Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Auch Probleme nach antimalware Doktor

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.07.2010, 00:26   #1
puetti.
 
Auch Probleme nach antimalware Doktor - Standard

Auch Probleme nach antimalware Doktor



Hallo,
wie ich gesehen habe, habe ich das gleiche Problem, wie auch andere hier: ich hatte mir einen malwaredoktor eingefangen. Diesen scheine ich jetzt zwar vertrieben zu haben, aber dafür funktioniert mein internet explorer gar nicht mehr und mein antivirus Programm (Avira) kann sich nicht mehr updaten. Außerdem stopt mein windows defenser jetzt plötzlich lauter startup Programme, was er früher nicht getan hat (das stört mich weniger) und ich frage mich ob die malware auch wirklich weg ist. So weit die Problembeschreibung, jetzt mal die Tatbestände: Habe eure Anleitung gefolgt und erst rkill.com und danach mit Malwarebytes anti-malware. Schien erst alles gut aber nach erforderlichem Neustart war ein neues "Schutzprogramm" da. Habe den Vorgang wiederholt und dann war alles in Ordnung. Habe dann auch mehrere male CCleaner durchlaufen lassen und die OTL-scan gemacht. Resultate:

1. Mal malwarebyte:

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4362

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

28.07.2010 19:29:46
mbam-log-2010-07-28 (19-29-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 187269
Laufzeit: 3 Stunde(n), 5 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 20

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cekjtsnf (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Spyware.Zbot) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\****\AppData\Local\lgbkyohyl\lkeoqdatssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNOUUWYX\sjnvpnidk[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUG6RMJM\bsvqbwql[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\******\AppData\Local\Temp\fFollower.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\*******\AppData\Local\Temp\itse.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\0.14380055554757498.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\1280162344.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\4_pinnew.exe (Trojan.Kryptic) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\6_ldry3no.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\miragge.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\opeFB43.exe (Trojan.Kryptic) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\~TM3690.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwqxk32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\2_load.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\Temp\60325cahp25ca2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\****\iExplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

2. Mal:

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4362

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

29.07.2010 05:58:39
mbam-log-2010-07-29 (05-58-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 187095
Laufzeit: 2 Stunde(n), 54 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\****\iExplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

und dann schließlich noch der (oder das) Log von OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.07.2010 14:06:53 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\kristin\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 225,00 Mb Available Physical Memory | 23,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,46 Gb Total Space | 24,04 Gb Free Space | 48,61% Space Free | Partition Type: NTFS
Drive D: | 11,40 Gb Total Space | 4,51 Gb Free Space | 39,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****-PC
Current User Name: ******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\k*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (A5AGU) -- C:\Windows\System32\drivers\AGUx86.sys (D-Link Corporation)
DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071011.001\IDSvix86.sys (Symantec Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.forestle.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.dofair.org/de"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 21:36:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 21:36:26 | 000,000,000 | ---D | M]
 
