|
Plagegeister aller Art und deren Bekämpfung: Kunterbunt verseuchtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.05.2010, 21:17 | #1 |
| Kunterbunt verseucht Hallo. Mein Rechner ist seit Kurzem ziemlich verseucht. Pornnude etc. , irgendwelche "Sicheitscenter" etc. Ich habe hier zwar einiges gefunden, aber nichts passte so richtig. Ich hoffe, ich verstoße nicht gegen irgendwelche Regeln. Ich muss dazu sagen, dass ich ziemlich wenig Ahnung von dem Thema habe und quasi eine Art "Hilfe für Computerdummies" brauchen könnte. Zumindest hab ich schopn mal verstanden, dass ich ein Logfile erstellen und hier posten soll. Also bitte: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:03:47 PM, on 5/1/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\avmwlanstick\WLanGUI.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinZip\WINZIP32.EXE C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\tom\newfile\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.domain.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [asrkn_pfu.exe] C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-3277955077-710526907-2169692316-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'emmaruna') O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = WinZip\WZQKPICK.EXE O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Intertops Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\IntertopsMPP\MPPoker.exe (HKCU) O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU) O13 - Gopher Prefix: O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - hxxp://www.lokalisten.de/iup/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 11088 bytes Ferner sollte ich noch erwähnen, dass ich lediglich so einen kostenlosen Schutz (Avasti= habe, was vielleicht nicht ausreichen könnte. Auch hier bin ich dankbar für nen Tip, wie ich meinen Schutz verbessern kann, ohne viel investieren zu müssen (arbeitslos). Vielen Dank. |
01.05.2010, 22:31 | #2 |
/// Helfer-Team | Kunterbunt verseucht Hi und !
__________________Avast ist als Virenschutz voll ausreichend, besser als gewisse kostenpflichtige Security-Suites. Dann schauen wir mal, was sich auf deinem Rechner so abspielt: 1.) Malwarebytes' Anti-Malware
2.) Systemscan mit OTL Lade Dir dann bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Unterlasse bitte in der nächsten Zeit größere Internetaktivitäten von deinem verseuchten Rechner aus. Denn aufgrund fehlender ServicePacks für dein Vista kann sich der Rechner schnell eine weitere "Seuche" holen.
__________________ |
02.05.2010, 11:04 | #3 |
| Kunterbunt verseucht Zunächst mal schönen Dank. Ich finde es klasse, dass es Menschen wie euch gibt, die mir hier so schnell helfen.
__________________Ich werd auch was donaten, wenn ich eine Zahlungsmöglichkeit gefunden habe, die ich auch nutzen kann. (Neteller wäre mir lieb). Hier also das file von mbam: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4058 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 5/2/2010 12:00:37 PM mbam-log-2010-05-02 (12-00-37).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152900 Laufzeit: 9 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 12 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 39 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection (Rogue.DigitalProtection) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> No action taken. HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asrkn_pfu.exe (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> No action taken. C:\Windows\PRAGMAlyrxxiwrwn (Trojan.DNSChanger) -> No action taken. Infizierte Dateien: C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe (Trojan.FakeAlert) -> No action taken. C:\Users\tom\AppData\Local\Temp\asd311D.tmp.exe (Rogue.Installer) -> No action taken. C:\Program Files\Digital Protection\about.ico (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\activate.ico (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\buy.ico (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\dig.db (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\digext.dll (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\dighook.dll (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\dighook.dll.vir (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\digprot.exe (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\digprot.exe.vir (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\help.ico (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\scan.ico (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\settings.ico (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\splash.mp3 (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\Uninstall.exe (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\update.ico (Rogue.DigitalProtection) -> No action taken. C:\Program Files\Digital Protection\virus.mp3 (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> No action taken. C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAcfg.ini (Trojan.DNSChanger) -> No action taken. C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAd.sys.vir (Trojan.DNSChanger) -> No action taken. C:\ProgramData\pragmamfeklnmal.dll (Rootkit.TDSS) -> No action taken. C:\Users\tom\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> No action taken. C:\Windows\Temp\pragmamainqt.dll (Rootkit.TDSS) -> No action taken. C:\Users\tom\AppData\Local\Temp\PRAGMA7f4d.tmp (Trojan.DNSChanger) -> No action taken. C:\Users\tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> No action taken. C:\Users\tom\Favorites\_favdata.dat (Malware.Trace) -> No action taken. C:\ProgramData\fiosejgfse.dll (Rogue.Trace) -> No action taken. C:\Users\tom\Desktop\nudetube.com.lnk (Rogue.Link) -> No action taken. C:\Users\tom\Desktop\pornotube.com.lnk (Rogue.Link) -> No action taken. C:\Users\tom\Desktop\youporn.com.lnk (Rogue.Link) -> No action taken. Und hier das (einzige), was OTL mir auswirft: OTL logfile created on: 5/2/2010 12:01:09 PM - Run 1 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\tom\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 327.35 Gb Total Space | 226.90 Gb Free Space | 69.31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM-PC Current User Name: tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SpyHunter3 Service) -- File not found SRV - (LiveUpdate Notice Ex) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = freeshowdown. Pokeranbieter im Vergleich. Pokerschule, Poker Test IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.freeshowdown.com" FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 