| |
| |||||||
Log-Analyse und Auswertung: Geräteanschluss-Sound ohne GerätWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.05.2011, 11:21
| #1 |
 |  Geräteanschluss-Sound ohne Gerät Hallo, seit ein paar Tagen kommt jedes mal kurz nach dem Hochfahren meines Laptops ein Geräusch, als ob ich einen USB-Stick oder ähnliches anschließen würde... Dabei habe ich rein gar nichts an meine USB-Ports angeschlossen. Es kommt auch keine Meldung und in der Taskleiste ist auch nichts zu finden. Malwarebytes sagt: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6575 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 14.05.2011 11:58:52 mbam-log-2011-05-14 (11-58-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 155546 Laufzeit: 7 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ChristmasTree (Trojan.Clicker) -> Value: ChristmasTree -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und OTL meint:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.05.2011 12:01:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,61 Gb Total Space | 76,40 Gb Free Space | 26,20% Space Free | Partition Type: NTFS
Computer Name: DAJANADELROS-PC | User Name: Dajana del Rosso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{272BC94B-8DA1-40A9-A937-1E8696A4F911}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39FCE4DD-3FB5-4A5B-AAA8-25214CD6249C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D4C65FA-6FEE-48E5-87D4-D709F2A967DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E3E9247-912C-4F1A-9292-F07D28E1DE33}" = rport=139 | protocol=6 | dir=out | app=system |
"{773FE612-8567-4178-9FEE-09528B3A9DD8}" = rport=445 | protocol=6 | dir=out | app=system |
"{85C3F615-ED89-421B-A6CA-ACA69CF768C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{8B701ABF-A91E-404B-ADEA-D453D9B8D093}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{9A8BA67F-22F8-4985-9078-B265AF4F3623}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5270301-3B6D-4690-8D33-4B8DE638AE5C}" = lport=445 | protocol=6 | dir=in | app=system |
"{BBD96890-BDC8-484D-A3A1-86E472611310}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC1C12B2-4FD2-4B36-B8A5-7F63554A9729}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B7702-B492-4B79-8A0A-C1869A9C3B91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{043A0733-EA44-4AA7-9833-6CCFA5B24543}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{08B51D27-A002-4DC8-A190-C97C6509A6C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{0B107E0C-A9A1-4E22-BFD4-D8322C85DC4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0EE5360E-62C7-4D5D-A1FC-5B6DDEF9D686}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{1065434C-CCAC-4FAA-B467-C2E2E503E7EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{18BFD929-1DE2-4DC4-AD87-31370CEF3BF8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1EFAF093-FCE0-46C4-BEC4-087F0244EB89}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2C68624B-6FEE-4E37-B800-2EE57130F21E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{48BAFD05-491D-431D-A10A-526D525E2653}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{527DBD07-FEAE-423C-8727-607A6F1B9D35}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{63727825-7CD3-4608-81C1-DDDDE61136F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6AD666AF-0428-4804-BC97-BDDF0BBEE9AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7664D3FA-285C-4220-AE3D-41FC913604B1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8B6D47B6-4713-4B6E-8EE0-F3C6DFE00C88}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8E7443DF-C0ED-4705-B29D-3A8E1D106B44}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{8FA72090-DA47-4449-BE2A-226C4208E99E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{90E08ED0-BFF0-4B25-AADD-1BF9E436EACF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A1CFC137-B643-47C3-B691-7AEB7887F437}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{A70F9A78-F046-4433-A177-CAD68418772F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B511C7EA-7519-4BF5-A717-0B18945BB402}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{BBF3C2A9-0381-4415-AC53-EB14033767AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C0C2A6F4-6BFF-404D-B975-AC5A6BCDEC17}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C150FE5B-071E-4DB4-B00B-D189A2470B36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D1323284-42DE-459B-B6FC-FA708EDCB739}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D4BD9E5F-EA23-45F3-B2BA-9B17C08B2A46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{E04DA2A2-EFA6-4080-97E6-40D50D69D069}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{E37CA6EB-5534-4EAA-A7C1-2C7852B795ED}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{E9B41D7E-1007-4C11-AD2F-9230055D0FEC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EB1FF547-B10E-43D7-B926-3F139DF66742}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9CA71B4-D069-46A8-9C0C-E8E3FD408BFA}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"TCP Query User{4AB1C48D-E711-4ECF-872D-ADE7B79716F3}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
"TCP Query User{77C3A9A3-C416-4FE9-A8DD-53FE6A10E54C}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
"TCP Query User{E7C10EA9-4D77-4096-A0FE-E672DE72F1BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3126BE55-673E-4E56-9BE2-13516668BB0D}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
