon\J0GZWo455FY3.exe [2011/05/10 23:15:25 | 000,000,000 | -H-- | C] () -- C:\Users\kinkon\2gweorjqjutp92vjy9gake [2011/04/26 02:16:05 | 001,411,509 | -H-- | C] () -- C:\Users\kinkon\Desktop\DSC_5040.JPG [2011/04/13 19:25:05 | 001,144,438 | -H-- | C] () -- C:\Users\kinkon\Desktop\DSC_3171.JPG [2011/01/30 12:32:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/29 10:55:21 | 000,004,608 | -H-- | C] () -- C:\Users\kinkon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/29 10:54:31 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/01/29 10:54:31 | 000,000,168 | RHS- | C] () -- C:\ProgramData\1439757CE5.sys [2011/01/29 06:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/01/29 06:06:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/01/29 06:06:49 | 000,030,223 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2009/03/30 08:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe [2008/12/02 04:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll ========== LOP Check ========== [2011/01/29 10:30:10 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\7art [2011/04/11 20:01:16 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\Nokia [2011/04/11 20:01:16 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\Nokia Ovi Suite [2011/04/11 19:53:13 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\PC Suite [2011/03/06 19:14:45 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\Ulead Systems [2011/05/11 19:48:47 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\uTorrent [2011/03/29 19:14:34 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
11.05.2011, 21:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | OTL logfile analyseZitat:
__________________ |
|
| Themen zu OTL logfile analyse |
| adobe, akamai, antivir, autorun, avgntflt.sys, avira, bho, c platte, defender, desktop, eraser, error, explorer, format, langs, location, logfile, mozilla, musik, neustart, oldtimer, plug-in, programm, programme, realtek, registry, scan, searchplugins, software, start menu, suche, syswow64, trojaner, usb, usb 3.0, vdeck.exe, webcheck, windows |
Linear-Darstellung