13:18:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 11:41:29 | 000,000,000 | ---D | M] [2010/04/30 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Extensions [2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions [2010/04/30 13:15:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010/04/30 13:17:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2008/03/18 01:52:40 | 000,000,276 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\FireFox\Profiles\dzp0l3gy.default\searchplugins\search.xml [2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007/03/13 08:54:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/01/12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/03/24 14:21:08 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [asrkn_pfu.exe] C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe (Microsoft Corporation) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (Microgaming) O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe () O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range23 ([*] in Lokales Intranet) O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (isInstalled Class) O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab (Stm Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\tom\Pictures\TRLSPH.jpg O24 - Desktop BackupWallPaper: C:\Users\tom\Pictures\TRLSPH.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /p \??\K - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/02 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes [2010/05/02 11:49:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/02 11:49:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/02 11:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/02 11:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/05/01 12:48:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Simply Super Software [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Simply Super Software [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010/05/01 12:44:08 | 000,000,000 | ---D | C] -- C:\Programme\Digital Protection [2010/05/01 12:34:18 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMAlyrxxiwrwn [2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/04/30 13:18:25 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2010/04/29 08:19:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010/04/25 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Downloads [2010/04/25 15:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/04/25 15:17:30 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/04/21 11:18:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2010/04/20 16:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Player [2010/04/20 16:16:05 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe [2010/04/19 17:29:18 | 000,000,000 | ---D | C] -- C:\Linus [2010/04/14 03:11:16 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/04/14 03:11:15 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/04/14 03:11:09 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010/04/14 03:11:05 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010/04/14 03:11:05 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010/04/14 03:10:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2010/04/14 03:10:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/02 12:02:12 | 003,407,872 | -HS- | M] () -- C:\Users\tom\NTUSER.DAT [2010/05/02 12:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job [2010/05/02 11:56:40 | 000,000,544 | ---- | M] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk [2010/05/02 11:49:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/02 11:49:11 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/02 11:49:10 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/02 11:49:10 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/05/02 11:49:10 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/05/02 11:49:10 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/02 11:45:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/05/02 11:42:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/02 11:42:53 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/02 11:42:52 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/02 11:42:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/02 11:42:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/02 11:42:35 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2010/05/01 22:36:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm [2010/05/01 22:36:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2010/05/01 22:36:24 | 003,373,036 | -H-- | M] () -- C:\Users\tom\AppData\Local\IconCache.db [2010/05/01 22:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/05/01 21:35:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2010/05/01 21:35:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2010/05/01 20:56:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2010/05/01 20:56:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2010/05/01 20:05:18 | 000,001,793 | ---- | M] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk [2010/05/01 20:05:18 | 000,000,881 | ---- | M] () -- C:\Users\tom\Desktop\Digital Protection.lnk [2010/05/01 20:04:56 | 000,001,765 | ---- | M] () -- C:\Users\tom\Desktop\pornotube.com.lnk [2010/05/01 20:04:56 | 000,001,761 | ---- | M] () -- C:\Users\tom\Desktop\nudetube.com.lnk [2010/05/01 20:04:56 | 000,001,757 | ---- | M] () -- C:\Users\tom\Desktop\youporn.com.lnk [2010/05/01 13:49:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2010/05/01 13:49:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2010/05/01 13:35:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2010/05/01 13:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2010/05/01 12:57:13 | 000,001,048 | ---- | M] () -- C:\ProgramData\fiosejgfse.dll [2010/05/01 12:48:49 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010/05/01 12:34:20 | 000,001,161 | ---- | M] () -- C:\ProgramData\pragmamfeklnmal.dll [2010/05/01 11:57:54 | 000,002,531 | ---- | M] () -- C:\Users\tom\Desktop\HoldemManager.lnk [2010/05/01 00:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2010/05/01 00:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2010/04/30 13:18:27 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010/04/30 13:18:27 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/04/30 09:37:58 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/30 00:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2010/04/30 00:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 00:38:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2010/04/29 00:38:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/04/28 13:07:33 | 000,002,545 | ---- | M] () -- C:\Users\tom\Desktop\Paint Shop Pro 7.lnk [2010/04/27 23:30:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2010/04/27 23:30:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2010/04/26 22:55:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2010/04/26 22:55:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2010/04/26 01:55:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2010/04/26 01:55:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2010/04/25 15:18:55 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010/04/25 01:26:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2010/04/25 01:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2010/04/24 01:20:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2010/04/24 01:20:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2010/04/23 00:53:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2010/04/23 00:53:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2010/04/21 20:50:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2010/04/21 20:50:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2010/04/20 12:19:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2010/04/20 12:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2010/04/20 12:14:34 | 000,029,184 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/20 00:21:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2010/04/20 00:21:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2010/04/19 20:22:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2010/04/19 17:06:16 | 000,178,176 | ---- | M] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc [2010/04/19 01:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2010/04/19 01:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2010/04/18 00:31:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2010/04/18 00:31:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2010/04/17 18:28:33 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/16 23:59:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm [2010/04/16 23:59:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2010/04/14 17:06:38 | 000,001,704 | ---- | M] () -- C:\Users\tom\Desktop\WinTer.LNK [2010/04/14 13:11:08 | 000,022,016 | ---- | M] () -- C:\Users\tom\Documents\meisner1.doc [2010/04/14 13:03:51 | 000,020,480 | ---- | M] () -- C:\Users\tom\Documents\meisner3.doc [2010/04/14 11:00:41 | 000,002,208 | ---- | M] () -- C:\Users\tom\Kalender von tom.ics [2010/04/13 08:48:37 | 000,019,968 | ---- | M] () -- C:\Users\tom\Documents\meisner2.doc [2010/04/12 14:50:50 | 000,002,048 | ---- | M] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF [2010/04/10 13:09:08 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/02 11:56:40 | 000,000,544 | ---- | C] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk [2010/05/02 11:49:46 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 20:05:18 | 000,001,793 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk [2010/05/01 20:05:18 | 000,000,881 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection.lnk [2010/05/01 20:04:56 | 000,001,765 | ---- | C] () -- C:\Users\tom\Desktop\pornotube.com.lnk [2010/05/01 20:04:56 | 000,001,761 | ---- | C] () -- C:\Users\tom\Desktop\nudetube.com.lnk [2010/05/01 12:50:46 | 000,001,048 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll [2010/05/01 12:48:49 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010/05/01 12:48:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010/05/01 12:48:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010/05/01 12:48:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010/05/01 12:48:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2010/05/01 12:44:02 | 000,001,757 | ---- | C] () -- C:\Users\tom\Desktop\youporn.com.lnk [2010/05/01 12:34:20 | 000,001,161 | ---- | C] () -- C:\ProgramData\pragmamfeklnmal.dll [2010/04/30 13:18:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010/04/30 13:18:27 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/04/30 09:37:58 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/25 15:18:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010/04/19 17:02:04 | 000,178,176 | ---- | C] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc [2010/04/17 18:28:33 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/14 17:06:38 | 000,001,704 | ---- | C] () -- C:\Users\tom\Desktop\WinTer.LNK [2010/04/14 11:00:41 | 000,002,208 | ---- | C] () -- C:\Users\tom\Kalender von tom.ics [2010/04/13 08:48:48 | 000,020,480 | ---- | C] () -- C:\Users\tom\Documents\meisner3.doc [2010/04/13 08:35:11 | 000,019,968 | ---- | C] () -- C:\Users\tom\Documents\meisner2.doc [2010/04/13 08:22:16 | 000,022,016 | ---- | C] () -- C:\Users\tom\Documents\meisner1.doc [2010/04/12 14:50:50 | 000,002,048 | ---- | C] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF [2010/04/10 13:09:08 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2009/01/05 00:49:17 | 000,000,046 | ---- | C] () -- C:\Windows\winter.ini [2008/11/20 13:40:44 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008/08/24 20:23:41 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll [2008/08/24 20:23:41 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008/08/24 20:23:40 | 000,000,550 | ---- | C] () -- C:\Windows\Uninstall Terminplaner.ini [2008/06/24 18:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2008/05/17 03:01:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008/03/18 11:43:07 | 000,000,328 | ---- | C] () -- C:\Windows\wininit.ini [2008/02/14 02:30:57 | 000,000,767 | ---- | C] () -- C:\Windows\ODBC.INI [2008/02/13 20:38:18 | 000,001,699 | ---- | C] () -- C:\Windows\PartyGrabber.ini [2007/03/13 08:58:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2007/02/13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001/07/13 08:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI [1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp3.eml:OECustomProperty @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp2.eml:OECustomProperty @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp1.eml:OECustomProperty @Alternate Data Stream - 81 bytes -> C:\Program Files\DoylesRoom:MID @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Simply Super Software:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\PacificPoker:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\LongsSHCTrainerV0.9.18[1]:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\kaan.