gmer log hier posten ?

asterixbx · 05.02.2010, 22:50

hallo zusammen#
hoffe bin hier richtig
ein bekannter netzbetreiber hat meinem mail account gesperrt weil er wohl von spammern gehackt wurde
das übliche virenzeugs findet nix
kann ich hier ein GMER log posten?

ideenlose grüße

Chris4You · 05.02.2010, 22:59

Hi,

GMER alleine wird wahrscheinlich nicht viel bringen...
Mit welchen Scannern warst Du schon unterwegs, Ergebnisse?

Die Spammachine zu finden ist z.Z. sehr schwierig, es sind einig neue im Umlauf...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

Prevx:
http://www.prevx.com/freescan.asp
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

asterixbx · 06.02.2010, 07:53

hallo chris vielen dank für deine hilfe :-)
malwarebytes hat nix gefunden
otl:
OTL logfile created on: 06.02.2010 07:47:15 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\naddel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 60,87 Gb Free Space | 55,39% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 105,90 Gb Free Space | 96,28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADDEL-PC
Current User Name: naddel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\naddel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\PSIService.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\naddel\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\17.5.0.127\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (PCTCore) -- File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.032\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.032\NAVENG.SYS (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1105000.07F\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1105000.07F\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1105000.07F\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1105000.07F\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1105000.07F\Ironx86.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1105000.07F\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1105000.07F\SYMDS.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (usbser) -- C:\Windows\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (VMC302) -- C:\Windows\VMC302 [2009.01.08 04:51:10 | 000,000,000 | ---D | M]
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (VMC326) -- C:\Windows\System32\VMC326.ax (vimicro)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009.10.27 06:35:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.01.27 05:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.24 07:37:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.24 07:37:22 | 000,000,000 | ---D | M]

[2009.09.23 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\naddel\AppData\Roaming\mozilla\Extensions
[2010.02.05 14:13:33 | 000,000,000 | ---D | M] -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\q6aofr8q.default\extensions
[2009.11.06 07:26:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\q6aofr8q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.01.08 04:21:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\q6aofr8q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.03 06:13:15 | 000,000,000 | ---D | M] -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\q6aofr8q.default\extensions\fsonlinescanner@f-secure.com
[2009.09.30 17:44:17 | 000,000,000 | ---D | M] -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\q6aofr8q.default\extensions\moveplayer@movenetworks.com
[2010.01.26 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\naddel\AppData\Roaming\mozilla\Firefox\Profiles\q6aofr8q.default\extensions\smarterwiki@wikiatic.com
[2009.10.27 06:47:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.24 07:37:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.24 07:37:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.24 07:37:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.24 07:37:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.24 07:37:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\naddel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\naddel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a4703ea-0bca-11df-89cc-001377981d04}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4703ea-0bca-11df-89cc-001377981d04}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a975a074-119d-11df-90d4-001377981d04}\Shell - "" = AutoRun
O33 - MountPoints2\{a975a074-119d-11df-90d4-001377981d04}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bab3885a-0fbc-11df-b2e6-001377981d04}\Shell - "" = AutoRun
O33 - MountPoints2\{bab3885a-0fbc-11df-b2e6-001377981d04}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.06 07:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.02.06 06:04:46 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Malwarebytes
[2010.02.06 06:04:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.02.06 06:04:39 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.02.06 06:04:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.02.06 06:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.05 22:40:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.02.05 20:04:04 | 000,000,000 | ---D | C] -- C:\Users\naddel\Desktop\c15
[2010.02.05 18:05:39 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.02.05 18:05:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.02.05 18:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.02.03 06:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.02.02 16:00:15 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\U3
[2010.02.02 13:13:12 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.02.02 13:12:41 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.02.01 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Nero
[2010.02.01 12:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.02.01 12:15:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2010.02.01 12:14:11 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.02.01 11:47:01 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent
[2010.02.01 11:45:53 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\uTorrent
[2010.01.29 14:04:42 | 000,000,000 | ---D | C] -- C:\Programme\NSS
[2010.01.29 13:37:09 | 000,032,377 | ---- | C] (B-phreaks) -- C:\Windows\System32\drivers\prodigy.sys
[2010.01.28 06:30:31 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2010.01.27 11:51:17 | 000,000,000 | ---D | C] -- C:\Users\naddel\Documents\DVDVideoSoft
[2010.01.27 11:51:01 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.01.27 11:51:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.01.27 08:44:43 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Local\Nokia
[2010.01.27 08:44:31 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Local\NokiaAccount
[2010.01.27 08:36:39 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.01.27 08:36:15 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.01.27 08:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\OviInstallerCache
[2010.01.27 08:03:01 | 000,000,000 | ---D | C] -- C:\Users\naddel\{cd0d0868-a5c1-4712-a465-948a497c3fd8}
[2010.01.27 08:02:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PCSuite
[2010.01.27 07:53:51 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\PC Suite
[2010.01.27 07:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.01.27 07:53:36 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Nokia
[2010.01.27 07:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010.01.27 07:35:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2010.01.27 07:35:28 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2010.01.27 07:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.01.23 18:49:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.01.23 18:49:50 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.01.23 18:49:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.23 18:49:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.01.23 18:49:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.01.23 18:49:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.01.23 18:49:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.01.23 18:49:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.01.23 18:49:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.01.23 18:49:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.01.23 18:49:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.01.23 18:49:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.23 18:49:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.01.23 18:49:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.01.23 09:39:02 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\DivX
[2010.01.21 09:13:14 | 000,000,000 | ---D | C] -- C:\Users\naddel\Desktop\caterevolution
[2010.01.13 06:35:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.01.13 06:35:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.01.12 07:24:45 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.01.12 07:24:35 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.01.12 07:24:35 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.01.12 07:24:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2010.01.12 07:24:12 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.01.12 07:24:12 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.01.12 04:23:19 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\vlc
[2010.01.12 04:22:31 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.01.11 21:07:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real
[2010.01.11 21:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.01.11 21:07:43 | 000,000,000 | ---D | C] -- C:\Programme\Real
[2010.01.11 21:07:14 | 000,000,000 | ---D | C] -- C:\Users\naddel\AppData\Roaming\Real