"UDP Query User{7F52FFFA-FBB9-41EE-BD50-E752DB5B9AD1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{889E2587-428F-4F6A-A27D-23CEBDF06E85}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7B2AD478-6D0B-4629-B0A4-53C37D9F28F5}" = Windows Live Messenger für Kids
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.4
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5668B8-1428-460F-AE02-999A598D6883}" = Wavpack4Wavelab6
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9FFC925-E27E-436E-A2DF-652324D51031}" = Nero 8 Essentials
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EA478FED-F9B4-4176-88C3-41937786872D}" = ExpPrint
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"ElsterFormular ***unknown variable buildnummer***" = ElsterFormular
"FormatFactory" = FormatFactory 2.50
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WaveLabPro" = WaveLab 6
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.11.2010 06:45:30 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:45:30.771]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:46:05 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:46:05.877]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:46:40 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:46:40.983]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:47:16 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:47:16.093]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:47:51 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:47:51.199]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:48:26 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:48:26.306]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:49:01 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:49:01.413]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:49:36 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:49:36.519]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:50:11 | Computer Name = DajanadelRos-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:50:11.625]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:50:46 | Computer Name = DajanadelRos-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:50:46.735]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
[ System Events ]
Error - 11.05.2011 13:52:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2011 13:52:20 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 12.05.2011 05:30:44 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 12.05.2011 05:30:44 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 12.05.2011 15:08:09 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 12.05.2011 15:08:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.05.2011 06:09:32 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 13.05.2011 06:10:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 05:20:22 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 14.05.2011 05:20:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Und sagt weiter auch noch:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.05.2011 12:01:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,61 Gb Total Space | 76,40 Gb Free Space | 26,20% Space Free | Partition Type: NTFS
Computer Name: DAJANADELROS-PC | User Name: Dajana del Rosso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{272BC94B-8DA1-40A9-A937-1E8696A4F911}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39FCE4DD-3FB5-4A5B-AAA8-25214CD6249C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D4C65FA-6FEE-48E5-87D4-D709F2A967DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E3E9247-912C-4F1A-9292-F07D28E1DE33}" = rport=139 | protocol=6 | dir=out | app=system |
"{773FE612-8567-4178-9FEE-09528B3A9DD8}" = rport=445 | protocol=6 | dir=out | app=system |
"{85C3F615-ED89-421B-A6CA-ACA69CF768C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{8B701ABF-A91E-404B-ADEA-D453D9B8D093}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{9A8BA67F-22F8-4985-9078-B265AF4F3623}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5270301-3B6D-4690-8D33-4B8DE638AE5C}" = lport=445 | protocol=6 | dir=in | app=system |
"{BBD96890-BDC8-484D-A3A1-86E472611310}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC1C12B2-4FD2-4B36-B8A5-7F63554A9729}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B7702-B492-4B79-8A0A-C1869A9C3B91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{043A0733-EA44-4AA7-9833-6CCFA5B24543}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{08B51D27-A002-4DC8-A190-C97C6509A6C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{0B107E0C-A9A1-4E22-BFD4-D8322C85DC4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0EE5360E-62C7-4D5D-A1FC-5B6DDEF9D686}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{1065434C-CCAC-4FAA-B467-C2E2E503E7EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{18BFD929-1DE2-4DC4-AD87-31370CEF3BF8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1EFAF093-FCE0-46C4-BEC4-087F0244EB89}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2C68624B-6FEE-4E37-B800-2EE57130F21E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{48BAFD05-491D-431D-A10A-526D525E2653}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{527DBD07-FEAE-423C-8727-607A6F1B9D35}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{63727825-7CD3-4608-81C1-DDDDE61136F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6AD666AF-0428-4804-BC97-BDDF0BBEE9AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7664D3FA-285C-4220-AE3D-41FC913604B1