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Fibu:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\fb.bmp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Eigene Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Camtasia Studio:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\WebTools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Tools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\spiele:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Seltene Anwendungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerTools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerRooms:Roxio EMC Stream @Alternate Data Stream - 590 bytes -> C:\Users\tom\Documents\april08.eml:OECustomProperty @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0A96209 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
02.05.2010, 11:17 | #4 | |
/// Helfer-Team | Kunterbunt verseuchtZitat:
Erstell mir danach bitte ein neues OTL-Log. In diesem sind die ganzen Funde von Malwarebytes noch enthalten. Geändert von StLB (02.05.2010 um 11:29 Uhr) |
02.05.2010, 11:53 | #5 |
| Kunterbunt verseucht done Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4058 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 5/2/2010 12:54:59 PM mbam-log-2010-05-02 (12-54-59).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152900 Laufzeit: 9 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 12 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 39 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asrkn_pfu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Windows\PRAGMAlyrxxiwrwn (Trojan.DNSChanger) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Local\Temp\asd311D.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\about.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\activate.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\buy.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\dig.db (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\digext.dll (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\dighook.dll (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\dighook.dll.vir (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\digprot.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\digprot.exe.vir (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\help.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\scan.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\settings.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\splash.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\Uninstall.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\update.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\virus.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAd.sys.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\ProgramData\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Local\Temp\PRAGMA7f4d.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Users\tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Users\tom\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\ProgramData\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully. C:\Users\tom\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Users\tom\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Users\tom\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. |
02.05.2010, 12:11 | #6 |
/// Helfer-Team | Kunterbunt verseucht Ok, erstell mir bitte jetzt ein neues OTL-Logfile, um zu sehen ob das Rootkit noch da ist.
__________________ --> Kunterbunt verseucht |
02.05.2010, 12:25 | #7 |
| Kunterbunt verseucht OK. Bevor ich das OTL-Log poste wollte ich noch anmerken, dass sich beim Start meines Rechner jetzt immer ein "Mcafee security scan" öffnet, von dem ich nicht weiß, wo der herkommt. OTL logfile created on: 5/2/2010 1:22:02 PM - Run 2 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\tom\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 327.35 Gb Total Space | 227.08 Gb Free Space | 69.37% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM-PC Current User Name: tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SpyHunter3 Service) -- File not found SRV - (LiveUpdate Notice Ex) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freeshowdown.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.freeshowdown.com" FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 13:14:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 11:41:29 | 000,000,000 | ---D | M] [2010/04/30 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Extensions [2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions [2010/04/30 13:15:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010/04/30 13:17:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2008/03/18 01:52:40 | 000,000,276 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\FireFox\Profiles\dzp0l3gy.default\searchplugins\search.xml [2010/05/02 13:14:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007/03/13 08:54:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/01/12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/03/24 14:21:08 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (Microgaming) O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe () O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range23 ([*] in Lokales Intranet) O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (isInstalled Class) O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab (Stm Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\tom\Pictures\TRLSPH.jpg O24 - Desktop BackupWallPaper: C:\Users\tom\Pictures\TRLSPH.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /p \??