========== Files - Modified Within 30 Days ==========

[2010.02.06 07:46:49 | 002,359,296 | -HS- | M] () -- C:\Users\naddel\NTUSER.DAT
[2010.02.06 07:34:02 | 001,867,346 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1105000.07F\Cat.DB
[2010.02.06 07:22:13 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.06 07:22:13 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.06 07:02:34 | 000,001,874 | ---- | M] () -- C:\Users\naddel\Desktop\HijackThis.lnk
[2010.02.06 06:04:44 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.06 05:57:27 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.02.06 05:56:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.06 05:56:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.06 05:56:32 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.05 22:53:19 | 000,524,288 | -HS- | M] () -- C:\Users\naddel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.02.05 22:53:19 | 000,065,536 | -HS- | M] () -- C:\Users\naddel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.02.05 22:53:15 | 002,590,544 | -H-- | M] () -- C:\Users\naddel\AppData\Local\IconCache.db
[2010.02.04 16:16:41 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.02.04 16:16:41 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.02.04 16:16:41 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.02.04 16:16:41 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.02.04 16:16:41 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.02.02 18:43:33 | 000,000,036 | ---- | M] () -- C:\Users\naddel\AppData\Local\housecall.guid.cache
[2010.01.27 08:07:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.01.27 07:54:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010.01.27 07:44:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010.01.27 07:35:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010.01.26 10:35:23 | 000,012,800 | ---- | M] () -- C:\Users\naddel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.22 09:33:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.01.12 07:24:45 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.01.12 07:24:35 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.01.12 07:24:35 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.01.12 07:24:12 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.01.12 07:24:12 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.01.12 04:17:31 | 000,029,866 | ---- | M] () -- C:\Users\naddel\Documents\cc_20100112_041722.reg
[2010.01.07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010.02.06 07:02:34 | 000,001,874 | ---- | C] () -- C:\Users\naddel\Desktop\HijackThis.lnk
[2010.02.06 06:04:44 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.02 18:43:33 | 000,000,036 | ---- | C] () -- C:\Users\naddel\AppData\Local\housecall.guid.cache
[2010.01.27 08:07:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.01.27 07:54:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010.01.27 07:44:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010.01.27 07:35:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010.01.22 09:33:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.01.12 04:17:28 | 000,029,866 | ---- | C] () -- C:\Users\naddel\Documents\cc_20100112_041722.reg
[2009.12.08 07:17:10 | 000,003,140 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.12.08 07:17:10 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\913932BD93.sys
[2009.10.12 18:25:16 | 000,012,800 | ---- | C] () -- C:\Users\naddel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.24 17:59:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.02 07:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 07:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 07:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 06:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 06:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP

FC5A2B2
< End of report >

asterixbx · 06.02.2010, 07:54

edit: doppelpost

asterixbx · 06.02.2010, 08:09

prevx auch nix

asterixbx · 06.02.2010, 08:37

gmer
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2010-02-06 08:36:15
Windows 6.0.6002 Service Pack 2
Running: 5dzos5ls.exe; Driver: C:\Users\naddel\AppData\Local\Temp\uwryqpob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Chris4You · 06.02.2010, 14:35

Hi,

wie erwartet, nicht zu finden...

