HiJackThis Log/OTL/ Reader_s.exe welche daten sind zu retten und wie?

docbot · 25.04.2010, 14:16

Hallo allerseits!

Wie es der zufall so will habe ich mir 1 woche bevor mein neuer PC ankommt anscheinend den schwierigen reader_s.exe virus zugezogen.

Danach Eset Nod32 installiert (der block jetzt ständig zugriffe auf webseiten und hat zirka 15 viren/rootkits gelöscht).

1. Am wichtigsten ist es mir vor allem meine Daten (.mp3, .avi, .jpg) irgendwie zu sichern. Ausserdem sehr wichtig sind mir Ableton Live projekte sowie Photoshop Dateien.

2. Soweit ich verstanden habe befällt der virus jedoch so ziemlich alle usb sticks, externen festplatten usw. wie siehts aber aus wenn ich die festplatte ann mit einem Macbook oder osx86 pc ansprechen würde? würden diese auch in irgendeiner form befallen werden oder nur wenn eine windows partition existiert?

echt nervig die ganze situation (nur ein paar tage vor der datenübersiedlung)

würde mich sehr freuen wenn mir jemand weiterhelfen kann

HijackThis

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:33, on 25.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Smodoa.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Programme\Base\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\******\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\N_USER\LOCALS~1\Temp\Ssr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dl32.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0614E428-E129-46FB-936C-6AF460DA6952} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {4DB8675A-AA84-48F9-8E4D-4EA869D46992} - c:\windows\system32\eggbfrq.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\Base\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pidgin] C:\Programme\Base\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\******\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\N_USER\LOCALS~1\Temp\Ssr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: FireBox Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{31D8B87F-4445-47B9-AE53-528467A84DB1}: NameServer = 192.168.1.1,192.168.1.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IpSect service (darkness) - Unknown owner - C:\WINDOWS\system\lsm.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8e22b44d3a010) (gupdate1c8e22b44d3a010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 11925 bytes

OTL.txt

OTL logfile created on: 25.04.2010 15:19:14 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\N_USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2784 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 151,60 Gb Total Space | 3,21 Gb Free Space | 2,12% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 3,03 Gb Free Space | 4,06% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 146,49 Gb Total Space | 0,22 Gb Free Space | 0,15% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: N_USER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\N_USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Documents and Settings\N_USER\Local Settings\Temp\Ssr.exe ()
PRC - C:\WINDOWS\Smodoa.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\N_USER\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe (PreSonus Audio Electronics)
PRC - C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\N_USER\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (DigiRefresh) -- File not found
SRV - (darkness) -- File not found
SRV - (SSHNAS) -- C:\WINDOWS\system32\sshnas21.dll ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (GoogleDesktopManager-092308-165331) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (DumpDrv) -- C:\WINDOWS\system32\drivers\dumpdrv.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (DigiNet) -- C:\WINDOWS\system32\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (imvjdtfx) -- C:\WINDOWS\system32\drivers\imvjdtfx.sys ()
DRV - (pae_1394) -- C:\WINDOWS\system32\drivers\pae_1394.sys (BridgeCo AG)
DRV - (pae_avs) -- C:\WINDOWS\system32\drivers\pae_avs.sys (BridgeCo AG)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (BELKIN) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation. )
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O)
DRV - (ps_avs) -- C:\WINDOWS\system32\drivers\ps_avs.sys (BridgeCo AG)
DRV - (ps_1394) -- C:\WINDOWS\system32\drivers\ps_1394.sys (BridgeCo AG)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (tvtool) -- C:\Program Files\TVTool\TVTOOL.SYS ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dl32.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 E4 14 06 29 E1 FB 46 93 6C 6A F4 60 DA 69 52 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 02:44:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.25 03:33:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.12 22:41:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b4\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2010.04.07 04:41:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2010.04.07 04:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.07 04:41:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.07 04:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.04.25 03:24:50 | 000,000,000 | ---D | M]