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8B6D47B6-4713-4B6E-8EE0-F3C6DFE00C88}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8E7443DF-C0ED-4705-B29D-3A8E1D106B44}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{8FA72090-DA47-4449-BE2A-226C4208E99E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{90E08ED0-BFF0-4B25-AADD-1BF9E436EACF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A1CFC137-B643-47C3-B691-7AEB7887F437}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{A70F9A78-F046-4433-A177-CAD68418772F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B511C7EA-7519-4BF5-A717-0B18945BB402}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{BBF3C2A9-0381-4415-AC53-EB14033767AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C0C2A6F4-6BFF-404D-B975-AC5A6BCDEC17}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C150FE5B-071E-4DB4-B00B-D189A2470B36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D1323284-42DE-459B-B6FC-FA708EDCB739}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D4BD9E5F-EA23-45F3-B2BA-9B17C08B2A46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{E04DA2A2-EFA6-4080-97E6-40D50D69D069}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{E37CA6EB-5534-4EAA-A7C1-2C7852B795ED}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{E9B41D7E-1007-4C11-AD2F-9230055D0FEC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EB1FF547-B10E-43D7-B926-3F139DF66742}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9CA71B4-D069-46A8-9C0C-E8E3FD408BFA}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"TCP Query User{4AB1C48D-E711-4ECF-872D-ADE7B79716F3}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
"TCP Query User{77C3A9A3-C416-4FE9-A8DD-53FE6A10E54C}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
"TCP Query User{E7C10EA9-4D77-4096-A0FE-E672DE72F1BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3126BE55-673E-4E56-9BE2-13516668BB0D}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
"UDP Query User{7F52FFFA-FBB9-41EE-BD50-E752DB5B9AD1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{889E2587-428F-4F6A-A27D-23CEBDF06E85}C:\program files\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ultramixer\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7B2AD478-6D0B-4629-B0A4-53C37D9F28F5}" = Windows Live Messenger für Kids
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.4
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5668B8-1428-460F-AE02-999A598D6883}" = Wavpack4Wavelab6
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9FFC925-E27E-436E-A2DF-652324D51031}" = Nero 8 Essentials
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EA478FED-F9B4-4176-88C3-41937786872D}" = ExpPrint
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"ElsterFormular ***unknown variable buildnummer***" = ElsterFormular
"FormatFactory" = FormatFactory 2.50
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WaveLabPro" = WaveLab 6
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.11.2010 06:45:30 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:45:30.771]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:46:05 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:46:05.877]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:46:40 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:46:40.983]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:47:16 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:47:16.093]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:47:51 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:47:51.199]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:48:26 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:48:26.306]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:49:01 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:49:01.413]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:49:36 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:49:36.519]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:50:11 | Computer Name = DajanadelRos-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:50:11.625]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
Error - 28.11.2010 06:50:46 | Computer Name = DajanadelRos-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/11/28 11:50:46.735]: [00000732]: GetDeviceIpAddress:
GetAddressByName [BRW904CE591EABB] Error
[ System Events ]
Error - 11.05.2011 13:52:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2011 13:52:20 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 12.05.2011 05:30:44 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 12.05.2011 05:30:44 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 12.05.2011 15:08:09 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 12.05.2011 15:08:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.05.2011 06:09:32 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 13.05.2011 06:10:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2011 05:20:22 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 14.05.2011 05:20:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Könnte mal bitte einer schauen, ob ich mir Sorgen machen muss? Liebe Grüße, Danira |
|
14.05.2011, 12:35
| #2 |
| /// Malware-holic   | Geräteanschluss-Sound ohne Gerät hi, na wenn du uns vllt noch otl.txt posten könntest, dann könnten wir los legen :-)
__________________
__________________ |
|
14.05.2011, 14:14
| #3 |
| | Geräteanschluss-Sound ohne Gerät Oh mist...
