Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Personal Shield Pro.... Logfileposting

Personal Shield Pro.... Logfileposting


Log-Analyse und Auswertung: Personal Shield Pro.... Logfileposting

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.08.2011, 03:56   #1
jogi86
 
Personal Shield Pro.... Logfileposting - Standard

Personal Shield Pro.... Logfileposting


Hi,

ich habe es geschafft und mir den oben genannten Kollegen eingefangen....

So, hier nun die Malwarebytes Log- Datei:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7531

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

22.08.2011 04:44:19
mbam-log-2011-08-22 (04-44-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166899
Laufzeit: 10 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AZZ1F2UZXQEOCXUWB (Rootkit.0Access.XGen) -> Value: 4Y3Y0C3AZZ1F2UZXQEOCXUWB -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nN17200CeFhE17200 (Trojan.FakeAlert) -> Value: nN17200CeFhE17200 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E3DFF6CE-B27A-3CF5-9D0F-ABEE4F75C023} (Trojan.ZbotR.Gen) -> Value: {E3DFF6CE-B27A-3CF5-9D0F-ABEE4F75C023} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9FC34070-7A08-0E28-0F09-CCA4E96071E8} (Trojan.ZbotR.Gen) -> Value: {9FC34070-7A08-0E28-0F09-CCA4E96071E8} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Recycled\9cdea5fb9db.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
c:\programdata\nn17200cefhe17200\nn17200cefhe17200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\jogi\AppData\Roaming\Dasiut\xoilu.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
c:\Users\jogi\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



So und nun die OTL-Files:




OTL logfile created on: 22.08.2011 04:50:25 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\jogi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,95% Memory free
4,20 Gb Paging File | 3,15 Gb Available in Paging File | 74,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 23,81 Gb Free Space | 26,96% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 60,04 Gb Free Space | 68,23% Space Free | Partition Type: NTFS

Computer Name: JOGI-PC | User Name: jogi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jogi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\M-Audio Sonica Theater\Install\STInst.exe (Nemesis)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SonicaTheaterInstallerService) -- C:\Programme\M-Audio Sonica Theater\Install\STInst.exe (Nemesis)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys ()
DRV - (Haspnt) -- C:\Windows\System32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys ()
DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys ()
DRV - (IKStealthPedal) -- C:\Windows\System32\drivers\IKStealthPedalLL.sys (IK Multimedia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: omt@guessmer.de:0.08
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.29 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.11 05:55:51 | 000,000,000 | ---D | M]