\K - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/02 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes [2010/05/02 11:49:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/02 11:49:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/02 11:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/02 11:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/05/01 12:48:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Simply Super Software [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Simply Super Software [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/04/30 13:18:25 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2010/04/29 08:19:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010/04/25 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Downloads [2010/04/25 15:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/04/25 15:17:30 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/04/21 11:18:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2010/04/20 16:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Player [2010/04/20 16:16:05 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe [2010/04/19 17:29:18 | 000,000,000 | ---D | C] -- C:\Linus [2010/04/14 03:11:16 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/04/14 03:11:15 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/04/14 03:11:09 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010/04/14 03:11:05 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010/04/14 03:11:05 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010/04/14 03:10:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2010/04/14 03:10:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/02 13:21:58 | 003,407,872 | -HS- | M] () -- C:\Users\tom\NTUSER.DAT [2010/05/02 13:08:11 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010/05/02 13:08:11 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/05/02 13:02:12 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/02 13:02:12 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/05/02 13:02:12 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/02 13:02:12 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/05/02 13:02:12 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/02 13:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job [2010/05/02 12:59:58 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/05/02 12:59:10 | 000,002,531 | ---- | M] () -- C:\Users\tom\Desktop\HoldemManager.lnk [2010/05/02 12:57:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/02 12:57:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/02 12:57:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/02 12:57:28 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/02 12:57:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/02 12:57:14 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2010/05/02 12:56:07 | 003,254,549 | -H-- | M] () -- C:\Users\tom\AppData\Local\IconCache.db [2010/05/02 12:56:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm [2010/05/02 12:56:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2010/05/02 12:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/05/02 11:56:40 | 000,000,544 | ---- | M] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk [2010/05/02 11:49:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 22:36:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm [2010/05/01 22:36:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2010/05/01 21:35:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2010/05/01 21:35:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2010/05/01 20:56:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2010/05/01 20:56:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2010/05/01 20:05:18 | 000,001,793 | ---- | M] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk [2010/05/01 13:49:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2010/05/01 13:49:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2010/05/01 13:35:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2010/05/01 13:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2010/05/01 12:48:49 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010/05/01 00:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2010/05/01 00:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2010/04/30 09:37:58 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/30 00:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2010/04/30 00:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 00:38:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2010/04/29 00:38:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/04/28 13:07:33 | 000,002,545 | ---- | M] () -- C:\Users\tom\Desktop\Paint Shop Pro 7.lnk [2010/04/27 23:30:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2010/04/27 23:30:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2010/04/26 22:55:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2010/04/26 22:55:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2010/04/26 01:55:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2010/04/26 01:55:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2010/04/25 15:18:55 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010/04/25 01:26:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2010/04/25 01:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2010/04/24 01:20:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2010/04/24 01:20:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2010/04/23 00:53:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2010/04/23 00:53:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2010/04/21 20:50:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2010/04/21 20:50:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2010/04/20 12:19:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2010/04/20 12:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2010/04/20 12:14:34 | 000,029,184 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/20 00:21:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2010/04/20 00:21:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2010/04/19 20:22:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2010/04/19 17:06:16 | 000,178,176 | ---- | M] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc [2010/04/19 01:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2010/04/19 01:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2010/04/18 00:31:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2010/04/18 00:31:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2010/04/17 18:28:33 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/14 17:06:38 | 000,001,704 | ---- | M] () -- C:\Users\tom\Desktop\WinTer.LNK [2010/04/14 13:11:08 | 000,022,016 | ---- | M] () -- C:\Users\tom\Documents\meisner1.doc [2010/04/14 13:03:51 | 000,020,480 | ---- | M] () -- C:\Users\tom\Documents\meisner3.doc [2010/04/14 11:00:41 | 000,002,208 | ---- | M] () -- C:\Users\tom\Kalender von tom.ics [2010/04/13 08:48:37 | 000,019,968 | ---- | M] () -- C:\Users\tom\Documents\meisner2.doc [2010/04/12 14:50:50 | 000,002,048 | ---- | M] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF [2010/04/10 13:09:08 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/02 11:56:40 | 000,000,544 | ---- | C] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk [2010/05/02 11:49:46 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 20:05:18 | 000,001,793 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk [2010/05/01 12:48:49 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010/05/01 12:48:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010/05/01 12:48:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010/05/01 12:48:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010/05/01 12:48:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2010/04/30 13:18:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010/04/30 13:18:27 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/04/30 09:37:58 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/25 15:18:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010/04/19 17:02:04 | 000,178,176 | ---- | C] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc [2010/04/17 18:28:33 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/14 17:06:38 | 000,001,704 | ---- | C] () -- C:\Users\tom\Desktop\WinTer.LNK [2010/04/14 11:00:41 | 000,002,208 | ---- | C] () -- C:\Users\tom\Kalender von tom.ics [2010/04/13 08:48:48 | 000,020,480 | ---- | C] () -- C:\Users\tom\Documents\meisner3.doc [2010/04/13 08:35:11 | 000,019,968 | ---- | C] () -- C:\Users\tom\Documents\meisner2.doc [2010/04/13 08:22:16 | 000,022,016 | ---- | C] () -- C:\Users\tom\Documents\meisner1.doc [2010/04/12 14:50:50 | 000,002,048 | ---- | C] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF [2010/04/10 13:09:08 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2009/01/05 00:49:17 | 000,000,046 | ---- | C] () -- C:\Windows\winter.ini [2008/11/20 13:40:44 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008/08/24 20:23:41 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll [2008/08/24 20:23:41 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008/08/24 20:23:40 | 000,000,550 | ---- | C] () -- C:\Windows\Uninstall Terminplaner.ini [2008/06/24 18:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2008/05/17 03:01:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008/03/18 11:43:07 | 000,000,328 | ---- | C] () -- C:\Windows\wininit.ini [2008/02/14 02:30:57 | 000,000,767 | ---- | C] () -- C:\Windows\ODBC.INI [2008/02/13 20:38:18 | 000,001,699 | ---- | C] () -- C:\Windows\PartyGrabber.ini [2007/03/13 08:58:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2007/02/13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001/07/13 08:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI [1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp3.eml:OECustomProperty @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp2.eml:OECustomProperty @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp1.eml:OECustomProperty @Alternate Data Stream - 81 bytes -> C:\Program Files\DoylesRoom:MID @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Simply Super Software:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\PacificPoker:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\LongsSHCTrainerV0.9.18[1]:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\kaan.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Fibu:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\fb.bmp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Eigene Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Camtasia Studio:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\WebTools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Tools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\spiele:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Seltene Anwendungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerTools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerRooms:Roxio EMC Stream @Alternate Data Stream - 590 bytes -> C:\Users\tom\Documents\april08.eml:OECustomProperty @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0A96209 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
02.05.2010, 13:01 | #8 |
/// Helfer-Team | Kunterbunt verseucht Ok, das sieht nicht schlecht aus. McAfee hast du dir wsl. selber runtergeladen. Bitte folgende Programme entfernen: (Start -> Systemsteuerung -> "Programme und Funktionen") - McAfee Security Scan - Simply Super Software - Trojan Remover Die sind erstmal überflüssig, wenn du Avast hast. Dann entfernen wir ein paar Punkte aus dem OTL-Log: Fixen mit OTL
Code:
ATTFilter :OTL O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - gopher Prefix: missing O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found [2010/05/01 20:05:18 | 000,001,793 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk :Services :Reg :Files :Commands [purity] [emptytemp]
Nun bitte einen Rootkitscan mit GMER durchführen, evtl. ist das TDSS.Rootkit noch nicht ganz entfernt. Poste mit bitte: - Logfile von "Fixen mit OTL" - Logfile von GMER |
02.05.2010, 17:06 | #9 |
| Kunterbunt verseucht Es gibt einige Probleme: 1. Simply super Software finde ich unter "Programme" in der Systemsteuerung nicht. 2. Ich habe den Text eingefügt (OTL) und dann Run Fix geklickt. Es tut sich zwar was (alle desktop icons verschwinden), aber dann passiert nix mehr. Wenn ich OTL schließen will, steht da nur (keine Rückmeldung). 3. Dann bleibt nur die Möglichkeit, den Rechner mit Gewalt runterzufahren. 4. Eine Textdadei erscheint dann nicht nach dem Neustart. Habe jetzt nochmals einfach Run Scan gemacht und angefügt. OTL logfile created on: 5/2/2010 5:07:34 PM - Run 3 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\tom\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 327.35 Gb Total Space | 227.83 Gb Free Space | 69.60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM-PC Current User Name: tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () ========== Modules (SafeList) ========== MOD - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SpyHunter3 Service) -- File not found SRV - (LiveUpdate Notice Ex) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freeshowdown.