[2010.02.18 19:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Extensions
[2010.02.18 19:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009.09.05 01:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2008.05.06 02:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010.04.25 02:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions
[2009.12.25 23:49:02 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2009.10.23 08:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009.12.25 23:49:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.25 12:01:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\{cb282b12-df15-4702-8408-4adbbf9843c2}
[2009.12.19 19:14:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.12.25 23:48:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.12.19 19:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\foxmarks@kei.com
[2009.11.13 11:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\illimitux@illimitux.net
[2009.09.05 01:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\refractor@developer.mozilla.org
[2009.12.19 19:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\SkipScreen@SkipScreen
[2009.09.05 01:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\kzolg7vm.default\extensions\refractor@developer.mozilla.org\prism\extensions
[2010.04.25 02:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions
[2009.07.06 22:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009.07.06 22:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009.07.06 22:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.06 22:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009.07.06 22:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009.07.06 22:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.07.06 22:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009.07.06 22:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.25 12:01:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{cb282b12-df15-4702-8408-4adbbf9843c2}
[2009.07.06 22:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.07.06 22:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N_USER\Application Data\Mozilla\Firefox\Profiles\r73xakrd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.25 02:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.17 07:18:57 | 000,041,472 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\nsFlash.dll
[2010.03.16 10:54:28 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 10:54:28 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 10:54:28 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 10:54:28 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 10:54:28 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.25 01:09:29 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0614E428-E129-46FB-936C-6AF460DA6952} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: () - {4DB8675A-AA84-48F9-8E4D-4EA869D46992} - C:\WINDOWS\System32\eggbfrq.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Pidgin] C:\Programme\Base\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Documents and Settings\N_USER\Local Settings\Temp\Ssr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FireBox Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe (PreSonus Audio Electronics)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\asdns.dll (Aventail Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\asdns.dll (Aventail Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/html {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll ()
O18 - Protocol\Filter\text/plain {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\N_USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\N_USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.17 01:43:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.25 14:55:37 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\N_USER\Desktop\OTL.exe
[2010.04.25 14:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.04.25 12:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.04.25 04:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Local Settings\Application Data\ESET
[2010.04.25 03:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010.04.25 03:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.04.25 03:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.04.25 03:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.04.25 01:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.04.25 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Smart-Ads-Solutions
[2010.04.25 01:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\ezLife
[2010.04.25 01:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Application Data\CD19D8B054B188592F15DEDF451D591B
[2010.04.23 21:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2010.04.23 18:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Desktop\web-content
[2010.04.22 22:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Desktop\dfdfdfdf
[2010.04.21 18:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\KORG
[2010.04.18 21:43:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\N_USER\Recent
[2010.04.15 17:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVIcodec
[2010.04.15 00:43:19 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010.04.15 00:43:19 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010.04.15 00:43:17 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010.04.15 00:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010.04.15 00:42:39 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010.04.15 00:42:39 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010.04.15 00:42:39 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010.04.15 00:42:39 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010.04.15 00:42:39 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010.04.15 00:42:39 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010.04.15 00:42:39 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010.04.15 00:42:39 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010.04.15 00:42:39 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010.04.15 00:42:38 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010.04.15 00:42:38 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010.04.15 00:42:38 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010.04.15 00:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010.04.15 00:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Desktop\Morphologz
[2010.04.13 15:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Desktop\Film Posters
[2010.04.11 22:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Desktop\The Projects
[2010.04.11 00:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.04.07 21:09:48 | 000,095,872 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010.04.07 21:08:36 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010.04.07 21:05:12 | 000,140,216 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010.04.07 04:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.04 18:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Desktop\DJ BAG
[2010.04.02 00:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N_USER\Desktop\Rundgang 2011
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.25 15:20:06 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\pwxbdj.sys
[2010.04.25 15:13:47 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.25 15:01:12 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.25 14:55:58 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\N_USER\Desktop\OTL.exe
[2010.04.25 14:46:24 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\HijackThis.lnk
[2010.04.25 14:46:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.25 14:43:00 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-1177238915-1003UA.job
[2010.04.25 14:23:39 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.04.25 14:23:36 | 000,192,249 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.25 14:23:20 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.25 14:23:01 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.25 14:21:30 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.04.25 14:21:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.25 14:21:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.25 13:58:20 | 015,990,784 | -H-- | M] () -- C:\Documents and Settings\N_USER\NTUSER.DAT
[2010.04.25 13:58:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\N_USER\ntuser.ini
[2010.04.25 13:58:14 | 006,352,656 | -H-- | M] () -- C:\Documents and Settings\N_USER\Local Settings\Application Data\IconCache.db