Bist Du in ein Netzwerk eingebunden?
-> "hosts.ics" -> http://support.microsoft.com/kb/309642/de
Poste mal deren Inhalt (C:\Windows\System32\drivers\etc\hosts.ics)

Updaten auf SP2 für Vista solltest Du mal!

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

asterixbx · 06.02.2010, 17:07

danke
!! vista ist lt win update auf dem neusten stand ??
achtung combofix log umfangreich :-(

ComboFix 10-02-05.04 - naddel 06.02.2010 16:55:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3032.2083 [GMT 1:00]
ausgeführt von:: c:\users\naddel\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2735771916-2678069736-447939034-500
c:\$recycle.bin\S-1-5-21-3626005964-2313589623-603134117-500
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\msetup
c:\windows\msetup\BASW-00503A65\data1.cab
c:\windows\msetup\BASW-00503A65\data1.hdr
c:\windows\msetup\BASW-00503A65\data2.cab
c:\windows\msetup\BASW-00503A65\engine32.cab
c:\windows\msetup\BASW-00503A65\layout.bin
c:\windows\msetup\BASW-00503A65\PlayCamera\CameraOn.wav
c:\windows\msetup\BASW-00503A65\PlayCamera\Click.wav
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_chs_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_cht_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_deu_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_eng_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_esp_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_fra_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_ita_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_kor_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_ptg_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_rus_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_ukr_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\HookDllPS2.dll
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\Back_Big.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\Back_Small.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbCancel.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbHelp.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbOk.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbOpen.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbPreviewOff.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbPreviewOn.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbRecordOff.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbRecordOn.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbSnap.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\PlayCamera.ico
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_chs.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_cht.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_deu.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_eng.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_esp.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_fra.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_ita.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_kor.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_ptg.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_rus.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_ukr.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\PlayCamera.exe
c:\windows\msetup\BASW-00503A65\PlayCamera\SSHook.dll
c:\windows\msetup\BASW-00503A65\PlayCamera\Uninst.ico
c:\windows\msetup\BASW-00503A65\setup.exe
c:\windows\msetup\BASW-00503A65\setup.ibt
c:\windows\msetup\BASW-00503A65\setup.ini
c:\windows\msetup\BASW-00503A65\setup.iss
c:\windows\msetup\BASW-00503A65\SWDesc.txt
c:\windows\msetup\BASW-00919A21\setup.exe
c:\windows\msetup\BASW-00919A21\setup.iss
c:\windows\msetup\BASW-00919A21\SWDesc.txt
c:\windows\msetup\BASW-01038A02\ChgWLANSettings.exe
c:\windows\msetup\BASW-01038A06\ChgWLANSettings.exe
c:\windows\msetup\BASW-01038A06\SWDesc.txt
c:\windows\msetup\MSetup.exe
c:\windows\msetup\MSetupLog.log
D:\install.exe

.
((((((((((((((((((((((( Dateien erstellt von 2010-01-06 bis 2010-02-06 ))))))))))))))))))))))))))))))
.