[2009.07.11 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Mozilla\Extensions
[2010.07.29 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x8lofk9c.default\extensions
[2010.04.27 11:56:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kristin\AppData\Roaming\Mozilla\Firefox\Profiles\x8lofk9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.20 18:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.10.03 22:28:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.06.21 05:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010.04.13 10:42:22 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.13 10:42:22 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.13 10:42:22 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.13 10:42:23 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.13 10:42:23 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ugent.be ([athena] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ugent.be ([athenax] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68df2259-1028-11df-b50c-003005ff650d}\Shell\Autoplay\command - "" = G:\usb_installer.exe -- File not found
O33 - MountPoints2\{68df2259-1028-11df-b50c-003005ff650d}\Shell\explore\Command - "" = G:\usb_installer.exe -- File not found
O33 - MountPoints2\{68df2259-1028-11df-b50c-003005ff650d}\Shell\Open\Command - "" = G:\usb_installer.exe -- File not found
O33 - MountPoints2\{765e205f-5d93-11dd-9816-00a0d1c4e717}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{765e205f-5d93-11dd-9816-00a0d1c4e717}\Shell\explore\Command - "" = C:\Windows\explorer.exe -- [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{765e205f-5d93-11dd-9816-00a0d1c4e717}\Shell\open\Command - "" = C:\Windows\explorer.exe -- [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{87821a97-bd9f-11de-877e-00a0d1c4e717}\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.29 14:02:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.07.29 06:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.29 06:05:46 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\*****\ccsetup234.exe
[2010.07.28 12:15:00 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Virus
[2010.07.28 12:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.28 05:44:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\lgbkyohyl
[2010.07.28 05:44:14 | 000,000,000 | -HSD | C] -- C:\Users\******\AppData\Roaming\lowsec
[2010.07.28 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Malwarebytes
[2010.07.28 00:16:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.28 00:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.28 00:16:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.28 00:14:44 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\kristin\Desktop\herbert.exe
[2010.07.27 23:09:53 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\F7338DD58FB39DF3AA736995116FB9D4
[2010.07.01 23:27:44 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Documents\Mari-Dimi_Hochzeit
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.29 14:03:54 | 002,883,584 | -HS- | M] () -- C:\Users\*******\ntuser.dat
[2010.07.29 14:02:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\kristin\Desktop\OTL.exe
[2010.07.29 13:55:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 13:55:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.29 13:55:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 06:07:35 | 000,000,810 | ---- | M] () -- C:\Users\kristin\Desktop\CCleaner.lnk
[2010.07.29 06:05:58 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\******\ccsetup234.exe
[2010.07.28 22:41:03 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.07.28 19:36:11 | 000,363,520 | ---- | M] () -- C:\Users\*****\rkill.com
[2010.07.28 19:33:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.28 19:31:15 | 006,291,456 | -H-- | M] () -- C:\Users\kristin\AppData\Local\IconCache.db
[2010.07.28 12:15:01 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 11:39:44 | 000,088,576 | ---- | M] () -- C:\Users\kristin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.28 05:56:53 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.28 05:56:53 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.28 05:56:53 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.28 05:43:48 | 000,000,012 | ---- | M] () -- C:\Users\kristin\AppData\Roaming\mbsvil.dat
[2010.07.28 00:15:14 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\kristin\Desktop\herbert.exe
[2010.07.26 20:50:56 | 000,005,000 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2010.07.24 20:18:31 | 000,027,648 | ---- | M] () -- C:\Users\******\Desktop\Hochzeitsliste_bewerkt2.xls
[2010.07.14 12:42:55 | 000,000,402 | ---- | M] () -- C:\Users\******\Desktop\Mari-Dimi_Hochzeit - Shortcut.lnk
[2010.07.14 12:42:41 | 000,000,521 | ---- | M] () -- C:\Users\*******\Desktop\Fahrtenlieder - Shortcut.lnk
[2010.07.13 21:03:42 | 000,000,949 | ---- | M] () -- C:\Users\********\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.29 06:07:35 | 000,000,810 | ---- | C] () -- C:\Users\******\Desktop\CCleaner.lnk
[2010.07.28 19:36:07 | 000,363,520 | ---- | C] () -- C:\Users\******\rkill.com
[2010.07.28 12:15:01 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 05:43:47 | 000,000,012 | ---- | C] () -- C:\Users\******\AppData\Roaming\mbsvil.dat
[2010.07.27 23:11:32 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.07.24 13:27:34 | 000,027,648 | ---- | C] () -- C:\Users\******\Desktop\Hochzeitsliste_bewerkt2.xls
[2010.07.14 12:42:55 | 000,000,402 | ---- | C] () -- C:\Users\******\Desktop\Mari-Dimi_Hochzeit - Shortcut.lnk
[2010.07.14 12:42:41 | 000,000,521 | ---- | C] () -- C:\Users\******\Desktop\Fahrtenlieder - Shortcut.lnk
[2010.07.13 21:03:42 | 000,000,949 | ---- | C] () -- C:\Users\******\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2009.02.28 03:04:16 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.10.04 12:14:06 | 000,001,732 | ---- | C] () -- C:\Windows\hpdj5700.ini
[2007.10.03 19:49:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.03 19:49:33 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2007.12.13 13:04:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\BitTorrent
[2010.07.28 03:32:07 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\F7338DD58FB39DF3AA736995116FB9D4
[2009.06.05 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICAClient
[2007.10.04 11:56:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\InterVideo
[2010.07.28 11:23:58 | 000,000,000 | -HSD | M] -- C:\Users\*******\AppData\Roaming\lowsec
[2009.01.05 13:05:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\OpenOffice.org
[2007.10.04 21:42:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Template
[2007.11.08 23:36:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Voipwise
[2010.07.28 19:31:40 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.07.28 22:41:03 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