[2010.04.25 03:36:27 | 000,521,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.25 03:36:27 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.25 03:36:27 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.25 02:59:08 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\N_USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.25 01:43:01 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-1177238915-1003Core.job
[2010.04.25 01:09:47 | 000,106,496 | RHS- | M] () -- C:\WINDOWS\cidrive32.exe
[2010.04.25 01:09:33 | 000,048,272 | ---- | M] () -- C:\WINDOWS\System32\jyaloemkhvn.exe
[2010.04.25 01:08:25 | 000,211,968 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
[2010.04.25 01:08:25 | 000,156,672 | ---- | M] () -- C:\WINDOWS\Smodoa.exe
[2010.04.24 23:05:42 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010.04.24 23:05:42 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010.04.24 23:05:42 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010.04.21 13:55:32 | 000,299,008 | ---- | M] () -- C:\WINDOWS\System32\eckqsnbj.dll
[2010.04.21 13:55:04 | 000,319,488 | ---- | M] () -- C:\WINDOWS\System32\xmxrprsd.dll
[2010.04.21 07:33:58 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.04.21 00:54:12 | 001,122,304 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\degeneration.indd
[2010.04.20 23:24:18 | 023,638,941 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\Untitled.pdf
[2010.04.16 19:53:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\06763060036.papatel
[2010.04.16 16:17:32 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\N_USER\Application Data\winscp.rnd
[2010.04.16 04:00:06 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\Financial Times A.K.A M0n€Y makes my world go down.omg
[2010.04.16 03:59:52 | 000,000,622 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.15 23:34:24 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\U N€€D 2 DO IT.omg
[2010.04.15 17:20:27 | 000,074,559 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\J%20Armitage%20Art%20and%20Fear%20An%20Introduction2.pdf
[2010.04.15 12:58:44 | 000,384,512 | ---- | M] () -- C:\WINDOWS\System32\spholngypolmuag.dll
[2010.04.15 03:26:05 | 028,242,447 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\5240GswEzVk.flv
[2010.04.14 13:11:20 | 000,000,400 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2010.04.13 20:55:48 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\new computer.omg
[2010.04.12 17:31:59 | 000,024,222 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\ape.zip
[2010.04.09 08:29:43 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\Artists I like.omg
[2010.04.07 21:09:48 | 000,095,872 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010.04.07 21:08:36 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010.04.07 21:05:12 | 000,140,216 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010.04.03 20:13:04 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\N_USER\Desktop\JOB.omg
[2010.03.31 08:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.25 14:46:23 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\HijackThis.lnk
[2010.04.25 02:39:07 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4DB8675A-AA84-48F9-8E4D-4EA869D46992.txt
[2010.04.25 01:59:13 | 000,005,210 | ---- | C] () -- C:\Documents and Settings\N_USER\Local Settings\Application Data\4DB8675A-AA84-48F9-8E4D-4EA869D46992.txt
[2010.04.25 01:09:51 | 000,106,496 | RHS- | C] () -- C:\WINDOWS\cidrive32.exe
[2010.04.25 01:09:33 | 000,048,272 | ---- | C] () -- C:\WINDOWS\System32\jyaloemkhvn.exe
[2010.04.25 01:09:09 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\pwxbdj.sys
[2010.04.25 01:08:56 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.25 01:08:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\Smodoa.exe
[2010.04.25 01:08:34 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.25 01:08:25 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll
[2010.04.21 13:55:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\eckqsnbj.dll
[2010.04.21 13:55:04 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\xmxrprsd.dll
[2010.04.20 23:24:03 | 023,638,941 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\Untitled.pdf
[2010.04.20 20:03:59 | 001,122,304 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\degeneration.indd
[2010.04.16 19:53:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\06763060036.papatel
[2010.04.15 17:20:27 | 000,074,559 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\J%20Armitage%20Art%20and%20Fear%20An%20Introduction2.pdf
[2010.04.15 12:58:44 | 000,384,512 | ---- | C] () -- C:\WINDOWS\System32\spholngypolmuag.dll
[2010.04.15 03:25:26 | 028,242,447 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\5240GswEzVk.flv
[2010.04.15 00:43:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.04.15 00:42:39 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010.04.15 00:42:39 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010.04.15 00:42:39 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010.04.15 00:42:39 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010.04.15 00:42:38 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010.04.15 00:42:38 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010.04.15 00:42:38 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010.04.15 00:42:38 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010.04.12 17:32:08 | 000,024,770 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\ape.wav
[2010.04.12 17:31:59 | 000,024,222 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\ape.zip
[2010.04.10 23:50:25 | 082,282,384 | ---- | C] () -- C:\Documents and Settings\N_USER\Desktop\DSCN0110.AVI
[2010.02.27 15:05:11 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2010.02.09 22:09:50 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\NSIAWM.DLL
[2010.02.09 22:09:50 | 000,000,003 | ---- | C] () -- C:\WINDOWS\MWAISN.SYS
[2009.12.18 05:46:40 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.12.17 06:58:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ccofgnt.dll
[2009.10.19 10:34:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2009.09.22 13:38:53 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.07.07 01:18:47 | 000,013,462 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2009.06.07 20:37:10 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\mulch200.ini
[2009.01.02 20:51:15 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008.08.31 18:31:32 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.08.31 18:31:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.08.31 18:31:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.31 18:31:28 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.08.31 18:31:28 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.08.21 11:01:06 | 000,000,111 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008.04.14 14:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\imvjdtfx.sys
[2008.03.27 01:34:08 | 000,000,434 | ---- | C] () -- C:\WINDOWS\FontExplorer.ini
[2007.12.26 20:05:28 | 006,791,168 | ---- | C] () -- C:\WINDOWS\System32\PSP Xenon.dll
[2007.11.17 03:02:12 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.08.24 21:39:25 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.08.16 07:58:41 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2007.08.02 19:29:17 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2007.07.03 15:42:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.07.02 18:15:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsu.dll
[2007.07.02 18:15:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibrh.dll
[2007.07.02 18:15:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibjtd.dll
[2007.07.02 18:15:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibhe.dll
[2007.07.02 18:15:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibdd.dll
[2007.07.02 18:15:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibytr.dll
[2007.07.02 18:15:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibas.dll
[2007.07.01 21:26:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2007.06.23 15:29:18 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007.06.17 04:08:23 | 008,278,016 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2007.06.17 04:08:22 | 008,151,040 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2007.04.19 13:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.04.19 13:26:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.04.19 13:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32%