2010-02-06 16:01 . 2010-02-06 16:01 -------- d-----w- c:\users\naddel\AppData\Local\temp
2010-02-06 07:45 . 2010-02-04 00:04 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\NAVENG.SYS
2010-02-06 07:45 . 2010-02-04 00:04 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\NAVEX15.SYS
2010-02-06 07:45 . 2009-08-29 01:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\NAVENG32.DLL
2010-02-06 07:45 . 2009-08-29 01:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\NAVEX32A.DLL
2010-02-06 07:45 . 2009-12-09 23:36 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\CCERASER.DLL
2010-02-06 07:45 . 2009-10-27 05:38 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\ECMSVR32.DLL
2010-02-06 07:45 . 2009-08-29 01:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\EECTRL.SYS
2010-02-06 07:45 . 2009-08-29 01:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100205.048\ERASER.SYS
2010-02-06 07:04 . 2010-02-06 07:04 53136 ----a-w- c:\windows\system32\PxSecure.dll
2010-02-06 07:04 . 2010-02-06 07:04 49352 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-02-06 07:04 . 2010-02-06 07:04 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-02-06 07:04 . 2010-02-06 07:04 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-02-06 07:04 . 2010-02-06 07:04 -------- d-----w- c:\program files\Prevx
2010-02-06 07:04 . 2010-02-06 07:07 -------- d-----w- c:\programdata\PrevxCSI
2010-02-06 06:02 . 2010-02-06 06:02 -------- d-----w- c:\program files\Trend Micro
2010-02-06 05:08 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-06 05:08 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-06 05:08 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-06 05:08 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-06 05:08 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-06 05:04 . 2010-02-06 05:04 -------- d-----w- c:\users\naddel\AppData\Roaming\Malwarebytes
2010-02-06 05:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 05:04 . 2010-02-06 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 05:04 . 2010-02-06 05:04 -------- d-----w- c:\programdata\Malwarebytes
2010-02-06 05:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 17:05 . 2010-02-06 07:17 -------- d-----w- c:\program files\Spyware Doctor
2010-02-03 05:20 . 2010-02-03 05:20 -------- d-----w- c:\programdata\F-Secure
2010-02-02 20:19 . 2009-12-05 04:54 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys
2010-02-02 20:19 . 2009-12-05 04:54 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHRules.dll
2010-02-02 20:19 . 2009-12-05 04:54 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHEngine.dll
2010-02-02 20:19 . 2009-12-05 04:54 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx64.sys
2010-02-02 20:19 . 2009-12-05 04:54 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\bbRGen.dll
2010-02-02 15:07 . 2007-10-23 08:27 110592 ----a-w- c:\users\naddel\AppData\Roaming\U3\temp\cleanup.exe
2010-02-02 15:01 . 2008-02-25 12:47 3489792 ---ha-w- c:\users\naddel\AppData\Roaming\U3\temp\Launchpad Removal.exe
2010-02-02 15:00 . 2010-02-04 10:07 -------- d-----w- c:\users\naddel\AppData\Roaming\U3
2010-02-02 12:13 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-02 12:12 . 2010-02-02 12:12 -------- d-----w- c:\program files\Panda Security
2010-02-01 11:57 . 2010-02-01 12:00 -------- d-----w- c:\users\naddel\AppData\Roaming\Nero
2010-02-01 11:15 . 2010-02-05 19:48 -------- d-----w- c:\programdata\Nero
2010-02-01 11:15 . 2010-02-05 19:49 -------- d-----w- c:\program files\Common Files\Nero
2010-02-01 10:47 . 2010-02-01 10:47 -------- d-----w- c:\program files\uTorrent
2010-02-01 10:45 . 2010-02-06 15:55 -------- d-----w- c:\users\naddel\AppData\Roaming\uTorrent
2010-01-29 13:04 . 2010-01-29 13:04 -------- d-----w- c:\program files\NSS
2010-01-29 12:37 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2010-01-28 05:30 . 2010-01-28 05:30 -------- d-----w- c:\program files\MSXML 4.0
2010-01-27 10:51 . 2010-01-27 10:51 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-27 10:51 . 2010-01-27 10:51 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-27 07:44 . 2010-01-27 07:44 -------- d-----w- c:\users\naddel\AppData\Local\Nokia
2010-01-27 07:44 . 2010-01-27 07:44 -------- d-----w- c:\users\naddel\AppData\Local\NokiaAccount
2010-01-27 07:36 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-27 07:36 . 2010-01-27 07:36 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-27 07:31 . 2010-01-27 07:31 12212040 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-01-27 07:31 . 2010-01-27 07:31 13930312 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-01-27 07:31 . 2010-01-27 07:31 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-01-27 07:31 . 2010-01-27 07:31 61440 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-01-27 07:31 . 2010-01-27 07:31 58880 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-01-27 07:31 . 2010-01-27 07:31 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-01-27 07:30 . 2010-01-27 07:30 95992424 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
2010-01-27 07:30 . 2010-01-27 07:30 -------- d-----w- c:\programdata\OviInstallerCache
2010-01-27 07:03 . 2010-01-27 07:03 -------- d-----w- c:\users\naddel\{cd0d0868-a5c1-4712-a465-948a497c3fd8}
2010-01-27 07:02 . 2010-01-27 07:02 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-27 06:57 . 2010-01-27 06:56 33681080 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ger.exe
2010-01-27 06:56 . 2010-01-27 06:56 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-27 06:56 . 2010-01-27 06:56 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-27 06:56 . 2010-01-27 06:56 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-27 06:56 . 2010-01-27 06:56 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-27 06:53 . 2010-01-27 06:54 -------- d-----w- c:\users\naddel\AppData\Roaming\PC Suite
2010-01-27 06:53 . 2010-01-27 06:54 -------- d-----w- c:\programdata\PC Suite
2010-01-27 06:53 . 2010-01-30 10:49 -------- d-----w- c:\users\naddel\AppData\Roaming\Nokia
2010-01-27 06:50 . 2010-01-27 06:50 8192 ----a-w- c:\programdata\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-27 06:50 . 2010-01-27 06:50 61440 ----a-w- c:\programdata\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-27 06:50 . 2010-01-27 06:50 10240 ----a-w- c:\programdata\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-27 06:41 . 2010-01-27 06:42 -------- d-----w- c:\programdata\Nokia
2010-01-27 06:35 . 2010-01-29 12:53 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-27 06:35 . 2010-01-29 12:55 -------- d-----w- c:\program files\Nokia
2010-01-27 06:35 . 2010-01-27 06:33 24437624 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_de.exe
2010-01-27 06:34 . 2010-01-27 06:34 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-27 06:34 . 2010-01-27 06:34 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-27 06:34 . 2010-01-27 06:34 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-27 06:33 . 2010-01-27 06:56 -------- d-----w- c:\programdata\Installations
2010-01-23 08:39 . 2010-01-23 08:39 -------- d-----w- c:\users\naddel\AppData\Roaming\DivX
2010-01-16 18:54 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSvix86.sys
2010-01-16 18:54 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSXpx86.sys