__________________Aber jetzt!OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.05.2011 12:01:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 291,61 Gb Total Space | 76,40 Gb Free Space | 26,20% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation) MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AllShare) -- C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.29 20:45:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 20:45:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.03 14:10:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.03.18 13:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.16 22:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.18 14:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.18 12:41:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.18 22:19:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.18 13:59:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.12 19:24:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.12 19:24:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.12 19:24:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.12 19:24:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.12 19:24:17 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) O4 - HKCU..\Run: [Christmas spirit] File not found O4 - HKCU..\Run: [ChristmasTree] File not found O4 - HKCU..\Run: [Deluxe Tree] File not found O4 - HKCU..\Run: [DesktopXmasTree] File not found O4 - HKCU..\Run: [FreeXmasTree] File not found O4 - HKCU..\Run: [GetChristmas] File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Dajana del Rosso\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dajana del Rosso\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.14 11:46:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.14 11:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.14 11:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.14 11:46:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.14 11:46:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.12 13:57:53 | 000,000,000 | ---D | C] -- C:\Users\Dajana del Rosso\Desktop\xxx [2011.05.08 21:39:10 | 000,000,000 | ---D | C] -- C:\Users\Dajana del Rosso\Desktop\Tanz der Teufel [2011.04.27 22:04:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 22:04:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 22:04:54 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.16 11:02:14 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.16 11:02:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.16 11:02:03 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.16 11:01:50 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.16 11:01:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.16 11:01:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.16 11:01:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 11:01:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 11:01:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 11:01:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.16 11:01:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 11:00:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.16 11:00:46 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 11:00:45 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll ========== Files - Modified Within 30 Days ========== [2011.05.14 12:02:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.14 11:46:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.14 11:24:25 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.14 11:24:25 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.14 11:24:25 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.14 11:24:25 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.14 11:19:35 | 000,070,945 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.14 11:19:35 | 000,070,945 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.14 11:18:58 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.14 11:18:58 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.14 11:18:54 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.14 11:18:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.14 11:18:47 | 2414,190,592 | -HS- | M] () -- C:\hiberfil.sys [2011.05.13 15:18:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.13 12:27:55 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.05.13 12:10:07 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A685E19E-29F2-4CD0-BD4B-5B4701599932}.job [2011.05.12 21:07:31 | 000,154,624 | ---- | M] () -- C:\Users\Dajana del Rosso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.07 11:39:18 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2011.05.07 11:39:10 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\BB1406829C.sys [2011.05.01 19:42:10 | 003,107,236 | ---- | M] () -- C:\Timbaland - Carry Out (Featuring Justin Timberlake) - Kopie.mp3 [2011.05.01 19:42:10 | 000,000,089 | ---- | M] () -- C:\Timbaland - Carry Out (Featuring Justin Timberlake) - Kopie.MRK [2011.04.28 13:17:31 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2011.04.16 15:09:54 | 000,269,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.05.14 11:46:36 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.01 19:42:10 | 000,000,089 | ---- | C] () -- C:\Timbaland - Carry Out (Featuring Justin Timberlake) - Kopie.MRK [2011.05.01 19:41:56 | 003,107,236 | ---- | C] () -- C:\Timbaland - Carry Out (Featuring Justin Timberlake) - Kopie.mp3 [2010.10.18 13:54:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.17 23:26:30 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.06.24 11:33:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.05.27 09:23:47 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.27 09:23:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.05.27 09:23:45 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.27 09:23:45 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.27 09:23:42 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.05.19 00:44:47 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.05.19 00:44:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010.05.16 20:14:32 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.05.16 20:12:56 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2010.05.16 20:12:47 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2010.05.16 19:56:09 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.05.04 13:37:56 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2010.03.22 21:46:15 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.03.22 13:29:11 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.22 13:29:11 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\BB1406829C.sys [2010.03.19 13:37:37 | 000,000,552 | ---- | C] () -- C:\Users\Dajana del Rosso\AppData\Local\d3d8caps.dat [2010.03.16 11:33:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.03.16 11:33:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.03.15 14:22:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.03.13 02:12:33 | 000,154,624 | ---- | C] () -- C:\Users\Dajana del Rosso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.12 22:59:48 | 000,004,984 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010.03.12 22:52:25 | 000,001,356 | ---- | C] () -- C:\Users\Dajana del Rosso\AppData\Local\d3d9caps.dat [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,269,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll < End of report > DANKESCHÖN!!!! |
|
14.05.2011, 14:19
| #4 |
| /// Malware-holic | Geräteanschluss-Sound ohne Gerät bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2011, 16:20
| #5 |
| | Geräteanschluss-Sound ohne Gerät Oh neee... Gleich nachdem combofix loslegen wollte, gab er mir den Hinweis, dass er wegen der Anwesenheit eines Rootkits den Rechner nun neu starten wird... Ich sollte mir vorher noch C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe C:\Documents notieren, da es später evt. noch benötigt werden könnte? Kurz vor Ende des Scans bekam ich die Windows-Mitteilung, dass pev.cfxxe nicht mehr richtig ausgeführt wird und das Programm darum geschlossen wird. Weiß nicht ob das relevant ist? Und hier nun das Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-13.03 - *** 14.05.2011 16:52:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2301.1213 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\64dlls.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\intel64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\Kernel32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\localsys64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\oembios.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra73.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\swin32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twex.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twext.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\wsnpoema.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-14 bis 2011-05-14 ))))))))))))))))))))))))))))))
.