cosinus · 25.04.2010, 15:08

Hallo und

Zitat:

Danach Eset Nod32 installiert (der block jetzt ständig zugriffe auf webseiten und hat zirka 15 viren/rootkits gelöscht).

Poste alle Logfiles!
Danach bitte einen Vollscan mit Malwarebytes machen und auch das Log posten.

docbot · 25.04.2010, 15:08

virus total sagt über sodoma.exe folgendes:

Zitat:

nProtect 2010-04-25.01 2010.04.25 Gen:Variant.Renos.12
Panda 10.0.2.7 2010.04.24 -
PCTools 7.0.3.5 2010.04.25 -
Prevx 3.0 2010.04.25 High Risk Fraudulent Security Program
Rising 22.44.06.04 2010.04.25 -
Sophos 4.53.0 2010.04.25 Mal/FakeAV-CX
Sunbelt 6218 2010.04.25 VirTool.Win32.Obfuscator.hg!b (v)

hab sie mittlerweile gelöscht.

docbot · 25.04.2010, 15:10

(falschen log gelöscht)

cosinus · 25.04.2010, 15:14

Ich wollte das Logfile vom Eset/nod32 eigentlich haben...denk auch an den Vollscan mit malwarebytes.

docbot · 25.04.2010, 15:17

woops sorry

25.04.2010 14:58:08 Echtzeit-Dateischutz Datei C:\WINDOWS\System32\reader_s.exe Win32/Wigon.KQ Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\Documents and Settings\N_USER\Desktop\OTL.exe.
25.04.2010 14:57:29 Echtzeit-Dateischutz Datei C:\WINDOWS\System32\eggbfrq.dll.bak Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\Documents and Settings\N_USER\Desktop\OTL.exe.
25.04.2010 14:56:57 Echtzeit-Dateischutz Datei C:\Program Files\mozilla firefox\components\ffxShot.dll Win32/Lifze.B Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\Documents and Settings\N_USER\Desktop\OTL.exe.
25.04.2010 14:51:27 Echtzeit-Dateischutz Datei C:\RECYCLER\S-1-5-21-790525478-1958367476-1177238915-1003\Dc124.exe Variante von Win32/Kryptik.DSY Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis beim Bearbeiten einer Datei durch die Anwendung: C:\WINDOWS\explorer.exe.
25.04.2010 14:26:36 Prüfung der Systemstartdateien Datei C:\WINDOWS\system\lsm.exe Variante von Win32/Kryptik.DXP Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
25.04.2010 12:04:43 Prüfung der Systemstartdateien Datei c:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
25.04.2010 12:04:43 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert NT AUTHORITY\SYSTEM Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\system32\svchost.exe.
25.04.2010 12:04:43 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert NT AUTHORITY\SYSTEM Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\system32\svchost.exe.
25.04.2010 12:04:42 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert NT AUTHORITY\SYSTEM Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\system32\svchost.exe.
25.04.2010 12:04:42 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert NT AUTHORITY\SYSTEM Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\system32\svchost.exe.
25.04.2010 12:02:59 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert NT AUTHORITY\SYSTEM Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\system32\svchost.exe.
25.04.2010 12:02:57 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\explorer.exe.
25.04.2010 12:02:43 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert NT AUTHORITY\SYSTEM Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\system32\svchost.exe.
25.04.2010 12:02:42 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\explorer.exe.
25.04.2010 12:02:33 Echtzeit-Dateischutz Datei C:\windows\system32\ifpsvahw.dll möglicherweise Variante von Win32/TrojanDownloader.Agent Trojaner Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert TEST\N_USER Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\WINDOWS\explorer.exe.
25.04.2010 12:02:27 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert NT AUTHORITY\SYSTEM Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\system32\svchost.exe.
25.04.2010 12:02:26 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\WINDOWS\Explorer.EXE.
25.04.2010 12:02:26 Echtzeit-Dateischutz Datei C:\windows\system32\eggbfrq.dll Win32/TrojanClicker.Delf.NJE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\WINDOWS\Explorer.EXE.
25.04.2010 03:27:11 Prüfung der Systemstartdateien Datei C:\Program Files\Hotspot Shield\bin\openvpnas.exe Variante von Win32/Adware.AnchorFree Anwendung Gesäubert durch Löschen - in Quarantäne kopiert TEST\N_USER