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.freeshowdown.com" FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 13:14:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 11:41:29 | 000,000,000 | ---D | M] [2010/04/30 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Extensions [2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions [2010/04/30 13:15:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010/04/30 13:17:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/04/30 13:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2008/03/18 01:52:40 | 000,000,276 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\FireFox\Profiles\dzp0l3gy.default\searchplugins\search.xml [2010/05/02 13:14:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007/03/13 08:54:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/01/12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/03/24 14:21:08 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (Microgaming) O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe () O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range23 ([*] in Lokales Intranet) O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (isInstalled Class) O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab (Stm Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\tom\Pictures\TRLSPH.jpg O24 - Desktop BackupWallPaper: C:\Users\tom\Pictures\TRLSPH.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\K - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/02 16:54:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010/05/02 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes [2010/05/02 11:49:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/02 11:49:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/02 11:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/02 11:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/04/29 08:19:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010/04/25 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Downloads [2010/04/25 15:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/04/25 15:17:30 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/04/21 11:18:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2010/04/20 16:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Player [2010/04/20 16:16:05 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe [2010/04/19 17:29:18 | 000,000,000 | ---D | C] -- C:\Linus [2010/04/14 03:11:16 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/04/14 03:11:15 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/04/14 03:11:09 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010/04/14 03:11:05 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010/04/14 03:11:05 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010/04/14 03:10:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2010/04/14 03:10:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/02 17:08:48 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/05/02 17:08:48 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/02 17:08:48 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/05/02 17:08:48 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/02 17:08:47 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/02 17:07:39 | 003,407,872 | -HS- | M] () -- C:\Users\tom\NTUSER.DAT [2010/05/02 17:04:52 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/05/02 17:02:28 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/02 17:02:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/02 17:02:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/02 17:02:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/02 17:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/02 17:01:57 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2010/05/02 17:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job [2010/05/02 16:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/05/02 12:59:10 | 000,002,531 | ---- | M] () -- C:\Users\tom\Desktop\HoldemManager.lnk [2010/05/02 12:56:07 | 003,254,549 | -H-- | M] () -- C:\Users\tom\AppData\Local\IconCache.db [2010/05/02 12:56:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm [2010/05/02 12:56:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2010/05/02 11:56:40 | 000,000,544 | ---- | M] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk [2010/05/02 11:49:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 22:36:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm [2010/05/01 22:36:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2010/05/01 21:35:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2010/05/01 21:35:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2010/05/01 20:56:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2010/05/01 20:56:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2010/05/01 13:49:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2010/05/01 13:49:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2010/05/01 13:35:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2010/05/01 13:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2010/05/01 00:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2010/05/01 00:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2010/04/30 09:37:58 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/30 00:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2010/04/30 00:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 00:38:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2010/04/29 00:38:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/04/28 13:07:33 | 000,002,545 | ---- | M] () -- C:\Users\tom\Desktop\Paint Shop Pro 7.lnk [2010/04/27 23:30:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2010/04/27 23:30:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2010/04/26 22:55:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2010/04/26 22:55:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2010/04/26 01:55:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2010/04/26 01:55:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2010/04/25 15:18:55 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010/04/25 01:26:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2010/04/25 01:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2010/04/24 01:20:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2010/04/24 01:20:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2010/04/23 00:53:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2010/04/23 00:53:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2010/04/21 20:50:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2010/04/21 20:50:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2010/04/20 12:19:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2010/04/20 12:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2010/04/20 12:14:34 | 000,029,184 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/20 