[2008.08.26 10:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jogi\AppData\Roaming\mozilla\Extensions
[2011.08.04 13:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jogi\AppData\Roaming\mozilla\Firefox\Profiles\o0mk0zod.default\extensions
[2010.01.03 20:35:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jogi\AppData\Roaming\mozilla\Firefox\Profiles\o0mk0zod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.04 13:10:37 | 000,000,000 | ---D | M] ("OpenMixTools") -- C:\Users\jogi\AppData\Roaming\mozilla\Firefox\Profiles\o0mk0zod.default\extensions\omt@guessmer.de
[2011.08.08 12:51:59 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-1.xml
[2010.02.19 09:46:29 | 000,000,961 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-10.xml
[2010.12.14 18:34:15 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-11.xml
[2008.07.08 21:38:36 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-2.xml
[2008.07.16 16:32:59 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-3.xml
[2009.07.15 06:09:41 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-4.xml
[2009.07.24 22:50:38 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-5.xml
[2009.08.09 02:49:11 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-6.xml
[2010.01.03 19:03:43 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-7.xml
[2010.01.07 07:35:28 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-8.xml
[2010.01.26 19:00:06 | 000,000,961 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-9.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin.xml
[2008.12.03 14:20:40 | 000,001,330 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\wikipedia-en.xml
[2008.11.26 23:34:21 | 000,001,032 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\wikipedia-eng.xml
[2011.01.28 19:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 21:05:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.23 18:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.26 23:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.24 18:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2008.07.20 16:08:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.17 13:23:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.27 12:35:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.02.23 00:30:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.23 18:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.26 23:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.24 18:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.29 11:04:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.11 05:55:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.11 05:55:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.11 05:55:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.11 05:55:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.11 05:55:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.11 05:55:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{9FC34070-7A08-0E28-0F09-CCA4E96071E8}] File not found
O4 - HKCU..\Run: [Audiogalaxy] C:\Users\jogi\AppData\Local\Audiogalaxy\Audiogalaxy.exe (AG Entertainment Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1b41aa61-9165-11de-a19d-001377af6179}\Shell\AutoRun\command - "" = F:\starter.exe
O33 - MountPoints2\{e6201a52-11c6-11e0-8719-001377af6179}\Shell\AutoRun\command - "" = F:\Launcher.exe
O33 - MountPoints2\{f3478361-2409-11de-8e28-001377af6179}\Shell\AutoRun\command - "" = F:\start.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.22 04:48:01 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\jogi\Desktop\OTL.exe
[2011.08.22 04:28:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.22 04:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.22 04:28:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.22 04:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.22 04:12:19 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jogi\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.22 03:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\nN17200CeFhE17200
[2011.08.11 13:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.08.11 13:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011.08.11 13:28:56 | 000,000,000 | ---D | C] -- C:\Users\jogi\Desktop\maik
[2011.08.03 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\jogi\AppData\Roaming\Orace
[2011.08.03 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\jogi\AppData\Roaming\Dasiut
[2011.07.26 18:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Allen & Heath
[2011.07.26 18:26:18 | 000,000,000 | ---D | C] -- C:\Users\jogi\Allen & Heath
[2011.07.26 18:26:08 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2011.07.26 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\jogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allen & Heath
[2011.07.26 18:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Allen & Heath
[2011.07.26 18:17:38 | 046,817,554 | ---- | C] (Allen & Heath) -- C:\Users\jogi\Desktop\iLive+Editor+V1.82-Setup.exe
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\Users\jogi\Documents\*.tmp files -> C:\Users\jogi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.22 04:48:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jogi\Desktop\OTL.exe
[2011.08.22 04:45:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\gaxvj.sys
[2011.08.22 04:28:28 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.22 04:25:25 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2011.08.22 04:25:11 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.22 04:24:01 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 04:24:01 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 04:23:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.22 04:23:48 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.22 04:12:28 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jogi\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.22 03:49:03 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.22 03:47:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.21 14:46:06 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4922F9A8-23C3-44E0-B6A3-61E98C151398}.job
[2011.08.12 20:45:58 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.12 20:45:58 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.12 20:45:58 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.12 20:45:58 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.11 13:26:07 | 004,076,719 | ---- | M] () -- C:\Users\jogi\Desktop\FileZilla_3.2.7.1_win32-setup.exe
[2011.08.10 19:28:12 | 000,102,974 | ---- | M] () -- C:\Users\jogi\Documents\Rider.pdf
[2011.08.04 20:39:43 | 000,002,623 | ---- | M] () -- C:\Users\jogi\Desktop\Microsoft Word.lnk
[2011.07.29 15:19:27 | 206,667,199 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.26 18:26:08 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\iLive Editor V1.82.lnk
[2011.07.26 18:21:16 | 046,817,554 | ---- | M] (Allen & Heath) -- C:\Users\jogi\Desktop\iLive+Editor+V1.82-Setup.exe
[1 C:\Users\jogi\Documents\*.tmp files -> C:\Users\jogi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.22 04:45:22 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gaxvj.sys
[2011.08.22 04:28:28 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.22 04:23:48 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.11 13:25:55 | 004,076,719 | ---- | C] () -- C:\Users\jogi\Desktop\FileZilla_3.2.7.1_win32-setup.exe
[2011.07.26 18:26:08 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\iLive Editor V1.82.lnk
[2011.03.23 22:33:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.10 18:54:07 | 000,000,092 | ---- | C] () -- C:\Users\jogi\AppData\Local\fusioncache.dat
[2011.02.11 14:04:36 | 000,049,152 | ---- | C] () -- C:\Windows\System32\IKClsCoInst.dll