und da war dann auch noch ein extra-Log dabei:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.07.2010 14:06:53 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\kristin\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 225,00 Mb Available Physical Memory | 23,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,46 Gb Total Space | 24,04 Gb Free Space | 48,61% Space Free | Partition Type: NTFS
Drive D: | 11,40 Gb Total Space | 4,51 Gb Free Space | 39,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KRISTIN-PC
Current User Name: kristin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A266CFC-9A36-474C-A41A-57BE1DC480D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{9AE50FE5-FD58-414B-801B-CF5EB64CBDD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F3A901E9-CC88-4EA0-AEE3-B2E0A7A9E99F}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0427DD2D-A34A-4CFB-B1AF-EA2293A133BB}" = protocol=17 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | 
"{07D2E4CF-74DB-416A-8A13-6E1E9CFA57A5}" = protocol=6 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | 
"{4794D813-A601-4243-9A73-D0CEDA663D18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C0EE28F-4CD8-4CD6-93F6-5A89D405011B}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe | 
"{87411EF1-B8DF-4042-B0AF-896322A054FF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{8D243E94-6600-462C-AA0E-5141A20363E2}" = protocol=17 | dir=in | app=c:\program files\cisco systems\vpn client\cvpnd.exe | 
"{A7986DA5-06BB-48B7-8B0B-02C0F873CAFA}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe | 
"{B143C72A-2909-4856-B2E9-FAD6366CCDEB}" = protocol=6 | dir=in | app=c:\program files\cisco systems\vpn client\cvpnd.exe | 
"{D38E07A2-2E0D-44FE-9DED-98E4BB5521C4}" = protocol=6 | dir=out | app=system | 
"{FE5F8FD2-CECC-4B8C-BDCD-55406D6B1AF0}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"TCP Query User{1EA68CBB-3663-4EC3-8A62-40AC80ECE94A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{32E431AF-161B-4465-90F0-BDEFB706F97C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4FABB058-F4EE-4A8B-B4C5-E82B4407BEF1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{55EF519B-2113-47B9-9B7D-C60578642084}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"TCP Query User{57A64C90-99B1-4FCE-8E0A-4AE42815EB2F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AFCC9D5D-DAD3-4597-A854-B6596816BD5D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C9209A71-5FD7-4FBC-AA49-1E12B3AE1A45}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{022F8F42-3487-4DC8-8BCD-B1C1094AA278}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{040D12BD-1742-449F-98DA-A5DD25796F8B}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{06DAC7E0-0FC4-4FFC-A558-EC6D49FE5ACB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{22F52ED3-E18A-4FE4-B619-53D4F31E8EFC}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{26B52202-5F9F-4B12-BE4E-9F72F3D88B5C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{497CEC4D-831C-4308-B545-C0419DD63E93}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{80605B2C-E3F9-472A-816F-B1A03D5E767C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0413-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E4B7BD2F-FC41-490F-965D-15D93F4FE1A2}" = OpenOffice.org 3.0
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC899917-C880-1017-8CB7-B932BD009007}" = DNE Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Chrome9 HC IGP Family Windows Vista Display
"VIA Chrome9 HC IGP Windows Vista Display" = VIA Display Vista Driver 7.14.10.0060
"VLC media player" = VideoLAN VLC media player 0.8.6i
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinRAR archiver" = Compresor WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.04.2010 08:36:27 | Computer Name = ******-PC | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x4875a34b,
 faulting module libvlc.dll, version 0.0.0.0, time stamp 0x4875a34b, exception code
 0xc0000005, fault offset 0x000176cd,  process id 0xff8, application start time 0x01cad4bc6ab5182e.
 