00:21:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2010/04/20 00:21:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2010/04/19 20:22:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2010/04/19 17:06:16 | 000,178,176 | ---- | M] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc [2010/04/19 01:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2010/04/19 01:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2010/04/18 00:31:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2010/04/18 00:31:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2010/04/17 18:28:33 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/14 17:06:38 | 000,001,704 | ---- | M] () -- C:\Users\tom\Desktop\WinTer.LNK [2010/04/14 13:11:08 | 000,022,016 | ---- | M] () -- C:\Users\tom\Documents\meisner1.doc [2010/04/14 13:03:51 | 000,020,480 | ---- | M] () -- C:\Users\tom\Documents\meisner3.doc [2010/04/14 11:00:41 | 000,002,208 | ---- | M] () -- C:\Users\tom\Kalender von tom.ics [2010/04/13 08:48:37 | 000,019,968 | ---- | M] () -- C:\Users\tom\Documents\meisner2.doc [2010/04/12 14:50:50 | 000,002,048 | ---- | M] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF [2010/04/10 13:09:08 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/02 11:56:40 | 000,000,544 | ---- | C] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk [2010/05/02 11:49:46 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/30 09:37:58 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/25 15:18:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010/04/19 17:02:04 | 000,178,176 | ---- | C] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc [2010/04/17 18:28:33 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/14 17:06:38 | 000,001,704 | ---- | C] () -- C:\Users\tom\Desktop\WinTer.LNK [2010/04/14 11:00:41 | 000,002,208 | ---- | C] () -- C:\Users\tom\Kalender von tom.ics [2010/04/13 08:48:48 | 000,020,480 | ---- | C] () -- C:\Users\tom\Documents\meisner3.doc [2010/04/13 08:35:11 | 000,019,968 | ---- | C] () -- C:\Users\tom\Documents\meisner2.doc [2010/04/13 08:22:16 | 000,022,016 | ---- | C] () -- C:\Users\tom\Documents\meisner1.doc [2010/04/12 14:50:50 | 000,002,048 | ---- | C] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF [2010/04/10 13:09:08 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2009/01/05 00:49:17 | 000,000,046 | ---- | C] () -- C:\Windows\winter.ini [2008/11/20 13:40:44 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008/08/24 20:23:41 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll [2008/08/24 20:23:41 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008/08/24 20:23:40 | 000,000,550 | ---- | C] () -- C:\Windows\Uninstall Terminplaner.ini [2008/06/24 18:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2008/05/17 03:01:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008/03/18 11:43:07 | 000,000,328 | ---- | C] () -- C:\Windows\wininit.ini [2008/02/14 02:30:57 | 000,000,767 | ---- | C] () -- C:\Windows\ODBC.INI [2008/02/13 20:38:18 | 000,001,699 | ---- | C] () -- C:\Windows\PartyGrabber.ini [2007/03/13 08:58:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2007/02/13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001/07/13 08:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI [1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp3.eml:OECustomProperty @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp2.eml:OECustomProperty @Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp1.eml:OECustomProperty @Alternate Data Stream - 81 bytes -> C:\Program Files\DoylesRoom:MID @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\PacificPoker:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\LongsSHCTrainerV0.9.18[1]:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\kaan.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Fibu:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\fb.bmp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Eigene Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Camtasia Studio:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\WebTools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Tools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\spiele:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Seltene Anwendungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerTools:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerRooms:Roxio EMC Stream @Alternate Data Stream - 590 bytes -> C:\Users\tom\Documents\april08.eml:OECustomProperty @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0A96209 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Hab mir nun GMER runtergeladen. Nach 5 Minuten Rootkit Scan ruckelt der Rechner, der Task manager lässt sich nicht öffnen, GMER schließt nicht. Kann auch hier nur noch gewaltsam runterfahren. Vielleicht ist das auch gar nicht GMER. Nennt sich 0t92vrc6.exe Sorry, wenn ich das alles kompliziere, weil ich zu blöd bin. |
03.05.2010, 19:38 | #11 |
/// Helfer-Team | Kunterbunt verseucht Bitte mal diesen Rootkit-Scan probieren: Rootkitscan mit Sophos Anti-Rootkit
|
03.05.2010, 21:58 | #12 |
| Kunterbunt verseucht Hab leider übersehen, dass ich als admin öffnen sollte. Habs dann aber erst mal durchlaufen lassen. Falls ich das nochmals als admin machen muss, tuts mir leid und ich machs nochmals. Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc Started logging on 03.05.2010 at 21:35:50 User "tom" on computer "TOM-PC" Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32 Info: Starting process scan. Info: Starting registry scan. Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409 Info: Starting disk scan of C: (NTFS). Hidden: file C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL8T7XN7\size=300x250&adsize=310x170&adsize=300x120&pageview=ng_outer&pageview=vi_repeated&tile=5107747915717197012345678910ab&trans actionID=5107747915717197012345678910ab[1] Hidden: file C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10B9TUCV\s[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_repeated&tile=5107747915717197012345678910ab&transactionID=510774791571719701 2345678910ab Stopped logging on 03.05.2010 at 22:55:10 |
Themen zu Kunterbunt verseucht |
adobe, antivirus, avast, avast!, bho, defender, desktop, explorer, google, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, logfile, malware, nudetupe, packard bell, rundll, schutz, security, security scan, server, software, start menu, stick, symantec, system, temp, vista, wenig ahnung, windows |