[2011.01.19 16:33:22 | 000,007,592 | ---- | C] () -- C:\Users\jogi\AppData\Local\d3d9caps.dat
[2010.12.09 14:18:00 | 004,648,960 | ---- | C] () -- C:\Windows\System32\m7cl3-qt-mt336.dll
[2010.11.10 19:08:23 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll
[2010.11.10 19:08:23 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe
[2010.11.10 19:08:23 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys
[2010.11.10 19:08:23 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys
[2010.11.10 18:55:16 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010.11.10 18:51:15 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010.11.05 20:15:59 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2010.08.19 16:59:15 | 000,000,045 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.08.19 16:59:11 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010.08.19 16:59:11 | 000,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010.08.19 16:59:11 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010.08.19 16:59:11 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010.08.19 16:58:03 | 000,586,240 | ---- | C] () -- C:\Windows\System32\drivers\hardlock.sys
[2010.08.19 16:58:03 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010.08.19 16:57:58 | 000,073,216 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2010.08.19 16:57:58 | 000,047,616 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL
[2010.08.19 16:57:58 | 000,017,920 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL
[2010.07.15 17:31:58 | 004,648,960 | ---- | C] () -- C:\Windows\System32\ls9-qt-mt336.dll
[2010.04.21 06:38:27 | 000,017,408 | ---- | C] () -- C:\Windows\System32\minimp3.exe
[2010.04.21 00:04:55 | 001,637,888 | ---- | C] () -- C:\Windows\System32\Lexicon PSP42.dll
[2010.04.21 00:02:56 | 002,864,128 | ---- | C] () -- C:\Windows\System32\PSP 84.dll
[2009.09.18 14:26:27 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2009.09.18 14:26:20 | 000,000,101 | ---- | C] () -- C:\Windows\nwwm2.ini
[2009.04.20 00:18:55 | 000,000,039 | ---- | C] () -- C:\Windows\nap.ini
[2009.03.06 18:46:12 | 000,000,298 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2009.02.17 12:47:06 | 004,648,960 | ---- | C] () -- C:\Windows\System32\pm5d2-qt-mt336.dll
[2008.12.18 19:58:36 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.18 19:58:36 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.01 18:53:34 | 005,607,424 | ---- | C] () -- C:\Windows\System32\smh-qt-mt336.dll
[2008.08.06 21:16:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.08.06 21:16:26 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.05.15 22:42:21 | 002,402,025 | ---- | C] () -- C:\Windows\System32\dongle.dll
[2008.05.15 22:11:23 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2008.04.20 18:30:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.29 04:59:40 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008.02.24 19:20:58 | 000,026,112 | ---- | C] () -- C:\Users\jogi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.24 15:16:42 | 000,027,744 | ---- | C] () -- C:\Users\jogi\AppData\Roaming\nvModes.001
[2008.02.24 05:35:55 | 000,027,744 | ---- | C] () -- C:\Users\jogi\AppData\Roaming\nvModes.dat
[2008.02.23 20:06:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.23 14:25:49 | 000,017,089 | ---- | C] () -- C:\Users\jogi\AppData\Roaming\UserTile.png
[2007.09.08 05:01:24 | 000,377,856 | ---- | C] () -- C:\Windows\System32\SetAutoConsole.exe
[2007.09.08 04:17:12 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.09.08 04:17:12 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.09.08 04:16:30 | 000,221,184 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2007.09.08 04:00:18 | 000,003,352 | ---- | C] () -- C:\Windows\System32\drivers\HDACfg.dat
[2007.09.08 03:52:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.09.07 10:43:53 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.09.07 10:43:53 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.07 10:43:52 | 000,651,350 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.09.07 10:43:52 | 000,121,114 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.09.07 10:37:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.07 10:37:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.12.20 05:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.16 12:43:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,417,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,618,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2006.08.27 22:32:33 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011.04.11 10:46:31 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Audacity
[2011.05.02 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Canon
[2008.02.28 23:46:00 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\DAEMON Tools
[2009.03.06 18:47:18 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\DAEMON Tools Lite
[2011.08.22 04:44:19 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Dasiut
[2011.01.26 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Downloaded Installations
[2010.07.26 19:12:35 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.20 00:05:57 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\EasyView
[2010.10.04 16:29:33 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Electronic Arts
[2011.05.26 19:07:34 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\elsterformular
[2010.04.21 21:03:42 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\FabFilter
[2011.08.11 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\FileZilla
[2010.04.23 19:33:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\GetRightToGo
[2011.01.28 19:27:42 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Guitar Pro 6
[2011.07.17 22:56:13 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\ICQ
[2010.04.11 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Leadertech
[2010.04.20 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Lexicon PCM Native
[2010.11.10 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Line 6
[2008.03.31 02:46:17 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Mp3tag
[2011.08.22 04:53:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Orace
[2008.02.23 14:25:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\PeerNetworking
[2009.04.19 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\PopSoft
[2011.05.24 18:07:35 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Soundcraft Vi
[2010.08.19 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Stardraw.com Ltd
[2010.11.10 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Steinberg
[2010.01.02 20:37:17 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\T-Online
[2011.04.12 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Teleca
[2010.04.06 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\temp
[2011.06.17 22:03:16 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\VST3 Presets
[2010.04.21 23:11:34 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Waves Audio
[2008.07.28 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Xilisoft Corporation
[2010.12.24 06:16:00 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Ynfu
[2010.12.24 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Zytos
[2011.08.22 03:47:29 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.22 04:25:25 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2011.08.21 14:46:06 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4922F9A8-23C3-44E0-B6A3-61E98C151398}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010.08.19 18:00:55 | 000,000,000 | ---D | M](C:\Windows\System32\?ì???ì?ì?ì?ì?ì?ì) -- C:\Windows\System32\ì둠睁ìììììì
[2010.08.19 18:00:55 | 000,000,000 | ---D | C](C:\Windows\System32\?ì???ì?ì?ì?ì?ì?ì) -- C:\Windows\System32\ì둠睁ìììììì