.
2011-05-14 15:04 . 2011-05-14 15:05 -------- d-----w- c:\users\***\AppData\Local\temp
2011-05-14 15:04 . 2011-05-14 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-14 14:40 . 2011-05-14 14:41 -------- d-----w- C:\32788R22FWJFW
2011-05-14 09:48 . 2011-05-14 09:48 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-05-14 09:46 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 09:46 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 09:46 . 2011-05-14 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 13:29 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-27 20:04 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 20:04 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 20:04 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-16 09:02 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-16 09:02 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-16 09:02 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-16 09:02 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-16 09:00 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-16 09:00 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-16 09:00 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-16 09:00 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-16 09:00 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-16 09:00 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 20:09 . 2010-03-12 23:15 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll
2011-03-03 15:40 . 2011-04-27 20:04 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 20:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 20:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 20:05 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 09:20 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:20 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:20 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2011-03-07 93816]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Corel Photo Downloader"="c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [2007-08-17 483144]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 09:42]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 09:42]
.
2011-05-14 c:\windows\Tasks\User_Feed_Synchronization-{A685E19E-29F2-4CD0-BD4B-5B4701599932}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Deluxe Tree - c:\users\***\Downloads\trees\trees\Christmas2.exe
HKCU-Run-DesktopXmasTree - c:\users\***\Downloads\trees\trees\DesktopLightingTree.exe
HKCU-Run-FreeXmasTree - c:\users\***\Downloads\trees\trees\FreeXmasTree.exe
HKCU-Run-GetChristmas - c:\users\***\Downloads\trees\trees\GetChristmas.exe
HKCU-Run-Christmas spirit - c:\users\***\Downloads\trees\trees\XmasSpirit.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-14 17:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\DAJANA~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-14 17:07:52
ComboFix-quarantined-files.txt 2011-05-14 15:07
.
Vor Suchlauf: 11 Verzeichnis(se), 81.058.246.656 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 84.507.389.952 Bytes frei
.