Error - 09.04.2010 08:15:28 | Computer Name = *******-PC | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x4875a34b,
 faulting module libvlc.dll, version 0.0.0.0, time stamp 0x4875a34b, exception code
 0xc0000005, fault offset 0x00016f10,  process id 0xb38, application start time 0x01cad7dd80cb57e9.
 
Error - 20.04.2010 18:04:14 | Computer Name = ******-PC | Source = Application Error | ID = 1000
Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da,
 faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception
 code 0xc0000005, fault offset 0x000130b2,  process id 0xc04, application start time
 0x01cae0c869c9fb6a.
 
Error - 30.04.2010 15:10:30 | Computer Name = ******-PC | Source = Application Error | ID = 1000
Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da,
 faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception
 code 0xc0000005, fault offset 0x000130b2,  process id 0xdf4, application start time
 0x01cae8464fff71da.
 
Error - 08.05.2010 07:52:54 | Computer Name = ******-PC | Source = Application Error | ID = 1000
Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da,
 faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception
 code 0xc0000005, fault offset 0x000130b2,  process id 0x10c, application start time
 0x01caee8c6929dc26.
 
Error - 21.05.2010 04:15:11 | Computer Name = *******-PC | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6353, time stamp
 0x4aa91b5d, faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034,
 exception code 0xc0000005, fault offset 0x00048d72,  process id 0xc58, application
 start time 0x01caf8b51c2e35ca.
 
Error - 22.05.2010 11:45:32 | Computer Name = *******-PC | Source = Application Error | ID = 1000
Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da,
 faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception
 code 0xc0000005, fault offset 0x000130b2,  process id 0x7e8, application start time
 0x01caf9b6ee42b998.
 
Error - 24.05.2010 16:03:38 | Computer Name = ******-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 24.05.2010 16:03:42 | Computer Name = *********-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 07.06.2010 15:36:53 | Computer Name = ******-PC | Source = Application Error | ID = 1000
Description = Faulting application HDAudioCPL.exe, version 0.2.0.0, time stamp 0x45d524da,
 faulting module USER32.dll, version 6.0.6000.16438, time stamp 0x45d3dc0e, exception
 code 0xc0000005, fault offset 0x000130b2,  process id 0xc60, application start time
 0x01cb066f99608f70.
 
[ System Events ]
Error - 25.07.2010 06:01:35 | Computer Name = *******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.07.2010 07:53:58 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.07.2010 14:14:02 | Computer Name = ******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.07.2010 17:04:09 | Computer Name = *******-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:41:57 on 25.07.2010 was unexpected.
 
Error - 25.07.2010 17:49:24 | Computer Name = ******-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:45:54 on 25.07.2010 was unexpected.
 
Error - 27.07.2010 17:40:10 | Computer Name = *******-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:36:59 on 27.07.2010 was unexpected.
 
Error - 27.07.2010 17:40:20 | Computer Name = ******-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 27.07.2010 17:46:09 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 28.07.2010 05:04:40 | Computer Name = ******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.07.2010 12:45:23 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


es tut mir leid, vielleicht ist bei mir da etwas schief gelaufen, aber dieser log ist so groß, dass er in sehr viele antworten aufgeteilt werden müßte. Ich hab´s auch als Anhang versucht, aber die Datei betrug 2,4 MB und war also auch dafür viel zu groß. Ist dieser Log nötig?