< End of report >



So, That's it. Wäre sehr sehr geil, wenn mir wer helfen könnte. Wie dem auch sei, auf jeden Fall schonmal Danke!!!!!!!

Alt 22.08.2011, 11:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Personal Shield Pro.... Logfileposting - Standard

Personal Shield Pro.... Logfileposting


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Antwort

Themen zu Personal Shield Pro.... Logfileposting
.dll, 0x00000001, antivir, autorun, avira, bho, defender, desktop, error, excel, excel.exe, explorer, firefox, format, ftp, helper, heuristics.reserved.word.exploit, home, logfile, mbamservice.exe, mozilla, nemesis, nvidia, nvlddmkm.sys, pdf, performance, plug-in, programme, realtek, registry, sched.exe, software, start menu, trojan.zbotr.gen, version=1.0, vista


« Bundespolizei Trojaner selber entfernt? | Bundeskriminalamt Virus »


Ähnliche Themen: Personal Shield Pro.... Logfileposting


  1. Nach Security Shield - Scan sind Kopien meiner Dateien da verursacht von Sec.Shield - Was tun ?
    Log-Analyse und Auswertung - 13.04.2012 (57)
  2. Problem Personal Shield Pro
    Plagegeister aller Art und deren Bekämpfung - 04.10.2011 (12)
  3. Personal shield pro
    Plagegeister aller Art und deren Bekämpfung - 22.09.2011 (17)
  4. Infizierung mit "Personal Shield Pro" und Rootkit.TDSS - System jetzt sauber?
    Log-Analyse und Auswertung - 11.09.2011 (21)
  5. Logfiles nach Personal Pro Shield Beseitigung
    Log-Analyse und Auswertung - 05.09.2011 (14)
  6. Personal Shield pro entfernung
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (3)
  7. personal shield pro - mit malwarebytes entfernt und 24 funde!
    Log-Analyse und Auswertung - 29.08.2011 (32)
  8. Personal Shield Pro hat mich erwischt-.-
    Log-Analyse und Auswertung - 27.08.2011 (3)
  9. Personal Shield Pro - Anti-Malware beendet sich und lässt sich nicht mehr starten-auch nicht mit OTH
    Log-Analyse und Auswertung - 18.08.2011 (1)
  10. Personal Shield Pro hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (3)
  11. Personal Shield Pro v2.2 entfernt. Ist das System wieder sicher?
    Log-Analyse und Auswertung - 10.07.2011 (1)
  12. Personal Shield Pro
    Plagegeister aller Art und deren Bekämpfung - 03.07.2011 (1)
  13. Personal Shield Pro nicht komplett entfernt
    Log-Analyse und Auswertung - 23.06.2011 (12)
  14. Personal Shield Pro entfernen
    Anleitungen, FAQs & Links - 11.06.2011 (2)
  15. Kaspersky 5.0.383 Personal und Pro
    Antiviren-, Firewall- und andere Schutzprogramme - 11.08.2005 (4)
  16. Kaspersky Pro oda nur Personal ?
    Antiviren-, Firewall- und andere Schutzprogramme - 10.07.2005 (6)
  17. Kaspersky Version 4.5 Personal Pro oder 5 Personal ...
    Antiviren-, Firewall- und andere Schutzprogramme - 13.06.2004 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Personal Shield Pro.... Logfileposting - Hi, ich habe es geschafft und mir den oben genannten Kollegen eingefangen.... So, hier nun die Malwarebytes Log- Datei: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7531 Windows 6.0.6000 Internet Explorer - Personal Shield Pro.... Logfileposting...
Archiv
Du betrachtest: Personal Shield Pro.... Logfileposting auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19