- - End Of File - - 93FF8F303BAAB09E5CA17A71E7F55B9A
|
|
14.05.2011, 16:27
| #6 |
| /// Malware-holic | Geräteanschluss-Sound ohne Gerät jo, du hast hier n paar unschöne gesellen. öffne bitte computer öffne c: öffne qoobox. rechtsklick auf quarantain. mit winrar oder zip packen, archiv hochladen- http://www.trojaner-board.de/54791-a...ner-board.html
__________________ --> Geräteanschluss-Sound ohne Gerät |
|
14.05.2011, 17:42
| #7 |
| | Geräteanschluss-Sound ohne Gerät Okay, erledigt! Hab ich eigentlich schon DANKE!!!!! gesagt...? Wie unschön sind meine Gesellen denn? |
|
14.05.2011, 18:11
| #8 |
| /// Malware-holic | Geräteanschluss-Sound ohne Gerät sehr unschön. machst du onlinebanking oder einkäufe oder sonst was wichtiges?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2011, 19:15
| #9 |
| | Geräteanschluss-Sound ohne Gerät Oh nein JA! Tu ich! Beides!!! So schlimm???? |
|
14.05.2011, 20:18
| #10 |
| | Geräteanschluss-Sound ohne Gerät Seh ich das richtig, dass mir ausser ein neu Aufsetzen nichts anderes bleibt? Bei Wikipedia habe ich eben gelesen, dass sich so ein Rootkit aber unter Umständen auch im Bios festsetzen kann??? Was mach ich denn nu... Es bringt doch auch nichts, jetzt sämtliche Passwörter und Co. zu ändern, solange das Rootkit auf dem Rechner ist richtig? Oder ist der jetzt in Quarantäne? Wie verbreitet sich solch ein Rootkit denn? Wenn mein Mann und ich uns gegenseitig gelegentlich Dateien über einen USB-Stick geben, wie wahrscheinlich ist es dann, das er den vielleicht auch hat? Wenn er sich so nicht verbreiten kann, könnte ich ja seinen Laptop zum Ändern der Passwörter und Co. verwenden... Oder lieber nicht? |
|
14.05.2011, 20:30
| #11 |
| /// Malware-holic | Geräteanschluss-Sound ohne Gerät sorry, mein internet ist ausgefallen. ja: 1. notfall nummer der bank anrufen, onlinebanking sperren lassen: 116 116 ist die nummer. 2. sichere daten wie bilder dokumente etc auf ne externe festplatte. 3. danach neu aufsetzen. wenn du willst erkläre ich dir wie du das system richtig absicherst, damit in zukunft alles glatt läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2011, 21:15
| #12 |
| | Geräteanschluss-Sound ohne Gerät Ach so'n Mist aber auch... Bin ich froh, dass ich mich an euch gewandt habe!!! Online Banking ist nun gesperrt, aber sag mal, wenn ich jetzt Dateien auf eine externe Festplatte sichere, muss ich dann Angst haben, dass ich dieses Rootkit mit "sichere" und nach dem neu aufsetzen wieder mit auf den Rechner spiele? Und wie ist das mit dem Laptop von meinem Mann? Kann ich ihm vielleicht mit dem USB-Stick auch den Rootkit mit rüber gespielt haben? Entschuldige die doofen Fragen, aber ich habe echt keine Ahnung davon... Und ja, sehr gerne freue ich mich über Tipps, dass mir das nicht noch einmal passiert!!!! |
|
15.05.2011, 10:37
| #13 |
| /// Malware-holic | Geräteanschluss-Sound ohne Gerät hi, normalerweise nicht. deaktiviere die autorun funktion: Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de und starte dann mit der sicherung. wir können uns, wenn wir mit dem hier durch sind, das gerät deines mannes mal anschauen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2011, 10:40
| #14 |
| | Geräteanschluss-Sound ohne Gerät Und noch ne doofe Frage... Kann sich der Rootkit unter Umständen einfach übers Wlan auch auf andere Rechner in dieser Wohnung verteilt haben? Wir haben hier insgesamt 3 Laptops und 2 Stand-PCs.... Ich würde dich sehr gerne auch über die einmal drüber schauen lassen, aber ich will deine Geduld nicht überstrapazieren...? EDIT: Oh entschuldige, das hat sich überschnitten... *schäm* |
|
15.05.2011, 10:52
| #15 |
| /// Malware-holic | Geräteanschluss-Sound ohne Gerät normalerweise nicht. führe mal Malwarebytes auf allen geräten aus, außer natürlich auf dem, dass wir formatieen wollen nicht mehr. download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. nummeriere die logs durch und poste sie bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Geräteanschluss-Sound ohne Gerät |
| 32 bit, 7-zip, adobe, avira, bonjour, desktop, dll, error, explorer, flash player, format, frage, google, google earth, home, install.exe, location, logfile, mozilla, mozilla thunderbird, nvidia, oldtimer, registry, rundll, schließen, security, server, shell32.dll, shortcut, software, taskleiste, tcp, trojan.clicker, tubebox, udp, vista |
Linear-Darstellung