2010-01-16 18:54 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\Scxpx86.dll
2010-01-16 18:54 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSxpx86.dll
2010-01-16 18:54 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSviA64.sys
2010-01-13 07:59 . 2010-01-13 07:59 1273592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-13 05:35 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 05:35 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 06:24 . 2010-01-12 06:24 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-12 06:24 . 2010-01-12 06:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 03:23 . 2010-01-27 17:55 -------- d-----w- c:\users\naddel\AppData\Roaming\vlc
2010-01-12 03:22 . 2010-01-12 03:22 -------- d-----w- c:\program files\VideoLAN
2010-01-11 20:07 . 2010-01-12 06:24 -------- d-----w- c:\program files\Common Files\Real
2010-01-11 20:07 . 2010-01-11 20:07 -------- d-----w- c:\program files\Real
2010-01-09 00:06 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-09 00:06 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-09 00:06 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-09 00:06 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-09 00:06 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 16:00 . 2009-09-23 20:05 -------- d-----w- c:\program files\ICQ6.5
2010-02-05 11:00 . 2009-12-22 11:03 -------- d-----w- c:\program files\Intelligent Pic Sizer
2010-02-05 04:49 . 2009-09-24 03:13 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 04:49 . 2009-09-24 03:13 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-05 04:49 . 2009-09-24 03:12 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 04:49 . 2009-09-24 03:12 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 18:32 . 2009-09-25 05:08 1 ----a-w- c:\users\naddel\AppData\Roaming\openoffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-04 15:16 . 2009-01-02 05:59 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-02-04 15:16 . 2009-01-02 05:59 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-02-04 12:50 . 2009-09-23 19:22 -------- d-----w- c:\users\naddel\AppData\Roaming\ICQ
2010-01-28 11:30 . 2009-09-24 03:13 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-28 11:30 . 2009-09-24 03:13 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-28 11:30 . 2009-09-24 03:13 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-28 11:30 . 2009-09-24 03:13 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-28 11:30 . 2009-10-20 03:49 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-28 11:30 . 2009-09-24 03:13 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-28 11:30 . 2009-09-24 03:13 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-28 11:30 . 2009-09-24 03:13 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-28 11:30 . 2009-09-24 03:13 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-28 11:30 . 2009-09-24 03:13 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-28 11:30 . 2009-09-24 03:13 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-28 11:30 . 2009-09-24 03:12 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-28 11:29 . 2009-09-24 03:12 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-28 11:29 . 2009-09-24 03:12 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-27 07:07 . 2010-01-27 07:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-27 07:01 . 2009-12-02 06:16 -------- d-----w- c:\program files\DIFX
2010-01-27 06:54 . 2010-01-27 06:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-01-27 06:44 . 2010-01-27 06:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-27 06:35 . 2010-01-27 06:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-22 08:33 . 2010-01-22 08:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-01-13 10:50 . 2009-01-02 06:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 06:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-23 17:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-23 17:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-23 17:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-23 17:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 15:02 . 2009-12-17 15:02 1203712 ----a-w- c:\windows\system32\drivers\athr.sys
2009-12-11 16:33 . 2009-01-19 13:06 102024 ----a-w- c:\users\naddel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-11 16:23 . 2009-12-08 06:17 -------- d-----w- c:\users\naddel\AppData\Roaming\Corel
2009-12-11 16:23 . 2009-12-08 06:14 -------- d-----w- c:\programdata\Corel
2009-12-11 16:22 . 2009-12-08 06:14 -------- d-----w- c:\programdata\Borland
2009-12-11 16:19 . 2009-12-08 06:17 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-11 16:19 . 2009-12-08 06:17 88 --sh--r- c:\windows\system32\913932BD93.sys
2009-12-10 03:16 . 2009-10-27 05:35 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-09 12:31 . 2009-12-09 09:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 09:32 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 09:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-01 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-19 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-12 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^naddel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\naddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-25 05:01 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,3e,d3,a1,92,3d,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.10.2009 04:49 64288]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [02.02.2010 13:13 28552]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [06.02.2010 08:04 30280]
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1105000.07F\symds.sys [23.01.2010 13:51 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1105000.07F\symefa.sys [23.01.2010 13:51 172592]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys [02.02.2010 21:19 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys [23.01.2010 13:51 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSvix86.sys [06.02.2010 06:08 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1105000.07F\ironx86.sys [23.01.2010 13:51 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys [23.01.2010 13:51 340016]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [02.01.2009 07:25 13312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [23.01.2010 13:51 126392]
R2 pxrts;pxrts;c:\windows\System32\drivers\pxrts.sys [06.02.2010 08:04 49352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.10.2009 18:02 102448]
R3 pxkbf;pxkbf;c:\windows\System32\drivers\pxkbf.sys [06.02.2010 08:04 24496]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [06.02.2010 08:04 6297008]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 12:17 1181328]
S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\users\naddel\AppData\Roaming\Mozilla\Firefox\Profiles\q6aofr8q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\users\naddel\AppData\Roaming\Mozilla\Firefox\Profiles\q6aofr8q.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: general.useragent.extra.prevx - (Prevx 3.0.5)
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-06 17:01
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-02-06 17:04:12
ComboFix-quarantined-files.txt 2010-02-06 16:04

