Christina [Gast] schrieb am 25.April.2010, 14:31:20 in der Kategorie pc.security
ave.exe Virus - getarnt als Windows Firewall
> OK, im Vergleich zum OTL-LogFile kaum \"Neuerungen\".
>
> Poste bitte das zweite von OTL ausgeworfene LogFile, also den Inhalt der
> Datei \"Extras.txt\". Ich vermute, dass das System bereits gestern Vormittag
> durch das Herumsurfen im Web infiziert wurde. Hast Du gestern Vormittag auf
> nicht ganz so seriösen Seiten nach Filesharing-Tools oder dergleichen
> gesucht?
Die Seiten die ich gestern besucht habe waren, soweit ich mich erinnern kann: yahoo, youtube, facebook, online dictionaries leo und pons, und meine uni seite. und natürlich war ich mit skype verbunden.
Zugegeben, ich seh mir gerne TV serien via livestream an, aber das hab ich in den letzten tagen zwecks lernstress nicht gemacht, also sollt es daran nicht liegen.
zwischen 10 uhr abends und 1 uhr nachts gestern hab ich neben frostwire allerdings diverse \"nicht so ganz seriöse\" Seiten durchsucht, kann dir aber nicht mehr sagen wie die heißen, da ich wahllos per google herumgesucht habe. Ich sollte in zukunft wirklich die finger von so etwas lassen, wie kann ein mensch nur so dumm sein.
hier ist das extras-file (wieder gesplittet, weil zu lang):
OTL Extras logfile created on: 25.04.2010 12:05:17 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\\Users\\moi\\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files
Drive C: | 149,04 Gb Total Space | 82,57 Gb Free Space | 55,40% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 93,83 Gb Free Space | 68,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MOI-PC
Current User Name: moi
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]
.cpl [@ = cplfile] -- C:\\Windows\\System32\\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\\Windows\\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\\SOFTWARE\\Classes\\<extension>]
.html [@ = FirefoxHTML] -- C:\\Program Files\\Mozilla Firefox\\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]
batfile [open] -- \"%1\" %*
cmdfile [open] -- \"%1\" %*
comfile [open] -- \"%1\" %*
cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)
exefile [open] -- \"%1\" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- \"C:\\Program Files\\Microsoft Office\\Office10\\msohtmed.exe\" %1 (Microsoft Corporation)
htmlfile [print] -- \"C:\\Program Files\\Microsoft Office\\Office10\\msohtmed.exe\" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)
piffile [open] -- \"%1\" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- \"%1\"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- \"%1\" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]
\"cval\" = 0
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\" = 1
\"\" =
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]
\"AntiVirusOverride\" = 0
\"AntiSpywareOverride\" = 0
\"FirewallOverride\" = 0
\"VistaSp1\" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]
\"EnableFirewall\" = 0
\"DisableNotifications\" = 0
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]
\"EnableFirewall\" = 0
\"DisableNotifications\" = 0
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]
\"EnableFirewall\" = 0
\"DisableNotifications\" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]
\"{4BF00E50-E6A4-48D4-A529-B7765237D7C9}\" = lport=2869 | protocol=6 | dir=in | app=system |
\"{7D83118A-7456-47CA-856C-E858C1D6423B}\" = lport=6004 | protocol=17 | dir=in | app=c:\\program files\\microsoft office\\office12\\outlook.exe |
\"{811FF0D8-362C-4D00-AE1E-65F1CEE1ED79}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]
\"{130208CA-1701-4FF7-BB6B-2D1EC52838C2}\" = protocol=6 | dir=in | app=c:\\windows\\explorer.exe |
\"{2BC79E5A-08A9-4509-904D-D6CF720F00DB}\" = protocol=6 | dir=in | app=c:\\program files\\frostwire\\frostwire.exe |
\"{4D29702C-BAD3-4E2A-A6F9-DEE4A5AD77E8}\" = protocol=17 | dir=in | app=c:\\program files\\itunes\\itunes.exe |
\"{516EEBE9-BE09-4FF2-BB75-96C833C521DD}\" = protocol=17 | dir=in | app=c:\\program files\\frostwire\\frostwire.exe |
\"{62C707C2-228E-472D-A426-8910382A9E33}\" = protocol=17 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe |
\"{7512C3E0-0A32-478D-BCC2-438A29A4892A}\" = dir=in | app=c:\\program files\\windows live\\messenger\\wlcsdk.exe |
\"{7740F60B-023F-4BCC-912E-DEF0AF568BD4}\" = dir=in | app=c:\\program files\\skype\\phone\\skype.exe |
\"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}\" = dir=in | app=c:\\windows\\explorer.exe |
\"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}\" = protocol=6 | dir=in | app=c:\\windows\\explorer.exe |
\"{82ACBDF4-5139-4741-9C97-654BDFBE373B}\" = protocol=17 | dir=in | app=c:\\program files\\itunes\\itunes.exe |
\"{88E4128F-4D53-472B-83BF-DB17C0E3C838}\" = protocol=17 | dir=in | app=c:\\windows\\explorer.exe |
\"{92459C5E-D350-4cba-AA74-C8F989C9336F}\" = protocol=17 | dir=out | app=c:\\windows\\explorer.exe |
\"{9F51FFA8-A78B-4183-8A21-BFBB51362A6F}\" = protocol=6 | dir=in | app=c:\\program files\\itunes\\itunes.exe |
\"{A06A0040-1AAA-472D-AD90-709678CE7ED3}\" = protocol=17 | dir=in | app=c:\\windows\\explorer.exe |
\"{A073849F-673F-496E-8EBC-EE48D90245A5}\" = protocol=6 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe |
\"{A4575E2A-EB18-4CCF-A21A-16ABE3F3AFF4}\" = protocol=6 | dir=in | app=c:\\windows\\explorer.exe |
\"{B078B2B6-A878-44ff-9BCC-458257924F96}\" = protocol=17 | dir=in | app=c:\\windows\\explorer.exe |
\"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}\" = protocol=6 | dir=out | app=c:\\windows\\explorer.exe |
\"{BDDB76BA-F294-4891-BAD7-919A6BA0EF8D}\" = dir=in | app=c:\\program files\\windows live\\sync\\windowslivesync.exe |
\"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}\" = dir=out | app=c:\\windows\\explorer.exe |
\"{D2D5C346-057A-43E5-90F1-BE8EB54830D6}\" = protocol=6 | dir=in | app=c:\\program files\\itunes\\itunes.exe |
\"{D7A5583A-D517-46B1-A211-9459117F0E7F}\" = dir=in | app=c:\\program files\\windows live\\messenger\\msnmsgr.exe |
Archiv