Vielen lieben Dank auf jeden Fall schon mal im Vorhinein für eure Hilfe, auch die Anleitung zur Entfernung des antimalware Doktors war super!

LG,
Kristin

Antwort

Themen zu Auch Probleme nach antimalware Doktor
acroiehelper.dll, anti malware doctor, antimalware, antivirus, appdata, audiodg.exe, avgntflt.sys, avira, ccsetup, components, corp./icp, dateien, explorer, firefox.exe, frage, funktioniert, iexplore.exe, install.exe, internet, internet explorer, load.exe, local\temp, location, malwarebytes, microsoft, microsoft office word, msiinstaller, neustart, nvstor.sys, oldtimer, otl-scan, otl.exe, problem, probleme, programdata, programm, programme, rkill.com, saver, sched.exe, searchplugins, shell32.dll, skype.exe, software, start menu, super, torrent.exe, trojan.agent, trojan.fakealert, update, userinit, vlc media player, wiederholt, windows



Ähnliche Themen: Auch Probleme nach antimalware Doktor


  1. Win 8 - Virenprogramm findet die selben Probleme, auch nach Behebung
    Log-Analyse und Auswertung - 17.06.2015 (9)
  2. Windows 7: diverse Probleme und viele Funde bei MWB Antimalware
    Log-Analyse und Auswertung - 06.03.2014 (15)
  3. Sound Probleme bei Tastatur eingabe und die eingabe selbst hackt auch! Verschwunden nach Neustart, kehrt aber wieder wen ich Online gehe
    Log-Analyse und Auswertung - 30.01.2014 (5)
  4. Probleme mit Antimalware Doctor - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (13)
  5. Probleme mit Antimalware Doctor und ggf. weiterer malware
    Plagegeister aller Art und deren Bekämpfung - 02.11.2010 (45)
  6. Antimalware Doctor entfernt aber weitere Probleme
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (17)
  7. Antimalware doktor und Security Tool, Anleitungen funktionieren nicht!
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (5)
  8. Antimalware Doctor & Security Tool entfernt aber trotzdem Probleme
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (23)
  9. Antimalware doctor: Malwarebytes hat Probleme beim löschen ?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (6)
  10. Nach "Antimalware Doctor" weiterhin Probleme
    Log-Analyse und Auswertung - 08.08.2010 (33)
  11. Nach Antimalware Doctor weiterhin Probleme: 1. AntiVir funktioniert nicht mehr 2. Explorer und Mozil
    Log-Analyse und Auswertung - 01.08.2010 (28)
  12. Nach "Antimalware Doctor"-Befall weiterhin Probleme
    Log-Analyse und Auswertung - 27.07.2010 (7)
  13. Anti-Vir zeigt jede 10 Minuten einen Trojaner, AntiMalware auch noch 7 Infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (3)
  14. Ebenfalls Probleme mit Beseitigung von Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 02.06.2010 (4)
  15. Antimalware Doktor korrekt entfernt?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (2)
  16. Olmarik und AntiMalware macht Probleme
    Plagegeister aller Art und deren Bekämpfung - 21.12.2009 (4)
  17. Probleme auch nach XP Neuinstallation
    Log-Analyse und Auswertung - 15.11.2006 (8)

Zum Thema Auch Probleme nach antimalware Doktor - Hallo, wie ich gesehen habe, habe ich das gleiche Problem, wie auch andere hier: ich hatte mir einen malwaredoktor eingefangen. Diesen scheine ich jetzt zwar vertrieben zu haben, aber dafür - Auch Probleme nach antimalware Doktor...
Archiv
Du betrachtest: Auch Probleme nach antimalware Doktor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.