docbot · 25.04.2010, 21:02

danke für deine hilfe Cosinus!

Malewarebytes scan der C: Platte ergab folgendes.

Einmal
mbam-log-2010-04-25(18-12-50)

Zitat:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4034

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25.04.2010 18:12:50
mbam-log-2010-04-25 (18-12-50).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 188189
Time elapsed: 1 hour(s), 50 minute(s), 12 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
C:\Documents and Settings\N_USER\Local Settings\Temp\Ssr.exe (Trojan.FraudPack.Gen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\imvjdtfx (Rootkit.Agent.BO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\N_USER\Local Settings\Temp\Ssr.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
C:\Program Files\SpinAudio\3DChorus\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\SpinAudio\3DDelays\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Audio\PSPaudioware\PSP VintageWarmer\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Vsti\Fx\Reverb\Princeton Digital\princeton2016roomui\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Vsti\Synthesizers\Novation\BassStation\bassuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Vsti\Synthesizers\Novation\V-Station 1.41\vstationuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-6064990597-9404330967-624402492-5030\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{466B896F-B92B-4E85-899C-F8E2E6A6882D}\RP1\A0000045.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\cidrive32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyaloemkhvn.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\imvjdtfx.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1EE.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.

und

mbam-log-2010-04-25 (21-53-37).txt

Zitat:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4034

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

25.04.2010 21:53:37
mbam-log-2010-04-25 (21-53-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 392007
Time elapsed: 2 hour(s), 12 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DARKNESS (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Darkness (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.5.2.0 (Adware.EzLife) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\N_USER\Application Data\CD19D8B054B188592F15DEDF451D591B\hookdll.dll (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Application Data\CD19D8B054B188592F15DEDF451D591B\newupdate1142C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Desktop\download\Apps\Morpheus Photo Morpher v3.11 Portable\Morpheus Photo Morpher v3.11 Portable.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Desktop\download\music stuff\Voxengo.TransGainer.VST.v1.0.x32.x64.Incl.Keygen-AiR\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\1ED.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\583.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\935.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\955.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\b2cb5daa.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\BN1E3.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\BN1F3.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\husu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\mcillbuu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\Ssp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\Ssq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\tyysqcc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\ws6e.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.5.2.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Documents and Settings\N_USER\Local Settings\Temp\nrktcvy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\c.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\desktops.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccofgnt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_7781.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4DW4R3sv.dat (Rootkit.Agent) -> Quarantined and deleted successfully.

cosinus · 26.04.2010, 11:13

Zitat:

C:\Documents and Settings\N_USER\Desktop\download\music stuff\Voxengo.TransGainer.VST.v1.0.x32.x64.Incl.Keygen-AiR\Keygen.exe

Es ist kein Geheimnis, dass in Cracks und Keygens fast immer Malware ist!!

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

25.04.2010, 15:14	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HiJackThis Log/OTL/ Reader_s.exe welche daten sind zu retten und wie? Ich wollte das Logfile vom Eset/nod32 eigentlich haben...denk auch an den Vollscan mit malwarebytes. __________________ Logfiles bitte immer in CODE-Tags posten

HiJackThis Log/OTL/ Reader_s.exe welche daten sind zu retten und wie?

Log-Analyse und Auswertung: HiJackThis Log/OTL/ Reader_s.exe welche daten sind zu retten und wie?