Vor Suchlauf: 7 Verzeichnis(se), 65.150.246.912 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 65.094.631.424 Bytes frei

- - End Of File - - E04B01F86C6E60E4074756B7DB0DCA39

asterixbx · 06.02.2010, 17:23

hab gerade mal geschaut vista sp2 ist lt system installiert

Chris4You · 06.02.2010, 20:20

Hi,

stimmt SP2 ist schon drauf....
Cf hat zwar gelöscht, aber das dürfte es nicht gewesen sein...

Dr. Web:
http://www.trojaner-board.de/59299-a...eb-cureit.html

chris

asterixbx · 07.02.2010, 06:57

so der doctor war fündig :-(
bekomme aber das log nicht eingefügt zu groß denke ich
wie am besten vorgehen??

btw der rechner ist merklich schneller :-)

Chris4You · 07.02.2010, 19:25

Hi,

das "reine" Log ist zu unübersichtlich, poste nur die Funde!

chris

asterixbx · 08.02.2010, 03:26

hab wohl einen fehler gemacht und Dr. Web nochmals laufen lassen
keine funde mehr aber wohl das erste log überschrieben
wäre das möglich und falls nein wo könnte ich es finden ?
martin

Chris4You · 08.02.2010, 07:35

Hi,

Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

asterixbx · 08.02.2010, 07:57

hi
dort befindet sich leider nur das saubere log mit null infiziert null verdächtig usw:-(

gmer log hier posten ?

Log-Analyse und Auswertung: gmer log hier posten ?